silverstripe-framework/Security/MemberPassword.php

<?php

namespace SilverStripe\Security;

use SilverStripe\ORM\DataObject;

/**
 * Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.
 *
 * @property string Password
 * @property string Salt
 * @property string PasswordEncryption
 * @property int MemberID ID of the Member
 * @method Member Member() Owner of the password
 */
class MemberPassword extends DataObject {
	private static $db = array(
		'Password' => 'Varchar(160)',
		'Salt' => 'Varchar(50)',
		'PasswordEncryption' => 'Varchar(50)',
	);

	private static $has_one = array(
		'Member' => 'SilverStripe\\Security\\Member'
	);

	private static $table_name = "MemberPassword";

	/**
	 * Log a password change from the given member.
	 * Call MemberPassword::log($this) from within Member whenever the password is changed.
	 *
	 * @param Member $member
	 */
	public static function log($member) {
		$record = new MemberPassword();
		$record->MemberID = $member->ID;
		$record->Password = $member->Password;
		$record->PasswordEncryption = $member->PasswordEncryption;
		$record->Salt = $member->Salt;
		$record->write();
	}

	/**
	 * Check if the given password is the same as the one stored in this record.
	 * See {@link Member->checkPassword()}.
	 *
	 * @param String $password Cleartext password
	 * @return Boolean
	 */
	public function checkPassword($password) {
		$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
		return $e->check($this->Password, $password, $this->Salt, $this->Member());
	}


}
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`<?php`
API Apply Framework\ORM Namespace to model 2016-06-15 06:03:16 +02:00
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00			`namespace SilverStripe\Security;`

API Apply Framework\ORM Namespace to model 2016-06-15 06:03:16 +02:00			`use SilverStripe\ORM\DataObject;`
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`/**`
			`* Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.`
Documented magic properties of DataObject 2014-01-26 04:17:17 +01:00			`*`
			`* @property string Password`
			`* @property string Salt`
			`* @property string PasswordEncryption`
			`* @property int MemberID ID of the Member`
			`* @method Member Member() Owner of the password`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`*/`
			`class MemberPassword extends DataObject {`
API Marked statics private, use Config API instead (#8317) See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details. 2013-03-21 19:48:54 +01:00			`private static $db = array(`
BUGFIX: Increase size of varchar fields on MemberPassword to match those defined in Member. This fixes issues when the password hash is longer than 50 characters, and was being truncated when saved in MemberPassword. 2012-05-07 04:18:15 +02:00			`'Password' => 'Varchar(160)',`
			`'Salt' => 'Varchar(50)',`
			`'PasswordEncryption' => 'Varchar(50)',`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`);`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00
API Marked statics private, use Config API instead (#8317) See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details. 2013-03-21 19:48:54 +01:00			`private static $has_one = array(`
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00			`'Member' => 'SilverStripe\\Security\\Member'`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`);`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00			`private static $table_name = "MemberPassword";`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`/**`
			`* Log a password change from the given member.`
			`* Call MemberPassword::log($this) from within Member whenever the password is changed.`
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00			`*`
			`* @param Member $member`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`*/`
Method visibility according to coding conventions 2012-09-19 12:07:39 +02:00			`public static function log($member) {`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`$record = new MemberPassword();`
			`$record->MemberID = $member->ID;`
			`$record->Password = $member->Password;`
			`$record->PasswordEncryption = $member->PasswordEncryption;`
			`$record->Salt = $member->Salt;`
			`$record->write();`
			`}`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`/**`
ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) API CHANGE Deprecated Security::encrypt_passwords() API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation API CHANGE Removed Security::get_encryption_algorithms() API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-11-06 03:23:21 +01:00			`* Check if the given password is the same as the one stored in this record.`
			`* See {@link Member->checkPassword()}.`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00			`*`
ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) API CHANGE Deprecated Security::encrypt_passwords() API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation API CHANGE Removed Security::get_encryption_algorithms() API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-11-06 03:23:21 +01:00			`* @param String $password Cleartext password`
			`* @return Boolean`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00			`*/`
Method visibility according to coding conventions 2012-09-19 12:07:39 +02:00			`public function checkPassword($password) {`
APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare() 2012-05-07 05:03:53 +02:00			`$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);`
			`return $e->check($this->Password, $password, $this->Salt, $this->Member());`
Merged revisions 52121 via svnmerge from http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity ........ r52121 \| sminnee \| 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) \| 4 lines Added DataObject::validate() for specifying DataObject-level validators. Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite() Added password strength testing to security system Added password expiry to security system ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9 2008-04-26 08:31:52 +02:00			`}`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00

MINOR Add newline to end of files without one 2012-03-24 04:04:52 +01:00			`}`