Elgg  Version master
PasswordService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
6 
13 final class PasswordService {
14 
20  public function __construct() {
21  if (!function_exists('password_hash')) {
22  throw new RuntimeException('password_hash and associated functions are required.');
23  }
24  }
25 
35  public function needsRehash(string $hash): bool {
36  return password_needs_rehash($hash, PASSWORD_DEFAULT);
37  }
38 
47  public function verify(string $password, string $hash): bool {
48  return password_verify($password, $hash);
49  }
50 
58  public function generateHash(string $password) {
59  return password_hash($password, PASSWORD_DEFAULT);
60  }
61 
69  public function requestNewPassword(\ElggUser $user): void {
70  // generate code
72  $user->passwd_conf_code = $code;
73  $user->passwd_conf_time = time();
74 
75  // generate link
76  $link = elgg_generate_url('account:password:change', [
77  'u' => $user->guid,
78  'c' => $code,
79  ]);
80  $link = _elgg_services()->urlSigner->sign($link, '+1 day');
81 
82  // generate email
83  $ip_address = _elgg_services()->request->getClientIp();
84  $message = _elgg_services()->translator->translate('email:changereq:body', [
85  $ip_address,
86  $link,
87  ], $user->getLanguage());
88 
89  $subject = _elgg_services()->translator->translate('email:changereq:subject', [], $user->getLanguage());
90 
91  $params = [
92  'action' => 'requestnewpassword',
93  'object' => $user,
94  'ip_address' => $ip_address,
95  'link' => $link,
96  'apply_muting' => false,
97  'add_mute_link' => false,
98  ];
99 
100  notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
101  }
102 
114  public function saveNewPassword(\ElggUser $user, string $conf_code, string $password = null): bool {
115  if ($password === null) {
117  $reset = true;
118  } else {
119  $reset = false;
120  }
121 
122  $saved_code = $user->passwd_conf_code;
123  $code_time = (int) $user->passwd_conf_time;
124  $codes_match = _elgg_services()->crypto->areEqual($saved_code, $conf_code);
125 
126  if (!$saved_code || !$codes_match) {
127  return false;
128  }
129 
130  // Discard for security if it is 24h old
131  if (!$code_time || $code_time < time() - 24 * 60 * 60) {
132  return false;
133  }
134 
135  $user->setPassword($password);
136 
137  unset($user->passwd_conf_code);
138  unset($user->passwd_conf_time);
139 
140  // reset the logins failures
142 
143  $action = $reset ? 'resetpassword' : 'changepassword';
144 
145  $message = _elgg_services()->translator->translate("email:{$action}:body", [$user->username, $password], $user->getLanguage());
146  $subject = _elgg_services()->translator->translate("email:{$action}:subject", [], $user->getLanguage());
147 
148  $params = [
149  'action' => $action,
150  'object' => $user,
151  'password' => $password,
152  'apply_muting' => false,
153  ];
154 
155  notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
156 
157  return true;
158  }
159 }
$params
Saves global plugin settings.
Definition: save.php:13
Exception thrown if an error which can only be found on runtime occurs.
needsRehash(string $hash)
Determine if the password hash needs to be rehashed.
elgg_generate_password()
Generate a random 12 character clear text password.
Definition: users.php:142
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
generateHash(string $password)
Hash a password for storage using password_hash()
__construct()
Constructor.
Password service.
requestNewPassword(\ElggUser $user)
Generate and send a password request email to a given user&#39;s registered email address.
if(!$item instanceof ElggEntity) $link
Definition: container.php:16
elgg_reset_authentication_failures(\ElggUser $user)
Clears all authentication failures for a give user.
Definition: sessions.php:115
saveNewPassword(\ElggUser $user, string $conf_code, string $password=null)
Validate and change password for a user.
if(!$user||!$user->canEdit()) $password
getLanguage(string $fallback=null)
Get user language or default to site language.
Definition: ElggUser.php:71
$user
Definition: ban.php:7
elgg_get_site_entity()
Get the current site entity.
Definition: entities.php:99
$action
Definition: subscribe.php:11
verify(string $password, string $hash)
Verify a password against a hash using a timing attack resistant approach.
notify_user(int|array $to, int $from=0, string $subject= '', string $message= '', array $params=[], $methods_override=null)
Notify a user via their preferences.
setPassword(string $password)
Set the necessary metadata to store a hash of the user&#39;s password.
Definition: ElggUser.php:388
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
_elgg_services()
Get the global service provider.
Definition: elgglib.php:346
$subject
Definition: useradd.php:54