/** * Method used to update the account password for a specific user. * * @param integer $usr_id The user ID * @param string $password The password. * @return boolean */ public function updatePassword($usr_id, $password) { $stmt = 'UPDATE {{%user}} SET usr_password=? WHERE usr_id=?'; $params = array(Auth::hashPassword($password), $usr_id); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return false; } # NOTE: this will say updated failed if password is identical to old one $updated = DB_Helper::getInstance()->affectedRows(); return $updated > 0; }
/** * Update User * * @param int $userId */ public function update($userId) { $user = $this->getUserFinder()->findOneBy('id', $userId); if ($this->slim->request->isGet()) { $this->slim->render('user/update.html.twig', ['user' => $user, 'sessionUser' => $this->getSessionUser()]); } elseif ($this->slim->request->isPost()) { $email = $_POST['email']; $password = $_POST['password']; $role = $_POST['role']; $auth = new Auth(); $hash = $auth->hashPassword($password); $user->setEmail($email); $user->setPassword($hash); $user->getRole($role); $user->update(); $this->slim->flash('success', 'User updated'); $this->slim->redirect('/users'); } }
/** * @param $password string * * Change the password of an user along with generating new salt. * */ public function changePassword($password) { $this->salt = Auth::generatePasswordSalt(); $this->password = Auth::hashPassword($password, $this->salt); $this->save(); }
/** * Method used to add a new user to the system. * * @param array $user The array of user information * @return integer 1 if the update worked, -1 otherwise */ public static function insert($user) { $projects = array(); foreach ($user['role'] as $prj_id => $role) { if ($role < 1) { continue; } $projects[] = $prj_id; } $params = array(isset($user['customer_id']) ? $user['customer_id'] : null, isset($user['contact_id']) ? $user['contact_id'] : null, Date_Helper::getCurrentDateGMT(), Auth::hashPassword($user['password']), $user['full_name'], $user['email'], !empty($user['grp_id']) ? $user['grp_id'] : null, $user['external_id'], isset($user['par_code']) ? $user['par_code'] : null); $stmt = 'INSERT INTO {{%user}} ( usr_customer_id, usr_customer_contact_id, usr_created_date, usr_password, usr_full_name, usr_email, usr_grp_id, usr_external_id, usr_par_code ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? )'; try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } $new_usr_id = DB_Helper::get_last_insert_id(); // add the project associations! $projects = array(); foreach ($user['role'] as $prj_id => $role) { if ($role < 1) { continue; } Project::associateUser($prj_id, $new_usr_id, $role); $projects[] = $prj_id; } Prefs::set($new_usr_id, Prefs::getDefaults($projects)); // send email to user Notification::notifyNewUser($new_usr_id, $user['password']); return $new_usr_id; }
public function actionRecovery($hash = false) { if ($hash) { if (isset($_POST['password1'])) { $model = UsersModel::model()->where("`hash`='{$hash}'")->findRow(); $model->password = Auth::hashPassword($_POST['password1']); $model->hash = ""; $model->save(); $this->view("success", array("message" => Lang::get("password_changed")), false); } $this->view("profile/lostpassword", array(), false); } else { if (isset($_POST['lostname'])) { $name = $_POST['lostname']; $model = UsersModel::model()->where("`login`='{$name}' OR `email`='{$name}'")->findRow(); if ($model) { $model->hash = Auth::generateRandomHash(); $model->save(); $to = $model->email; $subject = "Ссылка для восстановления пароля на " . $_SERVER[HTTP_HOST]; $body = "Здравствуйте, " . $model->name . "!" . "<br/><br/>Если вы желаете восстановить пароль вашей страницы, <br/>" . "пожалуйста перейдите по ссылке <a href='http://" . $_SERVER['HTTP_HOST'] . "/recovery/" . $model->hash . "'>подтверждения восстановления пароля</a>"; $headers = "From: support@speak.addic.tk"; $headers .