Elgg  Version 6.2
PasswordService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
6 
13 final class PasswordService {
14 
20  public function __construct() {
21  if (!function_exists('password_hash')) {
22  throw new RuntimeException('password_hash and associated functions are required.');
23  }
24  }
25 
35  public function needsRehash(string $hash): bool {
36  return password_needs_rehash($hash, PASSWORD_DEFAULT);
37  }
38 
47  public function verify(string $password, string $hash): bool {
48  return password_verify($password, $hash);
49  }
50 
58  public function generateHash(string $password) {
59  return password_hash($password, PASSWORD_DEFAULT);
60  }
61 
69  public function requestNewPassword(\ElggUser $user): void {
70  // generate code
72  $user->passwd_conf_code = $code;
73  $user->passwd_conf_time = time();
74 
75  // generate link
76  $link = elgg_generate_url('account:password:change', [
77  'u' => $user->guid,
78  'c' => $code,
79  ]);
80  $link = _elgg_services()->urlSigner->sign($link, '+1 day');
81 
82  // generate email
83  $ip_address = _elgg_services()->request->getClientIp();
84  $message = _elgg_services()->translator->translate('email:changereq:body', [
85  $ip_address,
86  $link,
87  ], $user->getLanguage());
88 
89  $subject = _elgg_services()->translator->translate('email:changereq:subject', [], $user->getLanguage());
90 
91  $params = [
92  'action' => 'requestnewpassword',
93  'object' => $user,
94  'ip_address' => $ip_address,
95  'link' => $link,
96  'apply_muting' => false,
97  'add_mute_link' => false,
98  ];
99 
100  notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
101  }
102 
114  public function saveNewPassword(\ElggUser $user, string $conf_code, ?string $password = null): bool {
115  if ($password === null) {
117  $reset = true;
118  } else {
119  $reset = false;
120  }
121 
122  $saved_code = $user->passwd_conf_code;
123  $code_time = (int) $user->passwd_conf_time;
124  $codes_match = _elgg_services()->crypto->areEqual($saved_code, $conf_code);
125 
126  if (!$saved_code || !$codes_match) {
127  return false;
128  }
129 
130  // Discard for security if it is 24h old
131  if (!$code_time || $code_time < time() - 24 * 60 * 60) {
132  return false;
133  }
134 
135  $user->setPassword($password);
136 
137  unset($user->passwd_conf_code);
138  unset($user->passwd_conf_time);
139 
140  // reset the logins failures
142 
143  $action = $reset ? 'resetpassword' : 'changepassword';
144 
145  $message = _elgg_services()->translator->translate("email:{$action}:body", [$user->username, $password], $user->getLanguage());
146  $subject = _elgg_services()->translator->translate("email:{$action}:subject", [], $user->getLanguage());
147 
148  $params = [
149  'action' => $action,
150  'object' => $user,
151  'password' => $password,
152  'apply_muting' => false,
153  ];
154 
155  notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
156 
157  return true;
158  }
159 }
$params
Saves global plugin settings.
