function test_validPassword()
{
$result = PasswordUtils::testPassword("longPasswordlongPassword");
$this->assertEquals($result, "Password cannot be longer than 20 characters.");
$result = PasswordUtils::testPassword("password");
$this->assertEquals($result, "Password must have at least one number.");
$result = PasswordUtils::testPassword("123456789");
$this->assertEquals($result, "Password must have at least one letter.");
}
/**
* function to verify a password
*
* @param string $pPassword
* @return boolean
*/
public function verifyPassword($pPassword)
{
$lHash = PasswordUtils::salt_password(md5($pPassword), $this->getSalt());
if ($lHash === $this->getPasswordhash()) {
return true;
} else {
return false;
}
}
function makePasswordChange($db, $newPassword, $salt, $id)
{
$query = "\n UPDATE user\n SET\n password = :password\n WHERE\n _id = :id\n ";
$query_params = array(':password' => PasswordUtils::hashPassword($newPassword, $salt), ':id' => $id);
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
function saveRegistration($post, $db)
{
// Store the results into the users table.
$query = "\n INSERT INTO user (\n email,\n password,\n password_salt,\n first_name,\n last_name,\n user_type_id,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :first_name,\n :last_name,\n :user_type_id,\n :picture_url\n )";
// Security measures
$salt = PasswordUtils::generatePasswordSalt();
$password = PasswordUtils::hashPassword($post['password'], $salt);
$query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':first_name' => $post['first_name'], ':last_name' => $post['last_name'], ':user_type_id' => '1', ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
public function forgotPasswordModel($forgotPasswordForm)
{
$formObjRaw = new FormDTO(FORGOT_PWD_FORM, $forgotPasswordForm);
$responseDTO = new ResponseDTO(FORGOT_PWD_FORM);
try {
$formDataObj = $formObjRaw->getFormData();
$validator = new FormValidator(FORGOT_PWD_FORM, $formDataObj);
$validationError = $validator->checkAll();
if (sizeof($validationError) == 0) {
$userDAO = new UserDAO();
$userDTO = $userDAO->getUserByEmail($formDataObj[FORGOT_PWD_FORM . EMAIL]);
if (is_null($userDTO)) {
$responseDTO->setErrField(ERROR_RESPONSE, "Nessun user presente con questa mail");
} else {
$newPassword = PasswordUtils::createRandomicPassword();
$userDTO->setPassword($newPassword);
$resultMail = DataModelUtils::sendMail($userDTO, FORGOT_PWD_FORM);
$hashedPwd = PasswordUtils::getPassword($newPassword);
$userDTO->setPassword($hashedPwd);
$result = $userDAO->updateUserPassword($userDTO);
if ($result != 1) {
$responseDTO->setErrField(ERROR_RESPONSE, "Problema nel cambio della password");
} else {
$responseDTO->setResponseSucc("Verra mandata una mail con una nuova password all'indirizzo " . $userDTO->getEmail());
}
}
} else {
if (array_key_exists(EMAIL, $validationError)) {
$responseDTO->setErrField(EMAIL, $validationError[EMAIL]);
}
SessionUtils::setFormValue($formDataObj);
}
return $responseDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
include_once 'AutoLoader.php';
AutoLoader::registerDirectory('src/classes');
require "src/config.php";
if (!empty($_POST)) {
$email = htmlspecialchars($_POST['email']);
$query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $email);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row) {
$check_password = PasswordUtils::hashPassword($_POST['password'], $row['salt']);
if ($check_password == $row['password']) {
if ($row['active_user'] == 0) {
$message = "You must activate your account first.";
} else {
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
if ($row['info_added'] == 0) {
switch ($row['user_type_id']) {
case 3:
// nurse
header("Location: src/nurse_info.php");
die("Redirecting to: src/nurse_info.php");
break;
case 2:
die("Redirecting to index.php");
} else {
if (!empty($_POST) && $changer->checkFieldsCorrect($_POST)) {
$query = "\n SELECT *\n FROM users\n WHERE\n email = :email\n ";
$query_params = array(':email' => $user['email']);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row) {
$check_password = PasswordUtils::hashPassword($_POST['current_password'], $row['salt']);
if (PasswordUtils::checkMatchingPasswords($check_password, $row['password'])) {
$changer->errorMessage = PasswordUtils::testPassword($_POST['new_password']);
if (empty($changer->errorMessage)) {
$changer->makePasswordChange($db, $_POST['new_password'], $row['salt'], $row['id']);
$changer->success = "Password changed successfully.";
}
} else {
$changer->errorMessage = "Incorrect password.";
}
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
function saveRegistration($post, $hash, $db)
{
// Store the results into the users table.
