Add time-out to password resets; prevent repeated mails #50
@ -29,31 +29,24 @@ class Authentication
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds the user id belonging to a certain emailaddress.
|
* Checks a password for a given username against the database.
|
||||||
*/
|
*/
|
||||||
public static function getUserId($emailaddress)
|
public static function checkPassword($emailaddress, $password)
|
||||||
{
|
{
|
||||||
$res = Registry::get('db')->queryValue('
|
// Retrieve password hash for user matching the provided emailaddress.
|
||||||
SELECT id_user
|
$password_hash = Registry::get('db')->queryValue('
|
||||||
|
SELECT password_hash
|
||||||
FROM users
|
FROM users
|
||||||
WHERE emailaddress = {string:emailaddress}',
|
WHERE emailaddress = {string:emailaddress}',
|
||||||
[
|
[
|
||||||
'emailaddress' => $emailaddress,
|
'emailaddress' => $emailaddress,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
return empty($res) ? false : $res;
|
// If there's no hash, the user likely does not exist.
|
||||||
}
|
if (!$password_hash)
|
||||||
|
return false;
|
||||||
|
|
||||||
public static function setResetKey($id_user)
|
return password_verify($password, $password_hash);
|
||||||
{
|
|
||||||
return Registry::get('db')->query('
|
|
||||||
UPDATE users
|
|
||||||
SET reset_key = {string:key}
|
|
||||||
WHERE id_user = {int:id}',
|
|
||||||
[
|
|
||||||
'id' => $id_user,
|
|
||||||
'key' => self::newActivationKey(),
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function checkResetKey($id_user, $reset_key)
|
public static function checkResetKey($id_user, $reset_key)
|
||||||
@ -69,6 +62,33 @@ class Authentication
|
|||||||
return $key == $reset_key;
|
return $key == $reset_key;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Computes a password hash.
|
||||||
|
*/
|
||||||
|
public static function computeHash($password)
|
||||||
|
{
|
||||||
|
$hash = password_hash($password, PASSWORD_DEFAULT);
|
||||||
|
if (!$hash)
|
||||||
|
throw new Exception('Hash creation failed!');
|
||||||
|
return $hash;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Finds the user id belonging to a certain emailaddress.
|
||||||
|
*/
|
||||||
|
public static function getUserId($emailaddress)
|
||||||
|
{
|
||||||
|
$res = Registry::get('db')->queryValue('
|
||||||
|
SELECT id_user
|
||||||
|
FROM users
|
||||||
|
WHERE emailaddress = {string:emailaddress}',
|
||||||
|
[
|
||||||
|
'emailaddress' => $emailaddress,
|
||||||
|
]);
|
||||||
|
|
||||||
|
return empty($res) ? false : $res;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verifies whether the user is currently logged in.
|
* Verifies whether the user is currently logged in.
|
||||||
*/
|
*/
|
||||||
@ -99,36 +119,16 @@ class Authentication
|
|||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
public static function setResetKey($id_user)
|
||||||
* Checks a password for a given username against the database.
|
|
||||||
*/
|
|
||||||
public static function checkPassword($emailaddress, $password)
|
|
||||||
{
|
{
|
||||||
// Retrieve password hash for user matching the provided emailaddress.
|
return Registry::get('db')->query('
|
||||||
$password_hash = Registry::get('db')->queryValue('
|
UPDATE users
|
||||||
SELECT password_hash
|
SET reset_key = {string:key}
|
||||||
FROM users
|
WHERE id_user = {int:id}',
|
||||||
WHERE emailaddress = {string:emailaddress}',
|
|
||||||
[
|
[
|
||||||
'emailaddress' => $emailaddress,
|
'id' => $id_user,
|
||||||
|
'key' => self::newActivationKey(),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
// If there's no hash, the user likely does not exist.
|
|
||||||
if (!$password_hash)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
return password_verify($password, $password_hash);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Computes a password hash.
|
|
||||||
*/
|
|
||||||
public static function computeHash($password)
|
|
||||||
{
|
|
||||||
$hash = password_hash($password, PASSWORD_DEFAULT);
|
|
||||||
if (!$hash)
|
|
||||||
throw new Exception('Hash creation failed!');
|
|
||||||
return $hash;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user