public function login($sUsername, $sPassword)
{
$oUser = UserQuery::create()->filterByUsername($sUsername)->findOne();
if ($oUser === null) {
$oUser = UserQuery::create()->filterByEmail($sUsername)->find();
if (count($oUser) === 1) {
$oUser = $oUser[0];
} else {
return 0;
}
}
if (!PasswordHash::comparePassword($sPassword, $oUser->getPassword())) {
if (PasswordHash::comparePasswordFallback($sPassword, $oUser->getPassword())) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
return $this->login($sUsername, $sPassword);
}
if ($oUser->getPassword() === '*') {
return self::USER_NEEDS_PASSWORD_RESET;
}
return 0;
}
if ($oUser->getDigestHA1() === null && Settings::getSetting('security', 'generate_digest_secrets', false) === true) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
}
return $this->loginUser($oUser);
}
public function testSimplePasswordCheckFallback()
{
$sPassword = <<<EOT
myTestPassword
EOT;
$this->assertSame(true, PasswordHash::comparePasswordFallback($sPassword, md5($sPassword)));
}
