PasswordService_8php_source.html

 <?php

 namespace Elgg;


 final class PasswordService {


     public function __construct() {

         if (!function_exists('password_hash')) {

             throw new \RuntimeException("password_hash and associated functions are required.");

         }

     }


     function needsRehash($hash) {

         return password_needs_rehash($hash, PASSWORD_DEFAULT);

     }


     function verify($password, $hash) {

         return password_verify($password, $hash);

     }


     function generateHash($password) {

         return password_hash($password, PASSWORD_DEFAULT);

     }


     function generateLegacyHash(\ElggUser $user, $password) {

         return md5($password . $user->salt);

     }


     function sendNewPasswordRequest($user_guid) {

         $user_guid = (int)$user_guid;


         $user = _elgg_services()->entityTable->get($user_guid);

         if (!$user instanceof \ElggUser) {

             return false;

         }


         // generate code

         $code = generate_random_cleartext_password();

         $user->setPrivateSetting('passwd_conf_code', $code);

         $user->setPrivateSetting('passwd_conf_time', time());


         // generate link

         $link = _elgg_services()->config->getSiteUrl() . "changepassword?u=$user_guid&c=$code";


         // generate email

         $ip_address = _elgg_services()->request->getClientIp();

         $message = _elgg_services()->translator->translate(

             'email:changereq:body', array($user->name, $ip_address, $link), $user->language);

         $subject = _elgg_services()->translator->translate(

             'email:changereq:subject', array(), $user->language);


         return notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, array(), 'email');

     }


     function forcePasswordReset($user, $password) {

         if (!$user instanceof \ElggUser) {

             $user = _elgg_services()->entityTable->get($user, 'user');

             if (!$user) {

                 return false;

             }

         }


         $user->setPassword($password);


         $ia = elgg_set_ignore_access(true);

         $result = (bool)$user->save();

         elgg_set_ignore_access($ia);


         return $result;

     }


     function executeNewPasswordReset($user_guid, $conf_code, $password = null) {

         $user_guid = (int)$user_guid;

         $user = get_entity($user_guid);


         if ($password === null) {

             $password = generate_random_cleartext_password();

             $reset = true;

         } else {

             $reset = false;

         }


         if (!$user instanceof \ElggUser) {

             return false;

         }


         $saved_code = $user->getPrivateSetting('passwd_conf_code');

         $code_time = (int) $user->getPrivateSetting('passwd_conf_time');

         $codes_match = _elgg_services()->crypto->areEqual($saved_code, $conf_code);


         if (!$saved_code || !$codes_match) {

             return false;

         }


         // Discard for security if it is 24h old

         if (!$code_time || $code_time < time() - 24 * 60 * 60) {

             return false;

         }


         if (!$this->forcePasswordReset($user, $password)) {

             return false;

         }


         remove_private_setting($user_guid, 'passwd_conf_code');

         remove_private_setting($user_guid, 'passwd_conf_time');

         // clean the logins failures

         reset_login_failure_count($user_guid);


         $ns = $reset ? 'resetpassword' : 'changepassword';


         $message = _elgg_services()->translator->translate(

             "email:$ns:body", array($user->username, $password), $user->language);

         $subject = _elgg_services()->translator->translate("email:$ns:subject", array(), $user->language);


         notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, array(), 'email');


         return true;

     }

 }

Elgg\PasswordService\verify
verify($password, $hash)
Verify a password against a hash using a timing attack resistant approach.
Definition: PasswordService.php:43

elgg_get_site_entity
elgg_get_site_entity($site_guid=0)
Get an  entity (default is current site)
Definition: sites.php:18

$subject
$subject
Definition: exceptions.php:25

$result
$result
Definition: set_maintenance_mode.php:11

$message
$message
Definition: set_maintenance_mode.php:7

Elgg\PasswordService\__construct
__construct()
Constructor.
Definition: PasswordService.php:16

Elgg\PasswordService
Definition: PasswordService.php:11

reset_login_failure_count
reset_login_failure_count($user_guid)
Resets the fail login count for $user_guid.
Definition: sessions.php:232

Elgg\PasswordService\executeNewPasswordReset
executeNewPasswordReset($user_guid, $conf_code, $password=null)
Validate and change password for a user.
Definition: PasswordService.php:139

$code
$code
Definition: changepassword.php:12

remove_private_setting
remove_private_setting($entity_guid, $name)
Deletes a private setting for an entity.
Definition: private_settings.php:114

elgg_set_ignore_access
elgg_set_ignore_access($ignore=true)
Set if Elgg's access system should be ignored.
Definition: access.php:43

$user
$user
Definition: ban.php:13

Elgg\PasswordService\generateLegacyHash
generateLegacyHash(\ElggUser $user, $password)
Hash a password for storage.
Definition: PasswordService.php:66

Elgg\PasswordService\needsRehash
needsRehash($hash)
Determine if the password hash needs to be rehashed.
Definition: PasswordService.php:31

$reset
$reset
Definition: profile_fields.php:9

_elgg_services
_elgg_services(\Elgg\Di\ServiceProvider $services=null)
Get the global service provider.
Definition: autoloader.php:17

$password
$password
Definition: login.php:25

notify_user
notify_user($to, $from, $subject, $message, array $params=array(), $methods_override="")
Notify a user via their preferences.
Definition: notification.php:480

generate_random_cleartext_password
generate_random_cleartext_password()
Generate a random 12 character clear text password.
Definition: users.php:189

$user_guid
$user_guid
Avatar remove action.
Definition: remove.php:6

Elgg\PasswordService\generateHash
generateHash($password)
Hash a password for storage using password_hash()
Definition: PasswordService.php:54

Elgg\PasswordService\forcePasswordReset
forcePasswordReset($user, $password)
Set a user's new password and save the entity.
Definition: PasswordService.php:113

Elgg\PasswordService\sendNewPasswordRequest
sendNewPasswordRequest($user_guid)
Generate and send a password request email to a given user's registered email address.
Definition: PasswordService.php:77

get_entity
get_entity($guid)
Loads and returns an entity object from a guid.
Definition: entities.php:204

ElggUser
Definition: ElggUser.php:20