function test_validPassword() { $result = PasswordUtils::testPassword("longPasswordlongPassword"); $this->assertEquals($result, "Password cannot be longer than 20 characters."); $result = PasswordUtils::testPassword("password"); $this->assertEquals($result, "Password must have at least one number."); $result = PasswordUtils::testPassword("123456789"); $this->assertEquals($result, "Password must have at least one letter."); }
/** * function to verify a password * * @param string $pPassword * @return boolean */ public function verifyPassword($pPassword) { $lHash = PasswordUtils::salt_password(md5($pPassword), $this->getSalt()); if ($lHash === $this->getPasswordhash()) { return true; } else { return false; } }
function makePasswordChange($db, $newPassword, $salt, $id) { $query = "\n UPDATE user\n SET\n password = :password\n WHERE\n _id = :id\n "; $query_params = array(':password' => PasswordUtils::hashPassword($newPassword, $salt), ':id' => $id); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
function saveRegistration($post, $db) { // Store the results into the users table. $query = "\n INSERT INTO user (\n email,\n password,\n password_salt,\n first_name,\n last_name,\n user_type_id,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :first_name,\n :last_name,\n :user_type_id,\n :picture_url\n )"; // Security measures $salt = PasswordUtils::generatePasswordSalt(); $password = PasswordUtils::hashPassword($post['password'], $salt); $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':user_type_id' => '1', ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png'); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
public function forgotPasswordModel($forgotPasswordForm) { $formObjRaw = new FormDTO(FORGOT_PWD_FORM, $forgotPasswordForm); $responseDTO = new ResponseDTO(FORGOT_PWD_FORM); try { $formDataObj = $formObjRaw->getFormData(); $validator = new FormValidator(FORGOT_PWD_FORM, $formDataObj); $validationError = $validator->checkAll(); if (sizeof($validationError) == 0) { $userDAO = new UserDAO(); $userDTO = $userDAO->getUserByEmail($formDataObj[FORGOT_PWD_FORM . EMAIL]); if (is_null($userDTO)) { $responseDTO->setErrField(ERROR_RESPONSE, "Nessun user presente con questa mail"); } else { $newPassword = PasswordUtils::createRandomicPassword(); $userDTO->setPassword($newPassword); $resultMail = DataModelUtils::sendMail($userDTO, FORGOT_PWD_FORM); $hashedPwd = PasswordUtils::getPassword($newPassword); $userDTO->setPassword($hashedPwd); $result = $userDAO->updateUserPassword($userDTO); if ($result != 1) { $responseDTO->setErrField(ERROR_RESPONSE, "Problema nel cambio della password"); } else { $responseDTO->setResponseSucc("Verra mandata una mail con una nuova password all'indirizzo " . $userDTO->getEmail()); } } } else { if (array_key_exists(EMAIL, $validationError)) { $responseDTO->setErrField(EMAIL, $validationError[EMAIL]); } SessionUtils::setFormValue($formDataObj); } return $responseDTO; } catch (PDOException $pdoe) { throw $pdoe; } catch (Exception $e) { throw $e; } }
include_once 'AutoLoader.php'; AutoLoader::registerDirectory('src/classes'); require "src/config.php"; if (!empty($_POST)) { $email = htmlspecialchars($_POST['email']); $query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $email); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword($_POST['password'], $row['salt']); if ($check_password == $row['password']) { if ($row['active_user'] == 0) { $message = "You must activate your account first."; } else { unset($row['salt']); unset($row['password']); $_SESSION['user'] = $row; if ($row['info_added'] == 0) { switch ($row['user_type_id']) { case 3: // nurse header("Location: src/nurse_info.php"); die("Redirecting to: src/nurse_info.php"); break; case 2:
