/** * @see Form::validate() */ public function validate() { ACPForm::validate(); if (empty($this->masterPassword)) { throw new UserInputException('masterPassword'); } // check password security if (StringUtil::length($this->masterPassword) < 8) { throw new UserInputException('masterPassword', 'notSecure'); } // digits if (!preg_match('![0-9]+!', $this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (lower-case) if (!preg_match('![a-z]+!', $this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (upper-case) if (!preg_match('![A-Z]+!', $this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // special characters if (!preg_match('![^A-Za-z0-9]+!', $this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // search for identical admin passwords $sql = "SELECT\tpassword, salt\n\t\t\tFROM\twcf" . WCF_N . "_user\n\t\t\tWHERE\tuserID IN (\n\t\t\t\t\tSELECT\tuserID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_user_to_groups\n\t\t\t\t\tWHERE\tgroupID = 4\n\t\t\t\t)"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (StringUtil::getDoubleSaltedHash($this->masterPassword, $row['salt']) == $row['password']) { throw new UserInputException('masterPassword', 'notSecure'); } } // confirm master password if (empty($this->confirmMasterPassword)) { throw new UserInputException('confirmMasterPassword'); } if ($this->confirmMasterPassword != $this->masterPassword) { throw new UserInputException('confirmMasterPassword', 'notEqual'); } }
/** * Validates the key. * * @param string key * @param string salt * @param mixed value * @param mixed value2 * ... */ protected function validate($key, $salt, $value1, $value2 = null, $value3 = null, $value4 = null, $value5 = null) { $values = array(); if ($value1 === null) { $this->send('no values given to validate', 104); } $values[] = $value1; if ($value2 !== null) { $values[] = $value2; } if ($value3 !== null) { $values[] = $value3; } if ($value4 !== null) { $values[] = $value4; } if ($value5 !== null) { $values[] = $value5; } $i = 0; do { $string .= $values[$i]; $i++; } while ($values[$i] !== null); if ($key !== StringUtil::getDoubleSaltedHash($string, $salt)) { $this->send('key not correct', 101); } }
/** * Updates the static data of this user. * * @param string $username * @param string $email * @param string $password * @param array $additionalFields */ protected function updateUser($username = '', $email = '', $password = '', $additionalFields = array()) { // create new salt if (!empty($password)) { $salt = StringUtil::getRandomID(); $password = StringUtil::getDoubleSaltedHash($password, $salt); } $updateSQL = ''; if (!empty($username)) { $updateSQL = "username = '******'"; $this->username = $username; } if (!empty($email)) { if (!empty($updateSQL)) { $updateSQL .= ','; } $updateSQL .= "email = '" . escapeString($email) . "'"; $this->email = $email; } if (!empty($password)) { if (!empty($updateSQL)) { $updateSQL .= ','; } $updateSQL .= "password = '******', salt = '" . $salt . "'"; $this->password = $password; $this->salt = $salt; } foreach ($additionalFields as $key => $value) { if (!empty($updateSQL)) { $updateSQL .= ','; } $updateSQL .= $key . '=' . (is_int($value) ? $value : "'" . escapeString($value) . "'"); } if (!empty($updateSQL)) { // save user $sql = "UPDATE\twcf" . WCF_N . "_user\n\t\t\t\tSET\t" . $updateSQL . "\n\t\t\t\tWHERE \tuserID = " . $this->userID; WCF::getDB()->sendQuery($sql); } $this->resetSession(); }
/** * Validates the key. * * @param array data */ private function validateKey($data) { $string = $this->sendTime . str_rot13($this->action); if (StringUtil::$this->key !== StringUtil::getDoubleSaltedHash($string, $this->salt)) { $this->send('key validation failed with string: "' . $string . '"', 220); return false; } return true; }
/** * Returns true, if the given password is the correct password for this user. * * @param string $password * @return boolean password correct */ public function checkPassword($password) { return $this->password == StringUtil::getDoubleSaltedHash($password, $this->salt); }