vB_Library_Login
extends vB_Library
in package
vB_Library_Login
Tags
Table of Contents
Methods
- __serialize() : array<string|int, mixed>
- __sleep() : array<string|int, mixed>
- __unserialize() : void
- __wakeup() : void
- clearCache() : mixed
- generateRememberMeToken() : string
- Generate a remember me token given a user specific token & a salt.
- getContentInstance() : mixed
- importPasswordSchemes() : void
- Load the scheme files from xml files
- instance() : static
- Returns singleton instance of self.
- monitorWords() : mixed
- Checks if the text contains monitored words, and if so, sends notifications to admins and moderators if the setting is on.
- resetMfaSecret() : mixed
- setMfaEnabled() : mixed
- setPassword() : void
- Change the password for a user
- verifyMfa() : mixed
- Check the Verification Code entered by the user.
- verifyPasswordFromInfo() : mixed
- Verify a login value
- verifyRememberMeFromInfo() : array<string|int, mixed>
- Verify the remember token.
Methods
__serialize()
public
__serialize() : array<string|int, mixed>
Return values
array<string|int, mixed>__sleep()
public
__sleep() : array<string|int, mixed>
Return values
array<string|int, mixed>__unserialize()
public
__unserialize(array<string|int, mixed> $serialized) : void
Parameters
- $serialized : array<string|int, mixed>
__wakeup()
public
__wakeup() : void
clearCache()
public
static clearCache() : mixed
generateRememberMeToken()
Generate a remember me token given a user specific token & a salt.
public
generateRememberMeToken(mixed $passwordtoken, mixed $salt) : string
Public to allow hookLoginInternal hooks to generate token as part of their custom login handling.
Parameters
- $passwordtoken : mixed
- $salt : mixed
Return values
string —Generated "Remember Me" token. Usually set to the "password" cookie.
getContentInstance()
public
static getContentInstance(mixed $contenttypeid) : mixed
Parameters
- $contenttypeid : mixed
importPasswordSchemes()
Load the scheme files from xml files
public
importPasswordSchemes() : void
instance()
Returns singleton instance of self.
public
static instance(mixed $class) : static
Parameters
- $class : mixed
Return values
static —- Reference to singleton instance of the requested library class
monitorWords()
Checks if the text contains monitored words, and if so, sends notifications to admins and moderators if the setting is on.
public
monitorWords(mixed $text, mixed $type, mixed $nodeid[, mixed $userid = null ][, mixed $insertNotifications = true ][, mixed $currentuserid = 0 ]) : mixed
Parameters
- $text : mixed
- $type : mixed
- $nodeid : mixed
- $userid : mixed = null
- $insertNotifications : mixed = true
- $currentuserid : mixed = 0
Tags
resetMfaSecret()
public
resetMfaSecret(mixed $userid) : mixed
Parameters
- $userid : mixed
setMfaEnabled()
public
setMfaEnabled(mixed $userid, mixed $enabled) : mixed
Parameters
- $userid : mixed
- $enabled : mixed
setPassword()
Change the password for a user
public
setPassword(int $userid, string $password, array<string|int, mixed> $checkOptions[, array<string|int, mixed> $checkOverrides = [] ]) : void
Parameters
- $userid : int
-
-- the id of the user to change the passwordor
- $password : string
-
-- the passsword to use for the new hash. May be md5 encoded.
- $checkOptions : array<string|int, mixed>
-
-- values for permission checks. These are all required (though they might be ignored if the specific check is skipped).
- passwordhistorylength -- The number of days to look back for duplicate passwords
- $checkOverrides : array<string|int, mixed> = []
-
-- checks to skip. This will usually be based on user permissions, but we shouldn't check those in the library. All of these fields are optional. If not set or set to false, the check will be performed. If set to true, then the check will be skipped.
- passwordbadwords -- skip the check for bad passwords
- passwordhistory -- skip the check for the password history for this user. Will will still store the password set in the history
- passwordrules -- skip the checks for the various password requirement rules that are configurable
- all -- as special value that will skip all of the checks.
Note that these checks should not be skipped lightly and this option mostly exists so that we can rehash passwords that were validated against previous rules and might fail against new rules in a context where we can't handle the errors.
Tags
Return values
void —Will throw an exception if setting the password fails.
verifyMfa()
Check the Verification Code entered by the user.
public
verifyMfa(mixed $secretkey, mixed $thistry, mixed $relaxedmode) : mixed
Parameters
- $secretkey : mixed
- $thistry : mixed
- $relaxedmode : mixed
verifyPasswordFromInfo()
Verify a login value
public
verifyPasswordFromInfo(array<string|int, mixed> $login, mixed $passwords) : mixed
In addition to the user's password, we'll verify do a couple of additional things
- If the password hash scheme is disabled, we'll reject the login entirely
- If the scheme is not current, we will attempt to quietly rehash
- If the scheme has been deprecated and we cannot rehash, then we'll expire the password.
Parameters
- $login : array<string|int, mixed>
-
The login info of the user to verify containg * token -- the password hash to verify against * scheme -- the scheme used to generate the hash @param $passwords array. Array of password variants in the form ['password' => $password, 'encoding' => $encoding] valid values for encoding are 'text' and 'md5'. This is required to handle various legacy logic that encodes the password using md5 on the front end. We may wish to expand that to include better front end encodings in the future. @return array * auth bool true if the login succeeded, false otherwise * remembermetoken string token to use for remember me logic (blank if not authenticated)
- $passwords : mixed
verifyRememberMeFromInfo()
Verify the remember token.
public
verifyRememberMeFromInfo(array<string|int, mixed> $login, string $remembermetoken) : array<string|int, mixed>
This verifies if the "rememberme" token returned by the password verification function is valid for the given user
Parameters
- $login : array<string|int, mixed>
-
login information
- token -- the user's password token
- scheme -- the user's password scheme
- $remembermetoken : string
-
-- The token to checka
Return values
array<string|int, mixed> —- auth (boolean) -- true if the rememberme token matches, false otherwise
- remembermetoken (string) -- the "current" rememberme token. This will be the same as the rememberme token passed in unless we validated based on a legacy value. This should be used to update the rememberme value stored with the client. If the auth failed, this will be blank.