/** * @param string $username * @param string $password * * @return bool */ public static function checkLogin($username, $password) { $p = Db::query('SELECT username, password FROM zz_users WHERE username = :username', array(':username' => $username), 0); if (!empty($p[0])) { $pw = $p[0]['password']; if (Password::checkPassword($password, $pw)) { return true; } return false; } return false; }
if (isset($viewtheme)) { UserConfig::set("viewtheme", $viewtheme); $app->redirect($_SERVER["REQUEST_URI"]); } $theme = Util::getPost("theme"); if (isset($theme)) { UserConfig::set("theme", $theme); } $orgpw = Util::getPost("orgpw"); $password = Util::getPost("password"); $password2 = Util::getPost("password2"); // Password if (isset($orgpw) && isset($password) && isset($password2)) { if ($password != $password2) { $error = "Passwords don't match, try again"; } elseif (Password::checkPassword($orgpw) == true) { Password::updatePassword($password); $error = "Password updated"; } else { $error = "Original password is wrong, please try again"; } } $timeago = Util::getPost("timeago"); if (isset($timeago)) { UserConfig::set("timeago", $timeago); } $deleteentityid = Util::getPost("deleteentityid"); $deleteentitytype = Util::getPost("deleteentitytype"); // Tracker if (isset($deleteentityid) && isset($deleteentitytype)) { $q = UserConfig::get("tracker_" . $deleteentitytype);
/** * @brief Compare plain text password to the password saved in DB * @param string $hashed_password The hash that was saved in DB * @param string $password_text The password to check * @param int $member_srl Set this to member_srl when comparing a member's password (optional) * @return bool */ function isValidPassword($hashed_password, $password_text, $member_srl = null) { // False if no password in entered if (!$password_text) { return false; } // Check the password $oPassword = new Password(); $current_algorithm = $oPassword->checkAlgorithm($hashed_password); $match = $oPassword->checkPassword($password_text, $hashed_password, $current_algorithm); if (!$match) { return false; } // Update the encryption method if necessary $config = $this->getMemberConfig(); if ($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N') { $need_upgrade = false; if (!$need_upgrade) { $required_algorithm = $oPassword->getCurrentlySelectedAlgorithm(); if ($required_algorithm !== $current_algorithm) { $need_upgrade = true; } } if (!$need_upgrade) { $required_work_factor = $oPassword->getWorkFactor(); $current_work_factor = $oPassword->checkWorkFactor($hashed_password); if ($current_work_factor !== false && $required_work_factor > $current_work_factor) { $need_upgrade = true; } } if ($need_upgrade === true) { $args = new stdClass(); $args->member_srl = $member_srl; $args->hashed_password = $this->hashPassword($password_text, $required_algorithm); $oMemberController = getController('member'); $oMemberController->updateMemberPassword($args); } } return true; }