/** * @see wcf\data\DatabaseObjectEditor::update() */ public function update(array $parameters = array()) { // update salt and create new password hash if (isset($parameters['password'])) { $parameters['salt'] = StringUtil::getRandomID(); $parameters['password'] = StringUtil::getDoubleSaltedHash($parameters['password'], $parameters['salt']); $parameters['accessToken'] = StringUtil::getRandomID(); // update salt and accessToken $this->salt = $parameters['salt']; $this->accessToken = $parameters['accessToken']; } parent::update($parameters); }
/** * @see wcf\form\IForm::validate() */ public function validate() { ACPForm::validate(); if (empty($this->masterPassword)) { throw new UserInputException('masterPassword'); } // check password security if (StringUtil::length($this->masterPassword) < 8) { throw new UserInputException('masterPassword', 'notSecure'); } // digits if (!Regex::compile('\\d')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (lower-case) if (!Regex::compile('[a-z]')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (upper-case) if (!Regex::compile('[A-Z]')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // special characters if (!Regex::compile('[^0-9a-zA-Z]')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // password equals username if ($this->masterPassword == WCF::getUser()->username) { throw new UserInputException('masterPassword', 'notSecure'); } // search for identical admin passwords $sql = "SELECT\tpassword, salt\n\t\t\tFROM\twcf" . WCF_N . "_user\n\t\t\tWHERE\tuserID IN (\n\t\t\t\t\tSELECT\tuserID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t\t\tWHERE\tgroupID = 4\n\t\t\t\t)"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(); while ($row = $statement->fetchArray()) { if (StringUtil::getDoubleSaltedHash($this->masterPassword, $row['salt']) == $row['password']) { throw new UserInputException('masterPassword', 'notSecure'); } } // confirm master password if (empty($this->confirmMasterPassword)) { throw new UserInputException('confirmMasterPassword'); } if ($this->confirmMasterPassword != $this->masterPassword) { throw new UserInputException('confirmMasterPassword', 'notEqual'); } }
/** * Returns true, if the given password is the correct password for this user. * * @param string $password * @return boolean password correct */ public function checkPassword($password) { return $this->password == StringUtil::getDoubleSaltedHash($password, $this->salt); }