/**
* A generalized method for performing a password change
* @access public
* @param data array - A 1 deminisonal array focused in the user data
* @return array
*/
public function changePassword($data)
{
$this->create();
//Create a salt value for the user
$salt = Sec::makeSalt();
//Load salt into the data array
$data['salt'] = $salt;
$data['temp_password'] = $data['password'];
//Hash the password and its verifcation then load it into the data array
$data['password'] = Sec::hashPassword($data['password'], $salt);
$data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt);
//set expiration date for the password
$data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days"));
//Clear out any password reset request tokens along with a successfull password reset
$data['password_reset_token'] = null;
$data['password_reset_token_expiry'] = null;
//Try to save the new user record
if($this->save($data)){
$_SESSION['Auth']['User']['password_expires'] = $data['password_expires'];
return array('password' => $data['password'], 'salt' => $data['salt']);
}else{
return array();
}
}
/**
* The public action for loging into the system
* @access public
* @todo TestCase
*/
public function login()
{
$error = true;
if(!empty($this->data)){
$user = $this->User->find('first', array(
'conditions'=>array('or' => array(
'User.id' => $this->data['User']['username'],
'User.username' => $this->data['User']['username'],
'User.email' => $this->data['User']['username']
)),
'contain' => array(
'UserSetting' => array()
)
));
if(empty($user)){
$this->log("User not found {$this->data['User']['username']}", 'weekly_user_login');
$error = true;
}else{
if(Configure::read('Login.attempts') > 0){
if($user['User']['last_login_attempt'] != null){
if(($user['User']['last_login_attempt'] + (Configure::read('Login.lockout')*60))
> strtotime('now')){
if($user['User']['login_attempts'] == Configure::read('Login.attempts')){
$this->set('lockout', 1);
$this->request->data['User']['password'] = null;
}
}else{
$person['Person']['login_attempts'] = 0;
$person['Person']['last_login_attempt'] = null;
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
}
}
}
$hash = Sec::hashPassword($this->data['User']['password'], $user['User']['salt']);
if($hash == $user['User']['password']){
if($this->Auth->login($user['User'])){
$this->Session->setFlash(__('You have been authenticated'), 'success');
$this->Session->write('Auth.User', $user['User']);
$this->Session->write('Auth.User.Settings', $user['UserSetting']);
$this->Access->permissions($user['User']);
$person['Person']['login_attempts'] = 0;
$person['Person']['last_login_attempt'] = null;
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
$this->redirect($this->Auth->redirect());
$error = false;
}else{
$error = true;
}
}else{
if(Configure::read('Login.attempts') > 0){
if($user['User']['login_attempts'] < Configure::read('Login.attempts')){
$person['Person']['last_login_attempt'] = strtotime('now');
$person['Person']['login_attempts'] = ($user['User']['login_attempts']+1);
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
}
}
$this->log("Password mismatch {$this->data['User']['username']}", 'weekly_user_login');
$error = true;
}
}
if($error) {
$this->Session->setFlash(__('You could not be authenticated'), 'error');
}
}
$this->set('title_for_layout', __('Login to Your Account'));
}
public function testPasswordHash() {
$hash = Sec::hashPassword('password', $this->salt);
$expected = '5e4f1e66ae7bdeb976ceed8ea597ff676ef0f0c04b513e0d11760e01090a9ff4e532867d135354af38d24ea963e33f4c6dce75f93db493f380baed52e7a9cf6d';
$this->assertEquals($hash, $expected);
}