= "Support " . $_SERVER[HTTP_HOST] . " " . "\r\n"; $headers .= "Content-type: text/html; charset=utf-8" . "\r\n"; $headers .= 'X-Mailer: PHP/' . phpversion(); if (empty($to)) { echo "<script>alert('No email to send');</script>"; } else { mail($to, $subject, $body, $headers); } $this->view("success", array("message" => Lang::get("restore_url")), false); } else { Message::setError("email", Lang::get("login_not_found")); } } $this->view("profile/recovery", array(), false); } }
function isCorrectPassword($email, $password) { $stmt = "SELECT\r\n\t\t\t\t\ten_username,\r\n en_password\r\n FROM\r\n " . ETEL_USER_TABLE_NOSUB . "\r\n WHERE\r\n en_email='" . Misc::escapeString($email) . "'"; $info = $GLOBALS["db_api"]->dbh->getRow($stmt); if (PEAR::isError($info)) { Error_Handler::logError(array($passwd->getMessage(), $passwd->getDebugInfo()), __FILE__, __LINE__); return false; } else { if ($info[1] != Auth::hashPassword($info[0] . $password)) { return false; } else { return true; } } }
public static function verifyPassword($password, $passwordHash, $passwordSalt) { return Auth::hashPassword($password, $passwordSalt, Config::PASSWORD_HASH_ROUNDS) === $passwordHash; }
/** * Method used to add a new user to the system. * * @access public * @return integer 1 if the update worked, -1 otherwise */ function insert() { global $HTTP_POST_VARS; $projects = array(); foreach ($HTTP_POST_VARS["role"] as $prj_id => $role) { if ($role < 1) { continue; } $projects[] = $prj_id; } $fn = preg_split('/\\s+/', $HTTP_POST_VARS["full_name"], 2); $username = preg_split('/@/', $HTTP_POST_VARS["email"], 2); $prefs = Prefs::getDefaults($projects); $stmt = "INSERT INTO\n " . ETEL_USER_TABLE_NOSUB . "\n\t\t\t\tSET\n en_ev_customer_id = NULL,\n en_ev_contact_id = NULL,\n en_signup = '" . Date_API::getCurrentDateGMT() . "',\n en_username = '******',\n en_password = '******',\n en_firstname = '" . Misc::escapeString($fn[0]) . "',\n en_lastname = '" . Misc::escapeString($fn[1]) . "',\n en_email = '" . Misc::escapeString($HTTP_POST_VARS["email"]) . "',\n en_ev_pref = '" . Misc::escapeString($prefs) . "'\n "; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { $new_usr_id = $GLOBALS["db_api"]->get_last_insert_id(); // add the project associations! foreach ($HTTP_POST_VARS["role"] as $prj_id => $role) { if ($role < 1) { continue; } Project::associateUser($prj_id, $new_usr_id, $role); } // send email to user Notification::notifyNewUser($new_usr_id, $HTTP_POST_VARS["password"]); return 1; } }
public static function addUser($login, $password, $rol) { if ($login === '' || $password === '') { throw new AuthInvalidUserException("Invalid login or password [{$login}] : [{$password}]"); } if ($rol !== \Acd\conf::$ROL_DEVELOPER && $rol !== \Acd\conf::$ROL_EDITOR) { throw new AuthInvalidUserException("Invalid rol [{$rol}]"); } $aCredentials = Auth::loadAllCredentials(); $aCredentials[$login]['password'] = Auth::hashPassword($password); $aCredentials[$login]['rol'] = $rol; $jsonCredentials = json_encode($aCredentials); $path = \Acd\conf::$PATH_AUTH_CREDENTIALS_FILE; $tempPath = \Acd\conf::$PATH_AUTH_CREDENTIALS_FILE . '.tmp'; if (!($handle = fopen($tempPath, 'a'))) { echo "Cannot open file ({$tempPath})"; exit; } // Write $jsonCredentials to our opened file. if (fwrite($handle, $jsonCredentials) === FALSE) { echo "Cannot write to file ({$tempPath})"; exit; } fclose($handle); rename($tempPath, $path); }