Definition: save.php:13
$subject
Definition: useradd.php:54
return[ 'admin/delete_admin_notices'=>['access'=> 'admin'], 'admin/menu/save'=>['access'=> 'admin'], 'admin/plugins/activate'=>['access'=> 'admin'], 'admin/plugins/activate_all'=>['access'=> 'admin'], 'admin/plugins/deactivate'=>['access'=> 'admin'], 'admin/plugins/deactivate_all'=>['access'=> 'admin'], 'admin/plugins/set_priority'=>['access'=> 'admin'], 'admin/security/security_txt'=>['access'=> 'admin'], 'admin/security/settings'=>['access'=> 'admin'], 'admin/security/regenerate_site_secret'=>['access'=> 'admin'], 'admin/site/cache/invalidate'=>['access'=> 'admin'], 'admin/site/flush_cache'=>['access'=> 'admin'], 'admin/site/icons'=>['access'=> 'admin'], 'admin/site/set_maintenance_mode'=>['access'=> 'admin'], 'admin/site/set_robots'=>['access'=> 'admin'], 'admin/site/theme'=>['access'=> 'admin'], 'admin/site/unlock_upgrade'=>['access'=> 'admin'], 'admin/site/settings'=>['access'=> 'admin'], 'admin/upgrade'=>['access'=> 'admin'], 'admin/upgrade/reset'=>['access'=> 'admin'], 'admin/user/ban'=>['access'=> 'admin'], 'admin/user/bulk/ban'=>['access'=> 'admin'], 'admin/user/bulk/delete'=>['access'=> 'admin'], 'admin/user/bulk/unban'=>['access'=> 'admin'], 'admin/user/bulk/validate'=>['access'=> 'admin'], 'admin/user/change_email'=>['access'=> 'admin'], 'admin/user/delete'=>['access'=> 'admin'], 'admin/user/login_as'=>['access'=> 'admin'], 'admin/user/logout_as'=>[], 'admin/user/makeadmin'=>['access'=> 'admin'], 'admin/user/resetpassword'=>['access'=> 'admin'], 'admin/user/removeadmin'=>['access'=> 'admin'], 'admin/user/unban'=>['access'=> 'admin'], 'admin/user/validate'=>['access'=> 'admin'], 'annotation/delete'=>[], 'avatar/upload'=>[], 'comment/save'=>[], 'diagnostics/download'=>['access'=> 'admin'], 'entity/chooserestoredestination'=>[], 'entity/delete'=>[], 'entity/mute'=>[], 'entity/restore'=>[], 'entity/subscribe'=>[], 'entity/trash'=>[], 'entity/unmute'=>[], 'entity/unsubscribe'=>[], 'login'=>['access'=> 'logged_out'], 'logout'=>[], 'notifications/mute'=>['access'=> 'public'], 'plugins/settings/remove'=>['access'=> 'admin'], 'plugins/settings/save'=>['access'=> 'admin'], 'plugins/usersettings/save'=>[], 'register'=>['access'=> 'logged_out', 'middleware'=>[\Elgg\Router\Middleware\RegistrationAllowedGatekeeper::class,],], 'river/delete'=>[], 'settings/notifications'=>[], 'settings/notifications/subscriptions'=>[], 'user/changepassword'=>['access'=> 'public'], 'user/requestnewpassword'=>['access'=> 'public'], 'useradd'=>['access'=> 'admin'], 'usersettings/save'=>[], 'widgets/add'=>[], 'widgets/delete'=>[], 'widgets/move'=>[], 'widgets/save'=>[],]
Definition: actions.php:73
$user
Definition: ban.php:7
Exception thrown if an error which can only be found on runtime occurs.
Password service.
__construct()
Constructor.
needsRehash(string $hash)
Determine if the password hash needs to be rehashed.
verify(string $password, string $hash)
Verify a password against a hash using a timing attack resistant approach.
generateHash(string $password)
Hash a password for storage using password_hash()
saveNewPassword(\ElggUser $user, string $conf_code, ?string $password=null)
Validate and change password for a user.
requestNewPassword(\ElggUser $user)
Generate and send a password request email to a given user's registered email address.
if(! $item instanceof ElggEntity) $link
Definition: container.php:16
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
elgg_generate_password()
Generate a random 12 character clear text password.
Definition: users.php:134
elgg_get_site_entity()
Get the current site entity.
Definition: entities.php:101
notify_user(int|array $to, int $from=0, string $subject='', string $message='', array $params=[], $methods_override=null)
Notify a user via their preferences.
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
if(! $user||! $user->canEdit()) $password
if(parse_url(elgg_get_site_url(), PHP_URL_PATH) !=='/') if(file_exists(elgg_get_root_path() . 'robots.txt'))
Set robots.txt.
Definition: robots.php:10
elgg_reset_authentication_failures(\ElggUser $user)
Clears all authentication failures for a give user.
Definition: sessions.php:115
$action
Definition: subscribe.php:11