die("Redirecting to index.php"); } else { if (!empty($_POST) && $changer->checkFieldsCorrect($_POST)) { $query = "\n SELECT *\n FROM users\n WHERE\n email = :email\n "; $query_params = array(':email' => $user['email']); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword($_POST['current_password'], $row['salt']); if (PasswordUtils::checkMatchingPasswords($check_password, $row['password'])) { $changer->errorMessage = PasswordUtils::testPassword($_POST['new_password']); if (empty($changer->errorMessage)) { $changer->makePasswordChange($db, $_POST['new_password'], $row['salt'], $row['id']); $changer->success = "Password changed successfully."; } } else { $changer->errorMessage = "Incorrect password."; } } } } ?> <!doctype html> <html lang="en"> <head>
function saveRegistration($post, $hash, $db) { // Store the results into the users table. $query = "\n INSERT INTO users (\n email,\n password,\n salt,\n user_type_id,\n hash,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :user_type_id,\n :hash,\n :picture_url\n )\n "; // Security measures $salt = PasswordUtils::generatePasswordSalt(); $password = PasswordUtils::hashPassword($post['password'], $salt); $query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':user_type_id' => $post['user_type_id'], ':hash' => $hash, ':picture_url' => 'http://walphotobucket.s3.amazonaws.com/default.jpg'); try { $stmt = $db->prepare($query); $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } }
AutoLoader::registerDirectory('../src/classes'); require "config.php"; require "MailFiles/PHPMailerAutoload.php"; $fp = new ForgotPassword(); if (!empty($_POST)) { // Check if the email is recognized. $fp->checkEmail($_POST['email'], $db); // If the email was recognized, generate a new password and send an email. if (empty($fp->noEmail) && !empty($_POST['challenge_question_answer'])) { if ($fp->checkAnswer(htmlspecialchars($_POST['challenge_question_answer']))) { $newPassword = PasswordUtils::generateNewPassword(); if ($fp->sendNewPassword($newPassword)) { $fp->success = "An email has been sent to the address that you provided. " . "Use the password included in the email to log in."; // Hash the new password and update the tables. $newSalt = PasswordUtils::generatePasswordSalt(); $newPassword = PasswordUtils::hashPassword($newPassword, $newSalt); $fp->updateTables($newPassword, $newSalt, $db); } else { $fp->registrationFailure = "Verification email could not be sent. Please try again later."; } } } } ?> <!doctype html> <html lang="en"> <head> <style>.error {color: #FF0000;}</style> <style>.success {color: #00FF00;</style> <meta charset="utf-8">
/** * Checks entered password matches the hash * @param $password string password that the user supplied * @param $expected string hash from storage (eg. from your database) * @return bool whether or not the password matched or not */ public function checkPassword($password, $expected) { return PasswordUtils::compare(crypt($password, $expected), $expected); }
include_once '../AutoLoader.php'; AutoLoader::registerDirectory('../src/classes'); require "config.php"; if (!empty($_POST) && isset($_POST['submitButton'])) { $email = $_SESSION['user']['email']; $query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $email); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword(htmlspecialchars($_POST['password']), $row['salt']); if ($check_password == $row['password']) { $query = "\r\n DELETE\r\n FROM users\r\n WHERE\r\n email = :email\r\n "; $query_params = array(':email' => $_SESSION['user']['email']); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } unset($_SESSION['user']); $success = "Account deleted."; } else { $error = "Incorrect password."; } } else {
