Пример #1
0
 public function login($sUsername, $sPassword)
 {
     $oUser = UserQuery::create()->filterByUsername($sUsername)->findOne();
     if ($oUser === null) {
         $oUser = UserQuery::create()->filterByEmail($sUsername)->find();
         if (count($oUser) === 1) {
             $oUser = $oUser[0];
         } else {
             return 0;
         }
     }
     if (!PasswordHash::comparePassword($sPassword, $oUser->getPassword())) {
         if (PasswordHash::comparePasswordFallback($sPassword, $oUser->getPassword())) {
             $oUser->setPassword($sPassword);
             UserPeer::ignoreRights(true);
             $oUser->save();
             return $this->login($sUsername, $sPassword);
         }
         if ($oUser->getPassword() === '*') {
             return self::USER_NEEDS_PASSWORD_RESET;
         }
         return 0;
     }
     if ($oUser->getDigestHA1() === null && Settings::getSetting('security', 'generate_digest_secrets', false) === true) {
         $oUser->setPassword($sPassword);
         UserPeer::ignoreRights(true);
         $oUser->save();
     }
     return $this->loginUser($oUser);
 }
Пример #2
0
 private function validate($aUserData, $oUser)
 {
     $oFlash = Flash::getFlash();
     $oFlash->setArrayToCheck($aUserData);
     $oFlash->checkForValue('username', 'username_required');
     $oFlash->checkForValue('first_name', 'first_name_required');
     $oFlash->checkForValue('last_name', 'last_name_required');
     $oFlash->checkForEmail('email', 'valid_email');
     if ($oUser->isNew() || $aUserData['username'] !== $oUser->getUsername()) {
         $oCheckedUser = UserQuery::create()->filterByUsername($aUserData['username'])->findOne();
         if ($oCheckedUser !== null && $oCheckedUser->getId() !== $oUser->getId()) {
             $oFlash->addMessage('username_exists');
         }
     }
     if ($aUserData['force_password_reset']) {
         // Nothing to validate, pass
     } else {
         if ($aUserData['password'] !== '') {
             if ($oUser->isSessionUser() && $oUser->getPassword() != null) {
                 if ($aUserData['old_password'] == '') {
                     $oFlash->addMessage('old_password_required');
                 } else {
                     if (!PasswordHash::comparePassword($aUserData['old_password'], $oUser->getPassword())) {
                         $oFlash->addMessage('old_password_invalid');
                     }
                 }
             }
             if ($aUserData['password'] !== $aUserData['password_confirm']) {
                 $oFlash->addMessage('password_confirm');
             }
             PasswordHash::checkPasswordValidity($aUserData['password'], $oFlash);
         } else {
             if ($oUser->isNew()) {
                 $oFlash->addMessage('password_new');
             }
         }
     }
     $oFlash->finishReporting();
 }
Пример #3
0
 public function testGeneratedPasswordEncryption()
 {
     $sPassword = PasswordHash::generatePassword();
     $sHash = PasswordHash::hashPassword($sPassword);
     $this->assertSame(true, PasswordHash::comparePassword($sPassword, $sHash));
 }