vBulletin v6.1.0

vB_Library_Login extends vB_Library
in package

This class depends on the following

  • vB_Utility_Password_Algorithm
  • vB Environment including the datastore and request objects
  • Datastore value 'pwschemes'.

It does not and should not depend on the permission objects. All permissions should be handled outside of the class and passed to to the class in the form of override flags.

Table of Contents

Methods

__serialize()  : array<string|int, mixed>
__sleep()  : array<string|int, mixed>
__unserialize()  : void
__wakeup()  : void
clearCache()  : mixed
generateRememberMeToken()  : string
Generate a remember me token given a user specific token & a salt.
generateRememberMeTokenFromUserColumnsForCookies()  : string
Takes a user-table-like data (sometimes the caller "fakes" it) and generates a rememberme token that's meant for passing back to the browser to set in a cookie.
getContentInstance()  : mixed
importPasswordSchemes()  : void
Load the scheme files from xml files
instance()  : static
Returns singleton instance of self.
monitorWords()  : mixed
Checks if the text contains monitored words, and if so, sends notifications to admins and moderators if the setting is on.
resetMfaSecret()  : mixed
resetRemembermeSecret()  : void
Reset the rememberme token for a user. This will cause all existing rememberme's to stop working once their individual sessions expire. Also see vB_Api_User::logoutAllDevices() if we want to both force-expire existing sessions and reset rememberme. Note that vB_Library_Login::setPassword() also updates the rememberme. This function is available for places outside of changing passwords where we might want to invalidate existing rememberme's (e.g. log out all devices).
setMfaEnabled()  : mixed
setPassword()  : void
Change the password for a user
verifyMfa()  : mixed
Check the Verification Code entered by the user.
verifyPasswordFromInfo()  : mixed
Verify a login value
verifyRememberMeFromInfo()  : array<string|int, mixed>
Verify the remember token.

Methods

__serialize()

public __serialize() : array<string|int, mixed>
Return values
array<string|int, mixed>

__sleep()

public __sleep() : array<string|int, mixed>
Return values
array<string|int, mixed>

__unserialize()

public __unserialize(array<string|int, mixed> $serialized) : void
Parameters
$serialized : array<string|int, mixed>

clearCache()

public static clearCache() : mixed

generateRememberMeToken()

Generate a remember me token given a user specific token & a salt.

public generateRememberMeToken(mixed $passwordtoken, mixed $salt) : string

Public to allow hookLoginInternal hooks to generate token as part of their custom login handling.

Parameters
$passwordtoken : mixed
$salt : mixed
Return values
string

Generated "Remember Me" token. Usually set to the "password" cookie.

generateRememberMeTokenFromUserColumnsForCookies()

Takes a user-table-like data (sometimes the caller "fakes" it) and generates a rememberme token that's meant for passing back to the browser to set in a cookie.

public generateRememberMeTokenFromUserColumnsForCookies(array<string|int, mixed> $info) : string

This long name is to emphasize that it is different from the rememberme_secret value that's stored in DB.

Parameters
$info : array<string|int, mixed>

{token:string, scheme:string, rememberme_secret:string}

Return values
string

getContentInstance()

public static getContentInstance(mixed $contenttypeid) : mixed
Parameters
$contenttypeid : mixed

importPasswordSchemes()

Load the scheme files from xml files

public importPasswordSchemes() : void

instance()

Returns singleton instance of self.

public static instance(mixed $class) : static
Parameters
$class : mixed
Return values
static
  • Reference to singleton instance of the requested library class

monitorWords()

Checks if the text contains monitored words, and if so, sends notifications to admins and moderators if the setting is on.

public monitorWords(mixed $text, mixed $type, mixed $nodeid[, mixed $userid = null ][, mixed $insertNotifications = true ][, mixed $currentuserid = 0 ]) : mixed

use the functions from the notification library directly.

