]>
git.agnieray.net Git - galette.git/blob - galette/lib/Galette/Core/Password.php
4 * Copyright © 2003-2024 The Galette Team
6 * This file is part of Galette (https://galette.eu).
8 * Galette is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
13 * Galette is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with Galette. If not, see <http://www.gnu.org/licenses/>.
22 namespace Galette\Core
;
26 use Galette\Entity\Adherent
;
29 * Temporary password management
31 * @author Frédéric Jacquot <gna@logeek.com>
32 * @author Georges Khaznadar (password encryption, images) <georges@unknow.org>
33 * @author Johan Cwiklinski <johan@x-tnd.be>
36 class Password
extends AbstractPassword
38 public const TABLE
= 'tmppasswds';
39 public const PK
= Adherent
::PK
;
41 /** @var integer Overrides default password size */
42 public const DEFAULT_SIZE
= 50;
43 /** @var string Overrides default character set */
44 protected string $chars = 'abcdefghjkmnpqrstuvwxyz0123456789&@{[]}%#+*:ABCDEFGHIJKLMNOPQRSTUVWXYZ';
51 * @param Db $zdb Database instance:
52 * @param boolean $clean Whether we should clean expired passwords in database
54 public function __construct(Db
$zdb, bool $clean = true)
57 if ($clean === true) {
58 $this->cleanExpired();
63 * Remove all old password entries
65 * @param int $id_adh Member identifier
69 private function removeOldEntries(int $id_adh): bool
72 $delete = $this->zdb
->delete(self
::TABLE
);
73 $delete->where([self
::PK
=> $id_adh]);
75 $this->zdb
->execute($delete);
77 'Temporary passwords for `' . $id_adh . '` has been removed.',
81 } catch (Throwable
$e) {
83 'An error has occurred removing old tmppasswords ' .
92 * Generates a new password for specified member
94 * @param int $id_adh Member identifier
98 public function generateNewPassword(int $id_adh): bool
100 //first of all, we'll remove all existant entries for specified id
101 $this->removeOldEntries($id_adh);
103 //second, generate a new password and store it in the database
104 $password = $this->makeRandomPassword();
105 $hash = password_hash($password, PASSWORD_BCRYPT
);
110 'tmp_passwd' => $hash,
111 'date_crea_tmp_passwd' => date('Y-m-d H:i:s')
114 $insert = $this->zdb
->insert(self
::TABLE
);
115 $insert->values($values);
117 $this->zdb
->execute($insert);
119 'New passwords temporary set for `' . $id_adh . '`.',
122 $this->setPassword($password);
123 $this->setHash($hash);
125 } catch (Throwable
$e) {
127 "An error occurred trying to add temporary password entry. " .
136 * Remove expired passwords queries (older than 24 hours)
140 public function cleanExpired(): bool
142 $date = new \
DateTime();
143 $date->sub(new \
DateInterval('PT24H'));
146 $delete = $this->zdb
->delete(self
::TABLE
);
147 $delete->where
->lessThan(
148 'date_crea_tmp_passwd',
149 $date->format('Y-m-d H:i:s')
151 $this->zdb
->execute($delete);
153 'Old Temporary passwords have been deleted.',
157 } catch (Throwable
$e) {
159 'An error occurred deleting expired temporary passwords. ' .
168 * Check if requested hash is valid
170 * @param string $hash the hash
172 * @return false|int false if hash is not valid, member id otherwise
174 public function isHashValid(string $hash): false|
int
177 $select = $this->zdb
->select(self
::TABLE
);
180 )->where(array('tmp_passwd' => $hash));
182 $results = $this->zdb
->execute($select);
184 if ($results->count() > 0) {
185 $result = $results->current();
187 return (int)$result->$pk;
191 } catch (Throwable
$e) {
193 'An error occurred getting requested hash. ' . $e->getMessage(),
201 * Remove a hash that has been used (ie. once password has been updated)
203 * @param string $hash hash
207 public function removeHash(string $hash): bool
210 $delete = $this->zdb
->delete(self
::TABLE
);
212 array('tmp_passwd' => $hash)
215 $this->zdb
->execute($delete);
217 'Used hash has been successfully remove',
221 } catch (Throwable
$e) {
223 'An error occurred attempting to delete used hash' .