public function authenticate($gid, $data)
 {
     assert(isset($data['password']));
     $password = $data['password'];
     $hash = $this->storage->fetch($gid);
     if ($hash === null) {
         throw new AuthenticationException('No authentication found for user');
     }
     return $this->hashFunction->checkPasswordHash($password, $hash, $this->hmacKey);
 }
示例#2
0
 /**
  * Starts the session.
  *
  * This method reads the session ID from the session cookie and stores it into the session
  * variable.
  *
  * Additionally this method also loads all session data from the encrypted session storage.
  *
  * @throws SIDConflictException when a generated session ID (SID) already exists
  */
 private function start()
 {
     $requiresNewSession = false;
     // Try to get user cookie
     $cookie = $this->userCookieTransceiver->receive($this->cookieName);
     // If this fails, try to get a guest cookie
     $guest = false;
     if ($cookie === null) {
         $cookie = $this->guestCookieTransceiver->receive($this->cookieName);
         if ($cookie !== null) {
             $guest = true;
         }
     }
     // If cookie was not found, we need a new session
     if ($cookie === null) {
         $requiresNewSession = true;
     } else {
         // Get the SID
         $sid = $cookie->getData();
         // Check if SID is invalid
         if (!$this->isValidSID($sid)) {
             $requiresNewSession = true;
         } else {
             // Check if session duration has expired
             $now = time();
             $date = $this->storage->getDate($sid);
             if ($date !== null && $date < $now - $this->duration) {
                 $this->storage->delete($sid);
                 $requiresNewSession = true;
             }
             // If guest remove GID from session
             if ($guest) {
                 $data = $this->storage->fetch($sid);
                 if ($data !== null && isset($data['GID'])) {
                     unset($data['GID']);
                     $this->storage->store($sid, $data, true);
                 }
             }
         }
     }
     // Send new guest cookie
     if ($requiresNewSession) {
         $sid = $this->createSID();
         $cookie = new Cookie($this->cookieName, 0, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, true);
         $cookie->setData($sid);
         $this->guestCookieTransceiver->send($cookie);
         if ($this->storage->exists($sid)) {
             throw new SIDConflictException("Session conflict for SID {$sid}");
         }
         $this->storage->delete($sid);
     }
     // Store ID
     $this->sid = $sid;
     // Stores that the session was started
     $this->sessionStarted = true;
     // Run the garbage collector
     $dice = Math::getRandomFloat(0.0, 1.0);
     if (Math::getRandomFloat(0.0, 1.0) <= $this->garbageCollectorProbability) {
         $this->storage->deleteOld($this->duration);
     }
 }