/**
* Function to check if the temp password expiry functionality is working.
*/
public function testCheckIfTempPassExpired()
{
//update the temp pass time to current time.
SQL("UPDATE PASSWORD SET TEMP_TIME = ? WHERE USERID = ?", array(time("SYS"), $this->user->getUserID()));
$this->assertFalse(AdvancedPasswordManagement::checkIfTempPassExpired($this->user->getUserID()));
//this check will provide false, since the temp password time has not expired.
time("SET", time() + 1000000);
//Now set the time to some distant future time.
$this->assertTrue(AdvancedPasswordManagement::checkIfTempPassExpired($this->user->getUserID()));
//this check will provide true, since the temp password time has expired.
}
/**
* Function to generate and validate a temporary password. To create a new temporary password, call this function without the second argument and the value returned will be the temporary password that will be sent to the user. To validate a temporary password, pass the temporary password to this function and will will return TRUE for valid passwords and FALSE for invalid/non-existent one's.
* @param string $userID The userID of the user
* @param string $tempPass The temporary password that needs to be checked if valid or not
* @return boolean | string Returns True if temporary password provided is valid. False otherwise. Can also return temporary password in case where the temporary password needs to be set
*/
public static function tempPassword($userID, $tempPass = "")
{
//If a temp password has not been provided, then create a temp password.
if ($tempPass == "") {
$tempPass = hash(BasicPasswordManagement::$hashAlgo, randstr(128));
$time = time();
//If record is not present in the DB
if (!AdvancedPasswordManagement::checkIfUserExists($userID)) {
SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, USERID) VALUES (?, ?, ?, ?)", array($tempPass, 0, $time, $userID));
} else {
//If record is present in the DB
SQL("UPDATE PASSWORD SET `TEMP_PASS` = ?, `USE_FLAG` = ?, `TEMP_TIME` = ? WHERE USERID = ?", array($tempPass, 0, $time, $userID));
}
return $tempPass;
} else {
$result = SQL("SELECT `TEMP_PASS`, `USE_FLAG` FROM PASSWORD WHERE `USERID` = ?", array($userID));
if (count($result) == 1) {
//temporary password has not expired
if ($result[0]['USE_FLAG'] == 0 && !($a = AdvancedPasswordManagement::checkIfTempPassExpired($userID))) {
if ($result[0]['TEMP_PASS'] === $tempPass) {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return TRUE;
}
} else {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return FALSE;
}
}
//record not found
return FALSE;
}
}
