PasswordService_8php_source.html

 <?php

 namespace Elgg;

 final class PasswordService {

     public function __construct() {
         if (!function_exists('password_hash')) {
             throw new \RuntimeException("password_hash and associated functions are required.");
         }
     }

     public function needsRehash($hash) {
         return password_needs_rehash($hash, PASSWORD_DEFAULT);
     }

     public function verify($password, $hash) {
         return password_verify($password, $hash);
     }

     public function generateHash($password) {
         return password_hash($password, PASSWORD_DEFAULT);
     }

     public function sendNewPasswordRequest($user_guid) {
         $user_guid = (int) $user_guid;

         $user = _elgg_services()->entityTable->get($user_guid);
         if (!$user instanceof \ElggUser) {
             return false;
         }

         // generate code
         $code = generate_random_cleartext_password();
         $user->setPrivateSetting('passwd_conf_code', $code);
         $user->setPrivateSetting('passwd_conf_time', time());

         // generate link
         $link = elgg_generate_url('account:password:change', [
             'u' => $user_guid,
             'c' => $code,
         ]);
         $link = _elgg_services()->urlSigner->sign($link, '+1 day');

         // generate email
         $ip_address = _elgg_services()->request->getClientIp();
         $message = _elgg_services()->translator->translate('email:changereq:body', [
             $user->name,
             $ip_address,
             $link,
         ], $user->language);
         $subject = _elgg_services()->translator->translate('email:changereq:subject', [], $user->language);

         $params = [
             'action' => 'requestnewpassword',
             'object' => $user,
             'ip_address' => $ip_address,
             'link' => $link,
         ];

         return notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
     }

     public function forcePasswordReset($user, $password) {
         if (!$user instanceof \ElggUser) {
             $user = _elgg_services()->entityTable->get($user, 'user');
             if (!$user instanceof \ElggUser) {
                 return false;
             }
         }

         $user->setPassword($password);

         $ia = _elgg_services()->session->setIgnoreAccess(true);
         $result = (bool) $user->save();
         _elgg_services()->session->setIgnoreAccess($ia);

         return $result;
     }

     public function executeNewPasswordReset($user_guid, $conf_code, $password = null) {
         $user_guid = (int) $user_guid;
         $user = get_entity($user_guid);

         if ($password === null) {
             $password = generate_random_cleartext_password();
             $reset = true;
         } else {
             $reset = false;
         }

         if (!$user instanceof \ElggUser) {
             return false;
         }

         $saved_code = $user->getPrivateSetting('passwd_conf_code');
         $code_time = (int) $user->getPrivateSetting('passwd_conf_time');
         $codes_match = _elgg_services()->crypto->areEqual($saved_code, $conf_code);

         if (!$saved_code || !$codes_match) {
             return false;
         }

         // Discard for security if it is 24h old
         if (!$code_time || $code_time < time() - 24 * 60 * 60) {
             return false;
         }

         if (!$this->forcePasswordReset($user, $password)) {
             return false;
         }

         $user->removePrivateSetting('passwd_conf_code');
         $user->removePrivateSetting('passwd_conf_time');

         // clean the logins failures
         reset_login_failure_count($user_guid);

         $ns = $reset ? 'resetpassword' : 'changepassword';

         $message = _elgg_services()->translator->translate(
             "email:$ns:body", [$user->username, $password], $user->language);
         $subject = _elgg_services()->translator->translate("email:$ns:subject", [], $user->language);

         $params = [
             'action' => $ns,
             'object' => $user,
             'password' => $password,
         ];

         notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');

         return true;
     }
 }
Elgg\PasswordService\verify
verify($password, $hash)
Verify a password against a hash using a timing attack resistant approach.
Definition: PasswordService.php:44

$params
$params
Saves global plugin settings.
Definition: save.php:13

$result
$result
Definition: set_maintenance_mode.php:11

$message
$message
Definition: set_maintenance_mode.php:7

Elgg\PasswordService\__construct
__construct()
Constructor.
Definition: PasswordService.php:17

Elgg\PasswordService
Definition: PasswordService.php:12

reset_login_failure_count
reset_login_failure_count($user_guid)
Resets the fail login count for $user_guid.
Definition: sessions.php:184

Elgg\PasswordService\executeNewPasswordReset
executeNewPasswordReset($user_guid, $conf_code, $password=null)
Validate and change password for a user.
Definition: PasswordService.php:142

notify_user
notify_user($to, $from=0, $subject= '', $message= '', array $params=[], $methods_override=null)
Notify a user via their preferences.
Definition: notification.php:507

$link
if(!$item instanceof ElggEntity) $link
Definition: container.php:16

$code
$code
Definition: changepassword.php:9

$user_guid
$user_guid
Validate a user.
Definition: validate.php:6

Elgg
Configuration exception.

$password
if(!$user||!$user->canEdit()) $password
Definition: resetpassword.php:21

elgg_generate_url
elgg_generate_url($name, array $parameters=[])
Generate a URL for named route.
Definition: pagehandler.php:58

$user
$user
Definition: ban.php:7

Elgg\PasswordService\needsRehash
needsRehash($hash)
Determine if the password hash needs to be rehashed.
Definition: PasswordService.php:32

elgg_get_site_entity
elgg_get_site_entity()
Get the current site entity.
Definition: entities.php:130

generate_random_cleartext_password
generate_random_cleartext_password()
Generate a random 12 character clear text password.
Definition: users.php:146

_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:1292

ElggUser

$subject
$subject
Definition: useradd.php:59

Elgg\PasswordService\generateHash
generateHash($password)
Hash a password for storage using password_hash()
Definition: PasswordService.php:55

Elgg\PasswordService\forcePasswordReset
forcePasswordReset($user, $password)
Set a user&#39;s new password and save the entity.
Definition: PasswordService.php:116

Elgg\PasswordService\sendNewPasswordRequest
sendNewPasswordRequest($user_guid)
Generate and send a password request email to a given user&#39;s registered email address.
Definition: PasswordService.php:67

get_entity
get_entity($guid)
Loads and returns an entity object from a guid.
Definition: entities.php:87