--- /dev/null
+<?php
+/**
+ * A concrete filter for validating the password. This filter may intercept
+ * the filter chain if no password is given or the password is invalid
+ *
+ * @author Roland Haeder <webmaster@ship-simu.org>
+ * @version 0.0.0
+ * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software
+ * @license GNU GPL 3.0 or any newer version
+ * @link http://www.ship-simu.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+class AccountPasswordVerifierFilter extends BaseFilter implements Filterable {
+ /**
+ * Protected constructor
+ *
+ * @return void
+ */
+ protected function __construct () {
+ // Call parent constructor
+ parent::__construct(__CLASS__);
+ }
+
+ /**
+ * Creates an instance of this filter class
+ *
+ * @return $filterInstance An instance of this filter class
+ */
+ public final static function createAccountPasswordVerifierFilter () {
+ // Get a new instance
+ $filterInstance = new AccountPasswordVerifierFilter();
+
+ // Return the instance
+ return $filterInstance;
+ }
+
+ /**
+ * Executes the filter with given request and response objects
+ *
+ * @param $requestInstance An instance of a class with an Requestable interface
+ * @param $responseInstance An instance of a class with an Responseable interface
+ * @return void
+ * @throws AccountPasswordMismatchException If the account password does not match
+ */
+ public function execute (Requestable $requestInstance, Responseable $responseInstance) {
+ // Get password
+ $password = $requestInstance->getRequestElement('pass_old');
+
+ // Is the password still not set?
+ if (is_null($password)) {
+ // Not found in form so stop the filtering process
+ $requestInstance->requestIsValid(false);
+
+ // Add a message to the response
+ $responseInstance->addFatalMessage('pass_old_unset');
+
+ // Abort here
+ return false;
+ } elseif (empty($password)) {
+ // Password is empty
+ $requestInstance->requestIsValid(false);
+
+ // Add a message to the response
+ $responseInstance->addFatalMessage('pass_old_empty');
+
+ // Abort here
+ return false;
+ }
+
+ // Get a user instance
+ $userInstance = Registry::getRegistry()->getInstance('user');
+
+ // Get old hash
+ $oldHash = $userInstance->getField('pass_hash');
+
+ // Get an encryption helper and encrypt the password
+ $passHash = ObjectFactory::createObjectByConfiguredName('crypto_class')->hashString($password, $oldHash);
+
+ // Does it match?
+ if ($oldHash != $passHash) {
+ // Throw an exception here to stop the proccessing
+ throw new AccountPasswordMismatchException($this, BaseUser::EXCEPTION_USER_PASS_MISMATCH);
+ } // END - if
+ }
+}
+
+// [EOF]
+?>