/**
* Function to test if DOB is stored correctly.
*/
public function testSetDOB()
{
$dob = time() - 10000;
$this->xobj->setDOB($dob);
$result = SQL("SELECT `DOB` FROM XUSER WHERE USERID = ?", array($this->obj->getUserID()));
$this->assertTrue($result[0]['DOB'] == $dob);
}
/**
* Constructor of this class.
* @param \phpsec\User $userObj The object of class \phpsec\User
*/
public function __construct($userObj)
{
$this->userID = $userObj->getUserID();
if (!XUser::isXUserExists($this->userID)) {
//If user's records are not present in the DB, then insert them
SQL("INSERT INTO XUSER (`USERID`) VALUES (?)", array($this->userID));
}
}
/**
* Function to test if brute force is detected when failed attempts are done in intervals. e.g. a bot guesses password after every 2 seconds in attempt to fool the system that this is a legit attempt
*/
public function testBruteForceForSlowPasswordGuessing()
{
try {
//repeatedly provide wrong password.
for ($i = 0; $i < 7; $i++) {
sleep(2);
//Sleep for some time so that the mechanism can be fooled.
$this->obj = new AdvancedPasswordManagement($this->user->getUserID(), "resting", true);
//wrong password provided.
}
} catch (BruteForceAttackDetectedException $e) {
$this->assertTrue(TRUE);
//True since BruteForceAttackDetectedException was thrown
}
}
/**
* Function for user to Log-out.
* @param \phpsec\User $userObj The user object of the user that needs to log out
*/
public static function logOut($userObj)
{
if ($userObj->checkRememberMe() === $userObj->getUserID()) {
User::deleteAuthenticationToken();
//delete the authentication token from the server and the user's browser
}
if (file_exists(__DIR__ . "/../session/session.php")) {
require_once __DIR__ . "/../session/session.php";
//If session library is present, then delete session from the server as well as user's browser
$tempSession = new Session();
$tempSession->existingSession();
$tempSession->destroySession();
}
}