$query = "\n INSERT INTO users (\n email,\n password,\n salt,\n user_type_id,\n hash,\n picture_url\n ) VALUES (\n :email,\n :password,\n :salt,\n :user_type_id,\n :hash,\n :picture_url\n )\n ";
// Security measures
$salt = PasswordUtils::generatePasswordSalt();
$password = PasswordUtils::hashPassword($post['password'], $salt);
$query_params = array(':email' => $post['email'], ':password' => $password, ':salt' => $salt, ':user_type_id' => $post['user_type_id'], ':hash' => $hash, ':picture_url' => 'http://walphotobucket.s3.amazonaws.com/default.jpg');
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$fp = new ForgotPassword();
if (!empty($_POST)) {
// Check if the email is recognized.
$fp->checkEmail($_POST['email'], $db);
// If the email was recognized, generate a new password and send an email.
if (empty($fp->noEmail) && !empty($_POST['challenge_question_answer'])) {
if ($fp->checkAnswer(htmlspecialchars($_POST['challenge_question_answer']))) {
$newPassword = PasswordUtils::generateNewPassword();
if ($fp->sendNewPassword($newPassword)) {
$fp->success = "An email has been sent to the address that you provided. " . "Use the password included in the email to log in.";
// Hash the new password and update the tables.
$newSalt = PasswordUtils::generatePasswordSalt();
$newPassword = PasswordUtils::hashPassword($newPassword, $newSalt);
$fp->updateTables($newPassword, $newSalt, $db);
} else {
$fp->registrationFailure = "Verification email could not be sent. Please try again later.";
}
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
<style>.error {color: #FF0000;}</style>
<style>.success {color: #00FF00;</style>
<meta charset="utf-8">
/**
* Checks entered password matches the hash
* @param $password string password that the user supplied
* @param $expected string hash from storage (eg. from your database)
* @return bool whether or not the password matched or not
*/
public function checkPassword($password, $expected)
{
return PasswordUtils::compare(crypt($password, $expected), $expected);
}
include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
if (!empty($_POST) && isset($_POST['submitButton'])) {
$email = $_SESSION['user']['email'];
$query = "\r\n SELECT *\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $email);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row) {
$check_password = PasswordUtils::hashPassword(htmlspecialchars($_POST['password']), $row['salt']);
if ($check_password == $row['password']) {
$query = "\r\n DELETE\r\n FROM users\r\n WHERE\r\n email = :email\r\n ";
$query_params = array(':email' => $_SESSION['user']['email']);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
unset($_SESSION['user']);
$success = "Account deleted.";
} else {
$error = "Incorrect password.";
}
} else {
function changeUserPwdModel($pwdForm)
{
$formObjRaw = new FormDTO(CHANGE_PWD_FORM, $pwdForm);
$responseDTO = new ResponseDTO(CHANGE_PWD_FORM);
try {
$formDataObj = $formObjRaw->getFormData();
$validator = new FormValidator(CHANGE_PWD_FORM, $formDataObj);
$validationError = $validator->checkAll();
if (sizeof($validationError) == 0) {
$userLogged = SessionUtils::getUserLogged();
$hashedPwd = PasswordUtils::getPassword($formDataObj[CHANGE_PWD_FORM . PASSWORD]);
$userDTO = new UserDTO($userLogged->getUserId(), NULL, $hashedPwd, NULL, NULL, NULL, NULL, NULL);
$userDAO = new UserDAO();
