3 namespace Org\Mxchange\CoreFramework\Filter\Verifier\Password;
5 // Import framework stuff
6 use Org\Mxchange\CoreFramework\Filter\BaseFilter;
7 use Org\Mxchange\CoreFramework\Filter\Chain\FilterChainException;
8 use Org\Mxchange\CoreFramework\Filter\Filterable;
9 use Org\Mxchange\CoreFramework\Factory\Object\ObjectFactory;
10 use Org\Mxchange\CoreFramework\Helper\Crypto\CryptoHelper;
11 use Org\Mxchange\CoreFramework\Registry\Object\ObjectRegistry;
12 use Org\Mxchange\CoreFramework\Request\Requestable;
13 use Org\Mxchange\CoreFramework\Response\Responseable;
14 use Org\Mxchange\CoreFramework\User\BaseUser;
17 * A concrete filter for validating the password. This filter may intercept
18 * the filter chain if no password is given or the password is invalid
20 * @author Roland Haeder <webmaster@shipsimu.org>
22 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2023 Core Developer Team
23 * @license GNU GPL 3.0 or any newer version
24 * @link http://www.shipsimu.org
26 * This program is free software: you can redistribute it and/or modify
27 * it under the terms of the GNU General Public License as published by
28 * the Free Software Foundation, either version 3 of the License, or
29 * (at your option) any later version.
31 * This program is distributed in the hope that it will be useful,
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
34 * GNU General Public License for more details.
36 * You should have received a copy of the GNU General Public License
37 * along with this program. If not, see <http://www.gnu.org/licenses/>.
39 class AccountPasswordVerifierFilter extends BaseFilter implements Filterable {
41 * Protected constructor
45 private function __construct () {
46 // Call parent constructor
47 parent::__construct(__CLASS__);
51 * Creates an instance of this filter class
53 * @return $filterInstance An instance of this filter class
55 public static final function createAccountPasswordVerifierFilter () {
57 $filterInstance = new AccountPasswordVerifierFilter();
59 // Return the instance
60 return $filterInstance;
64 * Executes the filter with given request and response objects
66 * @param $requestInstance An instance of a class with an Requestable interface
67 * @param $responseInstance An instance of a class with an Responseable interface
69 * @throws AccountPasswordMismatchException If the account password does not match
70 * @throws FilterChainException If this filter fails to operate
71 * @todo Rewrite handling of different password fields
73 public function execute (Requestable $requestInstance, Responseable $responseInstance) {
75 $password = $requestInstance->getRequestElement('pass_old');
77 // Is the password still not set?
78 if (is_null($password)) {
79 // Get password from alternative location
80 $password = $requestInstance->getRequestElement('password');
82 // Is the password still not set?
83 if (is_null($password)) {
84 // Not found in form so stop the filtering process
85 $requestInstance->setIsRequestValid(FALSE);
87 // Add a message to the response
88 $responseInstance->addFatalMessage('password_unset');
91 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
95 if (empty($password)) {
97 $requestInstance->setIsRequestValid(FALSE);
99 // Add a message to the response
100 $responseInstance->addFatalMessage('password_empty');
103 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
106 // Get a user instance
107 $userInstance = ObjectRegistry::getRegistry('generic')->getInstance('user');
110 $currentHash = $userInstance->getField('pass_hash');
112 // Get an encryption helper and encrypt the password
113 $passHash = CryptoHelper::getSelfInstance()->hashString($password, $currentHash);
116 if ($currentHash != $passHash) {
117 // Throw an exception here to stop the proccessing
118 throw new AccountPasswordMismatchException($this, BaseUser::EXCEPTION_USER_PASS_MISMATCH);