Add time-out to password resets; prevent repeated mails #50

Open
Aaron wants to merge 7 commits from password-reset into master
Showing only changes of commit 3de4e9391c - Show all commits

View File

@ -29,31 +29,24 @@ class Authentication
} }
/** /**
* Finds the user id belonging to a certain emailaddress. * Checks a password for a given username against the database.
*/ */
public static function getUserId($emailaddress) public static function checkPassword($emailaddress, $password)
{ {
$res = Registry::get('db')->queryValue(' // Retrieve password hash for user matching the provided emailaddress.
SELECT id_user $password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users FROM users
WHERE emailaddress = {string:emailaddress}', WHERE emailaddress = {string:emailaddress}',
[ [
'emailaddress' => $emailaddress, 'emailaddress' => $emailaddress,
]); ]);
return empty($res) ? false : $res; // If there's no hash, the user likely does not exist.
} if (!$password_hash)
return false;
public static function setResetKey($id_user) return password_verify($password, $password_hash);
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
} }
public static function checkResetKey($id_user, $reset_key) public static function checkResetKey($id_user, $reset_key)
@ -69,6 +62,33 @@ class Authentication
return $key == $reset_key; return $key == $reset_key;
} }
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**
* Finds the user id belonging to a certain emailaddress.
*/
public static function getUserId($emailaddress)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
return empty($res) ? false : $res;
}
/** /**
* Verifies whether the user is currently logged in. * Verifies whether the user is currently logged in.
*/ */
@ -99,36 +119,16 @@ class Authentication
return $string; return $string;
} }
/** public static function setResetKey($id_user)
* Checks a password for a given username against the database.
*/
public static function checkPassword($emailaddress, $password)
{ {
// Retrieve password hash for user matching the provided emailaddress. return Registry::get('db')->query('
$password_hash = Registry::get('db')->queryValue(' UPDATE users
SELECT password_hash SET reset_key = {string:key}
FROM users WHERE id_user = {int:id}',
WHERE emailaddress = {string:emailaddress}',
[ [
'emailaddress' => $emailaddress, 'id' => $id_user,
'key' => self::newActivationKey(),
]); ]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return password_verify($password, $password_hash);
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
} }
/** /**