$userLoggedDTO = $userDAO->checkPassword($userDTO);
if (is_null($userLoggedDTO)) {
$responseDTO->setResponseSucc("Questa password non esiste");
return $responseDTO;
}
$hashedPwd = PasswordUtils::getPassword($formDataObj[CHANGE_PWD_FORM . NEW_PASSWORD]);
$userDTO->setPassword($hashedPwd);
$userPwdUpdated = $userDAO->updateUserPassword($userDTO);
return $userDTO;
} else {
if (array_key_exists(PASSWORD, $validationError)) {
$responseDTO->setErrField(PASSWORD, $validationError[PASSWORD]);
}
if (array_key_exists(NEW_PASSWORD, $validationError)) {
$responseDTO->setErrField(NEW_PASSWORD, $validationError[NEW_PASSWORD]);
}
if (array_key_exists(CONFIRM_PASSWORD, $validationError)) {
$responseDTO->setErrField(CONFIRM_PASSWORD, $validationError[CONFIRM_PASSWORD]);
}
// var_dump($validationError);
// var_dump($responseDTO);die;
}
return $responseDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
throw $authExp;
} catch (Exception $e) {
throw $e;
}
}
<?php
include_once '../AutoLoader.php';
AutoLoader::registerDirectory('../src/classes');
require "config.php";
require "MailFiles/PHPMailerAutoload.php";
$realPassword = PasswordUtils::generateNewPassword();
$passwordSalt = PasswordUtils::generatePasswordSalt();
$hashedPassword = PasswordUtils::hashPassword($realPassword, $passwordSalt);
$email = $_POST['email'];
$created_by_id = $_SESSION['user']['_id'];
if (!empty($_POST['manager'])) {
$created_by_id = $_POST['manager'];
}
$insertStatement = "INSERT INTO user\n\t\t\t\t\t(`user_type_id`, `created_by_id`, `password`, `password_salt`, `first_name`, `last_name`, `email`, `picture_url`) \n\t\t\t\t\tVALUES (:user_type_id,:created_by_id, :password,:password_salt,:first_name,:last_name,:email,:picture_url)";
$insertParams = array(':user_type_id' => $_POST['user_type_id'], ':created_by_id' => $created_by_id, ':password' => $hashedPassword, ':password_salt' => $passwordSalt, ':first_name' => $_POST['first'], ':last_name' => $_POST['last'], ':email' => $email, ':picture_url' => 'https://s3-us-west-2.amazonaws.com/dbsystems/default-avatar.png');
try {
$stmt = $db->prepare($insertStatement);
$result = $stmt->execute($insertParams);
$link = "http://dbsystems-engproject.rhcloud.com/";
$message = 'Hello!<br/><br/>' . 'An account has been created for you on our conference room scheduler!' . ' Please click <a href=' . $link . '>here</a> to log in.<br/><br/>' . 'Password: '******'<br/>To change your password, sign in, then select \'Change Password\'' . ' from the drawer on the left side of the screen.' . '<br/><br/>Thank you,<br/>Team 6';
$mailer = new SendEmail();
$mailer->SendEmail($email, "Conference Room Scheduler", $message, false);
header("Location: home.php");
die("Redirecting to home.php");
} catch (PDOException $ex) {
echo "query: " . $insertStatement . "</br>";
print_r($insertParams);
echo "<br/>exception: " . $ex->getMessage();
}
/**
* _matchCredentials
*
* @param mixed $token The token to match
* @param mixed $authInfo The authentication info to match the token with
*
* @access private
* @return void
* @throws Exception
*/
private function _matchCredentials($token, $authInfo)
{
$tokenCred = $token->getCredentials();
$authCred = $authInfo->getCredentials();
// TODO: Extract validation logic to CredentialsMatcher.
if (PasswordUtils::check($tokenCred, $authCred) !== 'OK') {
throw new Exception('Incorrect Credentials');
}
}
