public function updateUserPassword(User $inUser, $newPassword, $oldPassword)
{
if (!PermissionEngine::getInstance()->currentUserCanDo('userCanUpdatePassword')) {
return false;
}
if (strlen($newPassword) < $this->getMinimumPasswordLength()) {
return false;
}
$userID = $inUser->getUserID();
if (!is_numeric($userID)) {
return false;
}
$db = Database::getInstance();
if (!$db->isConnected()) {
return false;
}
$userID = $db->escapeString($userID);
$results = $db->getData('password', 'user', "userID = {$userID}");
if ($results === false) {
return false;
}
if ($results === null) {
return false;
}
if (count($results) > 1) {
return false;
}
$storedPassword = $results[0]['password'];
if (!Hasher::verifyHash($oldPassword, $storedPassword)) {
return false;
}
$newHashed = Hasher::generateHash($newPassword);
$newHashed = $db->escapeString($newHashed);
$results = $db->updateTable('user', "password = '******'", "userID = {$userID}");
if (!$results) {
return false;
}
return true;
}
public function logIn($userName, $password)
{
if (!is_string($userName)) {
return false;
}
if (!is_string($password)) {
return false;
}
if ($this->isLoggedIn) {
return true;
}
if (LockoutEngine::getInstance()->isLockedOut($_SERVER['REMOTE_ADDR'])) {
return false;
}
//repeated twice just in case a plugin logs the user in
if ($this->isLoggedIn) {
return true;
}
$database = Database::getInstance();
$database->connect();
if (!$database->isConnected()) {
return false;
}
$userName = $database->escapeString(trim($userName));
$column = 'userID, roleID, userName, givenIdentifier, password, firstName, lastName, email, profilePictureLocation, birthday';
$table = 'user';
$where = '((email = \'' . $userName . '\') OR (userName = \'' . $userName . '\') OR (givenIdentifier = \'' . $userName . '\'))';
if ($database->isConnected()) {
$results = $database->getData($column, $table, $where);
} else {
$results = null;
}
//If there weren't any accounts found or too many accounts found
if ($results === null) {
return false;
}
if (count($results) > 1) {
return false;
}
$dbPassword = $results[0]['password'];
if (!Hasher::verifyHash($password, $dbPassword)) {
return false;
}
self::setUserSession(new CurrentUser($results[0]['userID'], $results[0]['roleID'], $results[0]['givenIdentifier'], $results[0]['userName'], $results[0]['firstName'], $results[0]['lastName'], $results[0]['email'], new Link($results[0]['profilePictureLocation'], true), new DateTime($results[0]['birthday']), true));
$this->isLoggedIn = true;
$userID = $database->escapeString($this->getUserID());
$database->updateTable('user', 'lastAccess = CURRENT_TIMESTAMP', "userID={$userID}");
return true;
}
