/**
* @param string $pass
* @param string $salt
* @param string $encPass
* @return boolean
*
* This method compares user entered value with the value stored in DB. It encrypts the user input before comparison
*/
public static function comparePasswords($pass = null, $salt = null, $encPass = null)
{
if (null == $pass || null == $salt || null == $encPass) {
return false;
}
if (SecurityUtils::encryptPassword($pass, $salt) === $encPass) {
//if($pass === $encPass){
return true;
}
return false;
}
public function exists($attribute, $params)
{
if ($this->id) {
$user = UserCredentials::model()->findByPk($this->id);
if ($user) {
$password = SecurityUtils::encryptPassword($this->currentPassword, $user->salt);
$criteria = new CDbCriteria();
$criteria->condition = 'password=:password';
$criteria->params = array(':password' => $password);
if (!UserCredentials::model()->find($criteria)) {
$this->addError('currentPassword', 'Please enter your current password !');
}
} else {
$this->addError('currentPassword', 'Sorry, could not process your password modification request at this time !');
}
} else {
$this->addError('currentPassword', 'Sorry, could not process your password modification request at this time !');
}
}
public function actionForgotPassword()
{
if (!Yii::app()->user->isGuest) {
$this->redirect('/home');
}
$model = new ForgotPasswordForm();
if (isset($_POST) && isset($_POST['ForgotPasswordForm'])) {
$model->attributes = $_POST['ForgotPasswordForm'];
if ($model->validate()) {
// Generate Password here and redirect
$tempPass = SecurityUtils::generateRandomString(8);
$user = UserCredentials::model()->find('email_id=:email', array(':email' => $model->email));
if ($user) {
$user->salt = SecurityUtils::generateSalt($user->email_id);
$user->password = SecurityUtils::encryptPassword($tempPass, $user->salt);
if ($user->save()) {
$data['temp_password'] = $tempPass;
$data['user'] = $user->id;
EmailApi::sendEmail($model->email, "ACCOUNT.RESET.PASSWORD", $data);
Yii::app()->user->setFlash('success', "We have sent you a new password to your email.\n\t\t\t\t\t\t<br/> Please add " . Yii::app()->params['adminEmail'] . " to your whitelist.");
$this->redirect('/home');
}
}
}
}
$this->render('forgotPassword', array('model' => $model));
}
public static function createUser($credential, $profile, $role = "Member")
{
$password = $credential->password;
$credential->salt = SecurityUtils::generateSalt($credential->email_id);
$credential->activation_code = SecurityUtils::generateRandomString(10);
$credential->registered_ip = SecurityUtils::getRealIp();
$credential->password = SecurityUtils::encryptPassword($credential->password, $credential->salt);
$credential->password_confirm = $credential->password;
if ($credential->save()) {
$profile->user_id = $credential->id;
if ($profile->save()) {
$assignment = new Assignments();
$assignment->itemname = $role;
$assignment->userid = $credential->id;
$assignment->data = 's:0:"";';
$assignment->save();
return array('credential' => $credential, 'profile' => $profile);
} else {
$credential->delete();
$credential->setIsNewRecord(true);
return false;
}
} else {
$credential->password = $password;
$credential->password_confirm = $password;
return false;
}
}
