/** * Function to be run before every test*() functions. */ public function setUp() { BasicPasswordManagement::$hashAlgo = "haval256,5"; //choose salting algo. User::newUserObject("rash", 'testing', "*****@*****.**"); //create a user. User::activateAccount("rash"); //activate the user account $this->user = User::existingUserObject("rash", "testing"); //get the user object $this->obj = new AdvancedPasswordManagement($this->user->getUserID(), 'testing'); //create object to AdvancedPasswordManagement class. }
/** * Function to be run before every test*() functions. */ public function setUp() { BasicPasswordManagement::$hashAlgo = "haval256,5"; //choose a hashing algo. User::newUserObject("rash", 'testing', "*****@*****.**"); //create a new user. User::activateAccount("rash"); //activate the user account $this->obj = User::existingUserObject("rash", "testing"); //get the user object $this->xobj = new XUser($this->obj); //get the XUser object }
/** * Constructor for the AdvancedPasswordManagement Class. * @param String $userID //The ID of the user. * @param String $pass //The password of the user. * @param boolean $bruteLock //True enables brute force detection. False disables this functionality * @throws BruteForceAttackDetectedException Will be thrown if brute-force attack is detected * @throws WrongPasswordException Will be thrown if the given password does not matches the old password stored in the DB */ public function __construct($userID, $pass, $bruteLock = false) { try { $this->userID = $userID; User::existingUserObject($userID, $pass); //try to get the object of the user } catch (\phpsec\WrongPasswordException $e) { if ($bruteLock == true) { if ($this->isBruteForce($userID)) { //If brute-force detected, throw the exception throw new BruteForceAttackDetectedException($e->getMessage() . "\nWARNING: Brute Force Attack Detected. We Recommend you use captcha."); } } else { //If brute-force is disabled, then just throw the exception throw $e; } } if (!AdvancedPasswordManagement::checkIfUserExists($userID)) { //If this user's record is NOT present in the PASSWORD table, then insert the new record for this user SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(10), 1, 0, $userID)); } }
/** * Function to be run before every test*() functions. */ public function setUp() { time("RESET"); //Create users. User::newUserObject("abcd", "resting", "*****@*****.**"); User::activateAccount("abcd"); $this->user[0] = User::existingUserObject("abcd", "resting"); //Create users. User::newUserObject("efgh", "resting", "*****@*****.**"); User::activateAccount("efgh"); $this->user[1] = User::existingUserObject("efgh", "resting"); //create new sessions associated with each user. $this->session[0] = new Session(); $this->session[1] = new Session(); $this->session[2] = new Session(); $this->session[0]->newSession($this->user[0]->getUserID()); //session for user 0. $this->session[1]->newSession($this->user[0]->getUserID()); //session for user 0. $this->session[2]->newSession($this->user[1]->getUserID()); //session for user 1. }
/** * Function for user to log-in. * @param string $userID The user ID that wants to log in * @param string $password Password to login * @return \phpsec\User Returns the user object * @throws UserNotExistsException Will be thrown if no user is found with the given ID * @throws WrongPasswordException Will be thrown if the given password does not matches the old password stored in the DB */ public static function logIn($userID, $password) { return User::existingUserObject($userID, $password); //If any user credential is wrong, exception will be thrown. }
/** * Function to test accessibility if the account is inactive/active. */ public function testInactive() { User::newUserObject("phpsec", "owasp", "*****@*****.**"); //create a new user try { $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is not activated. Hence an exception will be thrown } catch (UserAccountInactive $e) { $this->assertTrue(TRUE); //since exception is thrown, the test succeded. User::activateAccount("phpsec"); //activate the account $testUser = User::existingUserObject("phpsec", "owasp"); //note that the account is now active. Hence the object will be created successfully. $this->assertTrue($testUser->getUserID() == "phpsec"); $this->assertTrue(!User::isInactive("phpsec")); $testUser->deleteUser(); } }