public function login($sUsername, $sPassword)
{
$oUser = UserQuery::create()->filterByUsername($sUsername)->findOne();
if ($oUser === null) {
$oUser = UserQuery::create()->filterByEmail($sUsername)->find();
if (count($oUser) === 1) {
$oUser = $oUser[0];
} else {
return 0;
}
}
if (!PasswordHash::comparePassword($sPassword, $oUser->getPassword())) {
if (PasswordHash::comparePasswordFallback($sPassword, $oUser->getPassword())) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
return $this->login($sUsername, $sPassword);
}
if ($oUser->getPassword() === '*') {
return self::USER_NEEDS_PASSWORD_RESET;
}
return 0;
}
if ($oUser->getDigestHA1() === null && Settings::getSetting('security', 'generate_digest_secrets', false) === true) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
}
return $this->loginUser($oUser);
}
private function validate($aUserData, $oUser)
{
$oFlash = Flash::getFlash();
$oFlash->setArrayToCheck($aUserData);
$oFlash->checkForValue('username', 'username_required');
$oFlash->checkForValue('first_name', 'first_name_required');
$oFlash->checkForValue('last_name', 'last_name_required');
$oFlash->checkForEmail('email', 'valid_email');
if ($oUser->isNew() || $aUserData['username'] !== $oUser->getUsername()) {
$oCheckedUser = UserQuery::create()->filterByUsername($aUserData['username'])->findOne();
if ($oCheckedUser !== null && $oCheckedUser->getId() !== $oUser->getId()) {
$oFlash->addMessage('username_exists');
}
}
if ($aUserData['force_password_reset']) {
// Nothing to validate, pass
} else {
if ($aUserData['password'] !== '') {
if ($oUser->isSessionUser() && $oUser->getPassword() != null) {
if ($aUserData['old_password'] == '') {
$oFlash->addMessage('old_password_required');
} else {
if (!PasswordHash::comparePassword($aUserData['old_password'], $oUser->getPassword())) {
$oFlash->addMessage('old_password_invalid');
}
}
}
if ($aUserData['password'] !== $aUserData['password_confirm']) {
$oFlash->addMessage('password_confirm');
}
PasswordHash::checkPasswordValidity($aUserData['password'], $oFlash);
} else {
if ($oUser->isNew()) {
$oFlash->addMessage('password_new');
}
}
}
$oFlash->finishReporting();
}
public function testGeneratedPasswordEncryption()
{
$sPassword = PasswordHash::generatePassword();
$sHash = PasswordHash::hashPassword($sPassword);
$this->assertSame(true, PasswordHash::comparePassword($sPassword, $sHash));
}