function changeUserPwdModel($pwdForm) { $formObjRaw = new FormDTO(CHANGE_PWD_FORM, $pwdForm); $responseDTO = new ResponseDTO(CHANGE_PWD_FORM); try { $formDataObj = $formObjRaw->getFormData(); $validator = new FormValidator(CHANGE_PWD_FORM, $formDataObj); $validationError = $validator->checkAll(); if (sizeof($validationError) == 0) { $userLogged = SessionUtils::getUserLogged(); $hashedPwd = PasswordUtils::getPassword($formDataObj[CHANGE_PWD_FORM . PASSWORD]); $userDTO = new UserDTO($userLogged->getUserId(), NULL, $hashedPwd, NULL, NULL, NULL, NULL, NULL); $userDAO = new UserDAO(); $userLoggedDTO = $userDAO->checkPassword($userDTO); if (is_null($userLoggedDTO)) { $responseDTO->setResponseSucc("Questa password non esiste"); return $responseDTO; } $hashedPwd = PasswordUtils::getPassword($formDataObj[CHANGE_PWD_FORM . NEW_PASSWORD]); $userDTO->setPassword($hashedPwd); $userPwdUpdated = $userDAO->updateUserPassword($userDTO); return $userDTO; } else { if (array_key_exists(PASSWORD, $validationError)) { $responseDTO->setErrField(PASSWORD, $validationError[PASSWORD]); } if (array_key_exists(NEW_PASSWORD, $validationError)) { $responseDTO->setErrField(NEW_PASSWORD, $validationError[NEW_PASSWORD]); } if (array_key_exists(CONFIRM_PASSWORD, $validationError)) { $responseDTO->setErrField(CONFIRM_PASSWORD, $validationError[CONFIRM_PASSWORD]); } // var_dump($validationError); // var_dump($responseDTO);die; } return $responseDTO; } catch (PDOException $pdoe) { throw $pdoe; } catch (UserNotAuthenticatedExceptionDTO $authExp) { throw $authExp; } catch (Exception $e) { throw $e; } }
<?php include_once '../AutoLoader.php'; AutoLoader::registerDirectory('../src/classes'); require "config.php"; require "MailFiles/PHPMailerAutoload.php"; $realPassword = PasswordUtils::generateNewPassword(); $passwordSalt = PasswordUtils::generatePasswordSalt(); $hashedPassword = PasswordUtils::hashPassword($realPassword, $passwordSalt); $email = $_POST['email']; $created_by_id = $_SESSION['user']['_id']; if (!empty($_POST['manager'])) { $created_by_id = $_POST['manager']; } $insertStatement = "INSERT INTO user\n\t\t\t\t\t(`user_type_id`, `created_by_id`, `password`, `password_salt`, `first_name`, `last_name`, `email`, `picture_url`) \n\t\t\t\t\tVALUES (:user_type_id,:created_by_id, :password,:password_salt,:first_name,:last_name,:email,:picture_url)"; $insertParams = array(':user_type_id' => $_POST['user_type_id'], ':created_by_id' => $created_by_id, ':password' => $hashedPassword, ':password_salt' => $passwordSalt, ':first_name' => $_POST['first'], ':last_name' => $_POST['last'], ':email' => $email, ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png'); try { $stmt = $db->prepare($insertStatement); $result = $stmt->execute($insertParams); $link = "http://dbsystems-engproject.rhcloud.com/"; $message = 'Hello!<br/><br/>' . 'An account has been created for you on our conference room scheduler!' . ' Please click <a href=' . $link . '>here</a> to log in.<br/><br/>' . 'Password: '******'<br/>To change your password, sign in, then select \'Change Password\'' . ' from the drawer on the left side of the screen.' . '<br/><br/>Thank you,<br/>Team 6'; $mailer = new SendEmail(); $mailer->SendEmail($email, "Conference Room Scheduler", $message, false); header("Location: home.php"); die("Redirecting to home.php"); } catch (PDOException $ex) { echo "query: " . $insertStatement . "</br>"; print_r($insertParams); echo "<br/>exception: " . $ex->getMessage(); }
/** * _matchCredentials * * @param mixed $token The token to match * @param mixed $authInfo The authentication info to match the token with * * @access private * @return void * @throws Exception */ private function _matchCredentials($token, $authInfo) { $tokenCred = $token->getCredentials(); $authCred = $authInfo->getCredentials(); // TODO: Extract validation logic to CredentialsMatcher. if (PasswordUtils::check($tokenCred, $authCred) !== 'OK') { throw new Exception('Incorrect Credentials'); } }