/**
* @see wcf\data\DatabaseObjectEditor::update()
*/
public function update(array $parameters = array())
{
// update salt and create new password hash
if (isset($parameters['password'])) {
$parameters['salt'] = StringUtil::getRandomID();
$parameters['password'] = StringUtil::getDoubleSaltedHash($parameters['password'], $parameters['salt']);
$parameters['accessToken'] = StringUtil::getRandomID();
// update salt and accessToken
$this->salt = $parameters['salt'];
$this->accessToken = $parameters['accessToken'];
}
parent::update($parameters);
}
/**
* @see wcf\form\IForm::validate()
*/
public function validate()
{
ACPForm::validate();
if (empty($this->masterPassword)) {
throw new UserInputException('masterPassword');
}
// check password security
if (StringUtil::length($this->masterPassword) < 8) {
throw new UserInputException('masterPassword', 'notSecure');
}
// digits
if (!Regex::compile('\\d')->match($this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// latin characters (lower-case)
if (!Regex::compile('[a-z]')->match($this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// latin characters (upper-case)
if (!Regex::compile('[A-Z]')->match($this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// special characters
if (!Regex::compile('[^0-9a-zA-Z]')->match($this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// password equals username
if ($this->masterPassword == WCF::getUser()->username) {
throw new UserInputException('masterPassword', 'notSecure');
}
// search for identical admin passwords
$sql = "SELECT\tpassword, salt\n\t\t\tFROM\twcf" . WCF_N . "_user\n\t\t\tWHERE\tuserID IN (\n\t\t\t\t\tSELECT\tuserID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t\t\tWHERE\tgroupID = 4\n\t\t\t\t)";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute();
while ($row = $statement->fetchArray()) {
if (StringUtil::getDoubleSaltedHash($this->masterPassword, $row['salt']) == $row['password']) {
throw new UserInputException('masterPassword', 'notSecure');
}
}
// confirm master password
if (empty($this->confirmMasterPassword)) {
throw new UserInputException('confirmMasterPassword');
}
if ($this->confirmMasterPassword != $this->masterPassword) {
throw new UserInputException('confirmMasterPassword', 'notEqual');
}
}
/**
* Returns true, if the given password is the correct password for this user.
*
* @param string $password
* @return boolean password correct
*/
public function checkPassword($password)
{
return $this->password == StringUtil::getDoubleSaltedHash($password, $this->salt);
}
