本文整理汇总了PHP中UserUtil::passwordsMatch方法的典型用法代码示例。如果您正苦于以下问题:PHP UserUtil::passwordsMatch方法的具体用法?PHP UserUtil::passwordsMatch怎么用?PHP UserUtil::passwordsMatch使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类UserUtil
的用法示例。
在下文中一共展示了UserUtil::passwordsMatch方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: checkPassword
//.........这里部分代码省略.........
$uid = ModUtil::apiFunc($this->name, 'Authentication', 'getUidForAuthenticationInfo', $getUidArgs, 'Zikula_Api_AbstractAuthentication');
if ($uid) {
if (!isset($authenticationInfo['pass']) || !is_string($authenticationInfo['pass'])
|| empty($authenticationInfo['pass'])) {
// The user did not specify a password, or the one specified is invalid.
throw new Zikula_Exception_Fatal($this->__('Error! A password must be provided.'));
}
// For a custom authenticationModule, we'd map the authenticationInfo to a uid above, and then execute the custom
// authentication process here. On success the uid would be returned, otherwise false is returned. Note that
// any "log in" into the Zikula site is not done here. This is simply verification that the authenticationInfo,
// including the password, is valid as a unit.
$userObj = UserUtil::getVars($uid, true);
if (!$userObj) {
// Must be a registration. Acting as an authenticationModule, we should not care at this point about the user's
// account status. We will deal with the account status in a moment.
$userObj = UserUtil::getVars($uid, true, '', true);
if (!$userObj) {
// Neither an account nor a pending registration request. This should really not happen since we have a uid.
throw new Zikula_Exception_Fatal($this->__f('A user id was located, but the user account record could not be retrieved in a call to %1$s.', array(__METHOD__)));
}
}
// Check for an empty password, or the special marker indicating that the account record does not
// authenticate with a uname/password (or email/password, depending on the 'loginviaoption' setting) from
// the Users module. An empty password can be created when an administrator creates a user registration
// record pending e-mail verification and does not set a password for the user (the user will set it
// upon verifying his email address). The special marker indicating that the account does not authenticate
// with the Users module is used when a user registers a new account with the system using an authentication
// method other than uname/pass or email/pass. In both cases, authentication automatically fails.
if (!empty($userObj['pass']) && ($userObj['pass'] != Users_Constant::PWD_NO_USERS_AUTHENTICATION)) {
// The following check for non-salted passwords and the old 'hash_method' field is to allow the admin to log in
// during an upgrade from 1.2.
// *** IMPORTANT ***
// This needs to be kept for any version that allows an upgrade from Zikula 1.2.X.
$methodSaltDelimPosition = strpos($userObj['pass'], Users_Constant::SALT_DELIM);
$saltPassDelimPosition = ($methodSaltDelimPosition === false) ? false : strpos($userObj['pass'], Users_Constant::SALT_DELIM, ($methodSaltDelimPosition + 1));
if ($saltPassDelimPosition === false) {
// Old style unsalted password with hash_method in separate field
// If this release version of Zikula Users Module allows upgrade from 1.2.X, then this part must be
// kept. If this release version of Zikula Users Module DOES NOT support upgrade from 1.2.X then this
// is the part that can go away.
if (!isset($userObj['hash_method'])) {
// Something is horribly wrong. The password on the user account record does not look like the
// new style of hashing, and yet the old-style hash method field is nowhere to be found.
throw new Zikula_Exception_Fatal($this->__('Invalid account password state.'));
}
$currentPasswordHashed = $userObj['hash_method'] . '$$' . $userObj['pass'];
} else {
// New style salted password including hash method code.
// If this release version of Zikula Users module does not allow upgrade from 1.2.X, then this
// is the part to keep.
$currentPasswordHashed = $userObj['pass'];
}
// *** IMPORTANT ***
// End of old-style versus new-style hashing handling. When the possiblity to upgrade from 1.2.X is
// removed from the released version of Zikula Users Module, then delete this section, and replace
// $currentPasswordHashed with $userObj['pass'] in the call to passwordsMatch below.
if (UserUtil::passwordsMatch($authenticationInfo['pass'], $currentPasswordHashed)) {
// Password in $authenticationInfo['pass'] is good at this point.
// *** IMPORTANT ***
// Again, this section is for converting old-style hashing to new-style hashing. Same as noted
// above applies to this section.
// See if we need to convert the password hashing to the new configuration.
if (version_compare($this->modinfo['version'], '2.0.0') >= 0) {
// Check stored hash matches the current system type, if not convert it--but only if the module version is sufficient.
// Note: this is purely specific to the Users module authentication. A custom module might do something similar if it
// changed the way it stored some piece of data between versions, but in general this would be uncommon.
list($currentPasswordHashCode, $currentPasswordSaltStr, $currentPasswordHashStr) = explode(Users_Constant::SALT_DELIM, $currentPasswordHashed);
$systemHashMethodCode = UserUtil::getPasswordHashMethodCode($this->getVar('hash_method', 'sha256'));
if (($systemHashMethodCode != $currentPasswordHashCode) || empty($currentPasswordSaltStr)) {
if (!UserUtil::setPassword($authenticationInfo['pass'], $uid)) {
LogUtil::log($this->__('Internal Error! Unable to update the user\'s password with the new hashing method and/or salt.'), 'CORE');
}
}
}
// *** IMPORTANT ***
// End of old-style to new-style hasing conversion.
