Public/pics
2
2
Fork 2
Code Issues 6 Pull Requests 2 Releases Wiki Activity

Add time-out to password resets; prevent repeated mails #50

Open
Aaron wants to merge 7 commits from password-reset into master
pull from: password-reset
merge into: Public:master
Conversation 0 Commits 7 Files Changed 7 +43 -43
1 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3de4e9391c - Show all commits

86
models/Authentication.php
View File

@ -29,31 +29,24 @@ class Authentication
}
/**
* Finds the user id belonging to a certain emailaddress.
* Checks a password for a given username against the database.
*/
public static function getUserId($emailaddress)
public static function checkPassword($emailaddress, $password)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
return empty($res) ? false : $res;
}
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
return password_verify($password, $password_hash);
}
public static function checkResetKey($id_user, $reset_key)
@ -69,6 +62,33 @@ class Authentication
return $key == $reset_key;
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**
* Finds the user id belonging to a certain emailaddress.
*/
public static function getUserId($emailaddress)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
return empty($res) ? false : $res;
}
/**
* Verifies whether the user is currently logged in.
*/
@ -99,36 +119,16 @@ class Authentication
return $string;
}
/**
* Checks a password for a given username against the database.
*/
public static function checkPassword($emailaddress, $password)
public static function setResetKey($id_user)
{
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'emailaddress' => $emailaddress,
'id' => $id_user,
'key' => self::newActivationKey(),
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return password_verify($password, $password_hash);
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**