/**
* @return string
*/
public function getConfirmationCode()
{
$confirmation_code = null;
while ($confirmation_code === null) {
$possible_confirmation_code = $this->random_generator->getNumber();
if ($this->user_manager->getUserByConfirmHash($possible_confirmation_code) === null) {
$confirmation_code = $possible_confirmation_code;
}
}
return $confirmation_code;
}
public function computeUnixPassword($plain_password)
{
$number_generator = new RandomNumberGenerator(self::SALT_SIZE);
$salt = $number_generator->getNumber();
// We use a salted MD5 to create the Unix Password
return crypt($plain_password, '$1$' . $salt . '$');
}
/**
* @return Rest_Token
*/
public function generateTokenForUser(PFUser $user)
{
$number_generator = new RandomNumberGenerator();
$token = $number_generator->getNumber();
$this->token_dao->addTokenForUserId($user->getId(), $token, $_SERVER['REQUEST_TIME']);
return new Rest_Token($user->getId(), $token);
}
public function itGeneratesTokenOfTheAskedSize()
{
$number_generator_8_bits = new RandomNumberGenerator(1);
$this->assertEqual(2, strlen($number_generator_8_bits->getNumber()));
$number_generator_64_bits = new RandomNumberGenerator(8);
$this->assertEqual(16, strlen($number_generator_64_bits->getNumber()));
$number_generator_128_bits = new RandomNumberGenerator();
$this->assertEqual(32, strlen($number_generator_128_bits->getNumber()));
}
public function computeUnixPassword($plain_password)
{
$number_generator = new RandomNumberGenerator(self::SALT_SIZE);
$salt = $number_generator->getNumber();
// We use SHA-512 with 5000 rounds to create the Unix Password
// SHA-512 is more widely available than BCrypt in GLibc OS library
// Only 5000 rounds are used (which is the default value) to keep reasonable performance
return crypt($plain_password, '$6$rounds=5000$' . $salt . '$');
}
/**
* @return string the new session_hash
*/
function createSession($user_id, $time)
{
// generate a token from a PRNG
// continue until unique token is generated (SHOULD only be once)
$number_generator = new RandomNumberGenerator();
do {
$token = $number_generator->getNumber();
$sql = "SELECT 1\n FROM session\n WHERE session_hash = " . $this->da->quoteSmart($token);
$dar = $this->retrieve($sql);
} while ($dar && $dar->rowCount() == 1);
$sql = sprintf("INSERT INTO session (session_hash, ip_addr, time,user_id) VALUES (%s, %s, %d, %d)", $this->da->quoteSmart($token), $this->da->quoteSmart($_SERVER['REMOTE_ADDR']), $time, $user_id);
if ($this->update($sql)) {
$this->storeLoginSuccess($user_id, $time);
} else {
$token = false;
}
return $token;
}
<?php
//
// Copyright 2015 (c) Enalean
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
//
require_once 'pre.php';
$em =& EventManager::instance();
$em->processEvent('before_lostpw-confirm', array());
$number_generator = new RandomNumberGenerator();
$confirm_hash = $number_generator->getNumber();
$request =& HTTPRequest::instance();
$res_user = db_query("SELECT * FROM user WHERE user_name='" . db_es($request->get('form_loginname')) . "'");
if (db_numrows($res_user) < 1) {
exit_error("Invalid User", "That user does not exist.");
}
$row_user = db_fetch_array($res_user);
db_query("UPDATE user SET confirm_hash='" . $confirm_hash . "' WHERE user_id=" . $row_user['user_id']);
list($host, $port) = explode(':', $GLOBALS['sys_default_domain']);
$message = stripcslashes($Language->getText('account_lostpw-confirm', 'mail_body', array($GLOBALS['sys_name'], get_server_url() . "/account/lostlogin.php?confirm_hash=" . $confirm_hash)));
$mail = new Mail();
$mail->setTo($row_user['email'], true);
$mail->setSubject($Language->getText('account_lostpw-confirm', 'mail_subject', array($GLOBALS['sys_name'])));
$mail->setBody($message);
$mail->setFrom($GLOBALS['sys_noreply']);
$mail_is_sent = $mail->send();
if (!$mail_is_sent) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])), CODENDI_PURIFIER_FULL);
function getConfirmHash()
{
$random = new RandomNumberGenerator();
$confirm_hash = $random->getNumber();
$user_manager = UserManager::instance();
$check_valid = false;
while (!$check_valid) {
$confirm_hash = $random->getNumber();
$check_valid = $user_manager->getUserByConfirmHash($confirm_hash) === null;
}
return $confirm_hash;
}
private function generateRandomToken()
{
return $this->random_number_generator->getNumber();
}
