3 namespace Org\Mxchange\CoreFramework\Filter\Verifier\Password;
5 // Import framework stuff
6 use Org\Mxchange\CoreFramework\Filter\BaseFilter;
7 use Org\Mxchange\CoreFramework\Filter\Chain\FilterChainException;
8 use Org\Mxchange\CoreFramework\Filter\Filterable;
9 use Org\Mxchange\CoreFramework\Factory\Object\ObjectFactory;
10 use Org\Mxchange\CoreFramework\Registry\GenericRegistry;
11 use Org\Mxchange\CoreFramework\Request\Requestable;
12 use Org\Mxchange\CoreFramework\Response\Responseable;
13 use Org\Mxchange\CoreFramework\User\BaseUser;
16 * A concrete filter for validating the password. This filter may intercept
17 * the filter chain if no password is given or the password is invalid
19 * @author Roland Haeder <webmaster@shipsimu.org>
21 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2022 Core Developer Team
22 * @license GNU GPL 3.0 or any newer version
23 * @link http://www.shipsimu.org
25 * This program is free software: you can redistribute it and/or modify
26 * it under the terms of the GNU General Public License as published by
27 * the Free Software Foundation, either version 3 of the License, or
28 * (at your option) any later version.
30 * This program is distributed in the hope that it will be useful,
31 * but WITHOUT ANY WARRANTY; without even the implied warranty of
32 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
33 * GNU General Public License for more details.
35 * You should have received a copy of the GNU General Public License
36 * along with this program. If not, see <http://www.gnu.org/licenses/>.
38 class AccountPasswordVerifierFilter extends BaseFilter implements Filterable {
40 * Protected constructor
44 private function __construct () {
45 // Call parent constructor
46 parent::__construct(__CLASS__);
50 * Creates an instance of this filter class
52 * @return $filterInstance An instance of this filter class
54 public static final function createAccountPasswordVerifierFilter () {
56 $filterInstance = new AccountPasswordVerifierFilter();
58 // Return the instance
59 return $filterInstance;
63 * Executes the filter with given request and response objects
65 * @param $requestInstance An instance of a class with an Requestable interface
66 * @param $responseInstance An instance of a class with an Responseable interface
68 * @throws AccountPasswordMismatchException If the account password does not match
69 * @throws FilterChainException If this filter fails to operate
70 * @todo Rewrite handling of different password fields
72 public function execute (Requestable $requestInstance, Responseable $responseInstance) {
74 $password = $requestInstance->getRequestElement('pass_old');
76 // Is the password still not set?
77 if (is_null($password)) {
78 // Get password from alternative location
79 $password = $requestInstance->getRequestElement('password');
81 // Is the password still not set?
82 if (is_null($password)) {
83 // Not found in form so stop the filtering process
84 $requestInstance->setIsRequestValid(FALSE);
86 // Add a message to the response
87 $responseInstance->addFatalMessage('password_unset');
90 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
94 if (empty($password)) {
96 $requestInstance->setIsRequestValid(FALSE);
98 // Add a message to the response
99 $responseInstance->addFatalMessage('password_empty');
102 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
105 // Get a user instance
106 $userInstance = GenericRegistry::getRegistry()->getInstance('user');
109 $currentHash = $userInstance->getField('pass_hash');
111 // Get an encryption helper and encrypt the password
112 $passHash = ObjectFactory::createObjectByConfiguredName('crypto_class')->hashString($password, $currentHash);
115 if ($currentHash != $passHash) {
116 // Throw an exception here to stop the proccessing
117 throw new AccountPasswordMismatchException($this, BaseUser::EXCEPTION_USER_PASS_MISMATCH);