PHP Class Elgg\PasswordService

Since: 1.10.0
Show file Open project: elgg/elgg

Public Methods

Method Description
__construct ( ) Constructor
executeNewPasswordReset ( integer $user_guid, string $conf_code, string $password = null ) : boolean Validate and change password for a user.
forcePasswordReset ( ElggUser | integer $user, string $password ) : boolean Set a user's new password and save the entity.
generateHash ( string $password ) : string Hash a password for storage using password_hash()
needsRehash ( string $hash ) : boolean Determine if the password hash needs to be rehashed
sendNewPasswordRequest ( integer $user_guid ) : boolean Generate and send a password request email to a given user's registered email address.
verify ( string $password, string $hash ) : boolean Verify a password against a hash using a timing attack resistant approach

Method Details

__construct() public method

Constructor
public __construct ( )

executeNewPasswordReset() public method

Validate and change password for a user.
public executeNewPasswordReset ( integer $user_guid, string $conf_code, string $password = null ) : boolean
$user_guid integer The user id
$conf_code string Confirmation code as sent in the request email.
$password string Optional new password, if not randomly generated.
return boolean True on success

forcePasswordReset() public method

This can only be called from execute_new_password_request().
public forcePasswordReset ( ElggUser | integer $user, string $password ) : boolean
$user ElggUser | integer The user GUID or entity
$password string Text (which will then be converted into a hash and stored)
return boolean

generateHash() public method

Hash a password for storage using password_hash()
public generateHash ( string $password ) : string
$password string Password in clear text
return string

needsRehash() public method

If the answer is true, after validating the password using password_verify, rehash it.
public needsRehash ( string $hash ) : boolean
$hash string The hash to test
return boolean True if the password needs to be rehashed.

sendNewPasswordRequest() public method

Generate and send a password request email to a given user's registered email address.
public sendNewPasswordRequest ( integer $user_guid ) : boolean
$user_guid integer User GUID
return boolean

verify() public method

Verify a password against a hash using a timing attack resistant approach
public verify ( string $password, string $hash ) : boolean
$password string The password to verify
$hash string The hash to verify against
return boolean If the password matches the hash