Parameters
$text : mixed
$type : mixed
$nodeid : mixed
$userid : mixed = null
$insertNotifications : mixed = true
$currentuserid : mixed = 0

resetMfaSecret()

public resetMfaSecret(mixed $userid) : mixed
Parameters
$userid : mixed

resetRemembermeSecret()

Reset the rememberme token for a user. This will cause all existing rememberme's to stop working once their individual sessions expire. Also see vB_Api_User::logoutAllDevices() if we want to both force-expire existing sessions and reset rememberme. Note that vB_Library_Login::setPassword() also updates the rememberme. This function is available for places outside of changing passwords where we might want to invalidate existing rememberme's (e.g. log out all devices).

public resetRemembermeSecret(int $userid) : void
Parameters
$userid : int

setMfaEnabled()

public setMfaEnabled(mixed $userid, mixed $enabled) : mixed
Parameters
$userid : mixed
$enabled : mixed

setPassword()

Change the password for a user

public setPassword(int $userid, string $password, array<string|int, mixed> $checkOptions[, array<string|int, mixed> $checkOverrides = [] ][, array<string|int, mixed> $skipProcesses = [] ]) : void
Parameters
$userid : int

-- the id of the user to change the passwordor

$password : string

-- the passsword to use for the new hash. May be md5 encoded.

$checkOptions : array<string|int, mixed>

-- values for permission checks. These are all required (though they might be ignored if the specific check is skipped).

  • passwordhistorylength -- The number of days to look back for duplicate passwords
$checkOverrides : array<string|int, mixed> = []

-- checks to skip. This will usually be based on user permissions, but we shouldn't check those in the library. All of these fields are optional. If not set or set to false, the check will be performed. If set to true, then the check will be skipped.

  • passwordbadwords -- skip the check for bad passwords
  • passwordhistory -- skip the check for the password history for this user. Will will still store the password set in the history
  • passwordrules -- skip the checks for the various password requirement rules that are configurable
  • all -- as special value that will skip all of the checks.

Note that these checks should not be skipped lightly and this option mostly exists so that we can rehash passwords that were validated against previous rules and might fail against new rules in a context where we can't handle the errors. @param array $skipProcesses -- If any is set to true, that particular process will be skipped * * rememberme -- Generally skipping, we should always reset the rememberme token when changing the password. Only used when we automatically update a legacy password scheme to a newer one.

$skipProcesses : array<string|int, mixed> = []
Tags
throws
vB_Exception_Api

with the following possible errors

  • usernotfound -- The userid does not exist.
  • invalidpassword -- The password does not meet the configured standards for the site. Currently this only checks that the password is not the same as the username, but the caller should not assume that this is the only reason because this is likely to change in the future
Return values
void

Will throw an exception if setting the password fails.

verifyMfa()

Check the Verification Code entered by the user.

public verifyMfa(mixed $secretkey, mixed $thistry, mixed $relaxedmode) : mixed
Parameters
$secretkey : mixed
$thistry : mixed
$relaxedmode : mixed

verifyPasswordFromInfo()

Verify a login value

public verifyPasswordFromInfo(array<string|int, mixed> $login, mixed $passwords) : mixed

In addition to the user's password, we'll verify do a couple of additional things

  • If the password hash scheme is disabled, we'll reject the login entirely
  • If the scheme is not current, we will attempt to quietly rehash
  • If the scheme has been deprecated and we cannot rehash, then we'll expire the password.
Parameters
$login : array<string|int, mixed>

The login info of the user to verify containg * token -- the password hash to verify against * scheme -- the scheme used to generate the hash @param $passwords array. Array of password variants in the form ['password' => $password, 'encoding' => $encoding] valid values for encoding are 'text' and 'md5'. This is required to handle various legacy logic that encodes the password using md5 on the front end. We may wish to expand that to include better front end encodings in the future. @return array * * auth bool true if the login succeeded, false otherwise * * remembermetoken string token to use for remember me logic (blank if not authenticated)

$passwords : mixed

verifyRememberMeFromInfo()

Verify the remember token.

public verifyRememberMeFromInfo(array<string|int, mixed> $login, string $remembermetoken) : array<string|int, mixed>

This verifies if the "rememberme" token returned by the password verification function is valid for the given user

Parameters
$login : array<string|int, mixed>

login information

  • rememberme_secret -- the user's rememberme_secret
  • token -- (deprecated) the user's password token
  • scheme -- the user's password scheme
$remembermetoken : string

-- The token to check

Return values
array<string|int, mixed>
    • auth (boolean) -- true if the rememberme token matches, false otherwise
    • remembermetoken (string) -- the "current" rememberme token. This will be the same as the rememberme token passed in unless we validated based on a legacy value. This should be used to update the rememberme value stored with the client. If the auth failed, this will be blank.

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results