// The password is good, so the password is authenticated.
$passwordAuthenticates = true;
}
}
}
if (!$passwordAuthenticates && !$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) {
if ($authenticationMethod['method'] == 'email') {
$this->registerError($this->__('Sorry! The e-mail address or password you entered was incorrect.'));
} else {
$this->registerError($this->__('Sorry! The user name or password you entered was incorrect.'));
}
}
return $passwordAuthenticates;
}
示例2: checkConfirmationCode
/**
* Check a lost password confirmation code.
*
* Parameters passed in the $args array:
* -------------------------------------
* string $args['idfield'] Either 'uname' or 'email'.
* string $args['id'] The user's user name or e-mail address, depending on the value of idfield.
* string $args['code'] The confirmation code.
*
* @param array $args All parameters passed to this function.
*
* @return bool True if the new password was sent; otherwise false.
*/
public function checkConfirmationCode($args)
{
$codeIsGood = false;
if (!isset($args['id']) || empty($args['id']) || !isset($args['idfield']) || empty($args['idfield']) || !isset($args['code'])
|| empty($args['code']) || (($args['idfield'] != 'uname') && ($args['idfield'] != 'email'))) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$user = UserUtil::getVars($args['id'], true, $args['idfield']);
if (!$user) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
} else {
// delete all the records for password reset confirmation that have expired
$tables = DBUtil::getTables();
$verifychgColumn = $tables['users_verifychg_column'];
$chgPassExpireDays = $this->getVar(Users_Constant::MODVAR_EXPIRE_DAYS_CHANGE_PASSWORD, Users_Constant::DEFAULT_EXPIRE_DAYS_CHANGE_PASSWORD);
if ($chgPassExpireDays > 0) {
$staleRecordUTC = new DateTime(null, new DateTimeZone('UTC'));
$staleRecordUTC->modify("-{$chgPassExpireDays} days");
$staleRecordUTCStr = $staleRecordUTC->format(Users_Constant::DATETIME_FORMAT);
$where = "({$verifychgColumn['created_dt']} < '{$staleRecordUTCStr}') AND ({$verifychgColumn['changetype']} = " . Users_Constant::VERIFYCHGTYPE_PWD . ")";
DBUtil::deleteWhere ('users_verifychg', $where);
}
$verifychgObj = DBUtil::selectObject('users_verifychg',
"({$verifychgColumn['uid']} = {$user['uid']}) AND ({$verifychgColumn['changetype']} = " . Users_Constant::VERIFYCHGTYPE_PWD . ")");
if ($verifychgObj) {
$codeIsGood = UserUtil::passwordsMatch($args['code'], $verifychgObj['verifycode']);
} else {
$this->registerError('Sorry! Could not retrieve a confirmation code for that account.');
}
}
return $codeIsGood;
}
示例3: confirmChEmail
/**
* Confirm the update of the email address.
*
* Available Get Parameters:
* - confirmcode (string) The confirmation code.
*
* Parameters passed via the $args array:
* --------------------------------------
* string $args['confirmcode'] Default value for the 'confirmcode' get parameter. Allows this function to be called internally.
*
* Parameters passed via GET:
* --------------------------
* string confirmcode The confirmation code for verifying the change of e-mail address.
*
* Parameters passed via POST:
* ---------------------------
* None.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @param array $args All parameters passed to this function.
*
* @return bool True on success, otherwise false.
*/
public function confirmChEmail($args)
{
$confirmcode = $this->request->query->get('confirmcode', isset($args['confirmcode']) ? $args['confirmcode'] : null);
if (!UserUtil::isLoggedIn()) {
$this->registerError($this->__('Please log into your account in order to confirm your change of e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'login', array('returnpage' => urlencode(ModUtil::url($this->name, 'user', 'confirmChEmail', array('confirmcode' => $confirmcode))))));
}
// get user new email that is waiting for confirmation
$preemail = ModUtil::apiFunc($this->name, 'user', 'getUserPreEmail');
$validCode = UserUtil::passwordsMatch($confirmcode, $preemail['verifycode']);
if (!$preemail || !$validCode) {
$this->registerError($this->__('Error! Your e-mail has not been found. After your request you have five days to confirm the new e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'main'));
}
// user and confirmation code are correct. set the new email
UserUtil::setVar('email', $preemail['newemail']);
// the preemail record is deleted
ModUtil::apiFunc($this->name, 'user', 'resetVerifyChgFor', array(
'uid' => $preemail['uid'],
'changetype'=> Users_Constant::VERIFYCHGTYPE_EMAIL,
));
$this->registerStatus($this->__('Done! Changed your e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'main'));
}