UserModel::validateCredentials PHP Method

UserModel Class Documentation Usage Examples Of UserModel::validateCredentials Show file Open project: vanilla/vanilla

validateCredentials() public method

Fetches a user row by email (or name) and compare the password. If the password was not stored as a blowfish hash, the password will be saved again. Return the user's id, admin status and attributes.

public validateCredentials ( string $Email = '', $ID, string $Password ) : object \| false
$Email	string
$Password	string
return	object \| false	Returns the user matching the credentials or false if the user doesn't validate.

    public function validateCredentials($Email = '', $ID = 0, $Password)
    {
        $this->EventArguments['Credentials'] = ['Email' => $Email, 'ID' => $ID, 'Password' => $Password];
        $this->fireEvent('BeforeValidateCredentials');
        if (!$Email && !$ID) {
            throw new Exception('The email or id is required');
        }
        try {
            $this->SQL->select('UserID, Name, Attributes, Admin, Password, HashMethod, Deleted, Banned')->from('User');
            if ($ID) {
                $this->SQL->where('UserID', $ID);
            } else {
                if (strpos($Email, '@') > 0) {
                    $this->SQL->where('Email', $Email);
                } else {
                    $this->SQL->where('Name', $Email);
                }
            }
            $DataSet = $this->SQL->get();
        } catch (Exception $Ex) {
            $this->SQL->reset();
            // Try getting the user information without the new fields.
            $this->SQL->select('UserID, Name, Attributes, Admin, Password')->from('User');
            if ($ID) {
                $this->SQL->where('UserID', $ID);
            } else {
                if (strpos($Email, '@') > 0) {
                    $this->SQL->where('Email', $Email);
                } else {
                    $this->SQL->where('Name', $Email);
                }
            }
            $DataSet = $this->SQL->get();
        }
        if ($DataSet->numRows() < 1) {
            return false;
        }
        $UserData = $DataSet->firstRow();
        // Check for a deleted user.
        if (val('Deleted', $UserData)) {
            return false;
        }
        $PasswordHash = new Gdn_PasswordHash();
        $HashMethod = val('HashMethod', $UserData);
        if (!$PasswordHash->checkPassword($Password, $UserData->Password, $HashMethod, $UserData->Name)) {
            return false;
        }
        if ($PasswordHash->Weak || $HashMethod && strcasecmp($HashMethod, 'Vanilla') != 0) {
            $Pw = $PasswordHash->hashPassword($Password);
            $this->SQL->update('User')->set('Password', $Pw)->set('HashMethod', 'Vanilla')->where('UserID', $UserData->UserID)->put();
        }
        $UserData->Attributes = dbdecode($UserData->Attributes);
        return $UserData;
    }

Usage Example

Example #1

Show file

File: functions.validation.php Project: sitexa/vanilla

 /**
  * Validate that a password authenticates against a user.
  *
  * @param mixed $value Not used.
  * @param mixed $field Not used.
  * @param array $data The data to validate.
  * @return bool Returns true if the value validates or false otherwise.
  */
 function validateOldPassword($value, $field, $data)
 {
     $OldPassword = val('OldPassword', $data, '');
     $Session = Gdn::Session();
     $UserModel = new UserModel();
     $UserID = $Session->UserID;
     return (bool) $UserModel->validateCredentials('', $UserID, $OldPassword);
 }

UserModel

__construct

addEmailHeaderFooter

addInsertFields

addIpFilters

addPasswordStrength

approve

attributes

ban

checkPermission

clearCache

clearNavigationPreferences