Online PHP editor | vld for LSWbZ

<?php /** * @file classes/security/Validation.inc.php * * Copyright (c) 2013-2015 Simon Fraser University Library * Copyright (c) 2003-2015 John Willinsky * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING. * * @class Validation * @ingroup security * * @brief Class providing user validation/authentication operations. */ import('classes.security.Role'); import('classes.security.password'); class Validation { /** * Authenticate user credentials and mark the user as logged in in the current session. * @param $username string * @param $password string unencrypted password * @param $reason string reference to string to receive the reason an account was disabled; null otherwise * @param $remember boolean remember a user's session past the current browser session * @return User the User associated with the login credentials, or false if the credentials are invalid */ function &login($username, $password, &$reason, $remember = false) { $implicitAuth = Config::getVar('security', 'implicit_auth'); $reason = null; $valid = false; $userDao =& DAORegistry::getDAO('UserDAO'); if ($implicitAuth) { // Implicit auth if (!Validation::isLoggedIn()) { PluginRegistry::loadCategory('implicitAuth'); // Call the implicitAuth hook. It will set user. HookRegistry::call('ImplicitAuthPlugin::implicitAuth', array(&$user)); $valid=true; } } else { // Regular Auth $user =& $userDao->getByUsername($username, true); if (!isset($user)) { // User does not exist return $valid; } if ($user->getAuthId()) { $authDao =& DAORegistry::getDAO('AuthSourceDAO'); $auth =& $authDao->getPlugin($user->getAuthId()); } if (isset($auth)) { // Validate against remote authentication source $valid = $auth->authenticate($username, $password); if ($valid) { $oldEmail = $user->getEmail(); $auth->doGetUserInfo($user); if ($user->getEmail() != $oldEmail) { // FIXME OJS requires email addresses to be unique; if changed email already exists, ignore if ($userDao->userExistsByEmail($user->getEmail())) { $user->setEmail($oldEmail); } } } } else { // Validate against OJS user database $valid = Validation::verifyPassword($username, $password, $user->getPassword(), $rehash); if ($valid && !empty($rehash)) { // update to new hashing algorithm $user->setPassword($rehash); } } } if (!$valid) { // Login credentials are invalid return $valid; } else { if ($user->getDisabled()) { // The user has been disabled. $reason = $user->getDisabledReason(); if ($reason === null) $reason = ''; $valid = false; return $valid; } // The user is valid, mark user as logged in in current session $sessionManager =& SessionManager::getManager(); // Regenerate session ID first $sessionManager->regenerateSessionId(); $session =& $sessionManager->getUserSession(); $session->setSessionVar('userId', $user->getId()); $session->setUserId($user->getId()); $session->setSessionVar('username', $user->getUsername()); $session->setRemember($remember); if ($remember && Config::getVar('general', 'session_lifetime') > 0) { // Update session expiration time $sessionManager->updateSessionLifetime(time() + Config::getVar('general', 'session_lifetime') * 86400); } $user->setDateLastLogin(Core::getCurrentDate()); $userDao->updateObject($user); return $user; } } /** * verify if the input password is correct * * @param string $username the string username * @param string $password the plaintext password * @param string $hash the password hash from the database * @param string &$rehash if password needs rehash, this variable is used * @return boolean */ function verifyPassword($username, $password, $hash, &$rehash) { if (LEGACY_ENCRYPTION) { // BCRYPT not supported return $hash === Validation::encryptCredentials($username, $password, false, true); } else if (password_needs_rehash($hash, PASSWORD_BCRYPT)) { // update to new hashing algorithm $oldHash = Validation::encryptCredentials($username, $password, false, true); if ($oldHash === $hash) { // update hash $rehash = Validation::encryptCredentials($username, $password); return true; } } else if (password_verify($password, $hash)) { return true; } return false; } /** * Mark the user as logged out in the current session. * @return boolean */ function logout() { $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $session->unsetSessionVar('userId'); $session->unsetSessionVar('signedInAs'); $session->setUserId(null); if ($session->getRemember()) { $session->setRemember(0); $sessionManager->updateSessionLifetime(0); } $sessionDao =& DAORegistry::getDAO('SessionDAO'); $sessionDao->updateObject($session); return true; } /** * Redirect to the login page, appending the current URL as the source. * @param $message string Optional name of locale key to add to login page */ function redirectLogin($message = null) { $args = array(); if (isset($_SERVER['REQUEST_URI'])) { $args['source'] = $_SERVER['REQUEST_URI']; } if ($message !== null) { $args['loginMessage'] = $message; } Request::redirect(null, 'login', null, null, $args); } /** * Check if a user's credentials are valid. * @param $username string username * @param $password string unencrypted password * @return boolean */ function checkCredentials($username, $password) { $userDao =& DAORegistry::getDAO('UserDAO'); $user =& $userDao->getByUsername($username, false); $valid = false; if (isset($user)) { if ($user->getAuthId()) { $authDao =& DAORegistry::getDAO('AuthSourceDAO'); $auth =& $authDao->getPlugin($user->getAuthId()); } if (isset($auth)) { $valid = $auth->authenticate($username, $password); } else { // Validate against OJS user database $valid = Validation::verifyPassword($username, $password, $user->getPassword(), $rehash); if ($valid && !empty($rehash)) { // update to new hashing algorithm $user->setPassword($rehash); // save new password hash to database $userDao->updateObject($user); } } } return $valid; } /** * Check if a user is authorized to access the specified role in the specified journal. * @param $roleId int * @param $journalId optional (e.g., for global site admin role), the ID of the journal * @return boolean */ function isAuthorized($roleId, $journalId = 0) { if (!Validation::isLoggedIn()) { return false; } if ($journalId === -1) { // Get journal ID from request $journal =& Request::getJournal(); $journalId = $journal == null ? 0 : $journal->getId(); } $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $user =& $session->getUser(); $roleDao =& DAORegistry::getDAO('RoleDAO'); return $roleDao->userHasRole($journalId, $user->getId(), $roleId); } /** * Encrypt user passwords for database storage. * The username is used as a unique salt to make dictionary * attacks against a compromised database more difficult. * @param $username string username (kept for backwards compatibility) * @param $password string unencrypted password * @param $encryption string optional encryption algorithm to use, defaulting to the value from the site configuration * @param $legacy boolean if true, use legacy hashing technique for backwards compatibility * @return string encrypted password */ function encryptCredentials($username, $password, $encryption = false, $legacy = LEGACY_ENCRYPTION) { if ($legacy || LEGACY_ENCRYPTION) { $valueToEncrypt = $username . $password; if ($encryption == false) { $encryption = Config::getVar('security', 'encryption'); } switch ($encryption) { case 'sha1': if (function_exists('sha1')) { return sha1($valueToEncrypt); } case 'md5': default: return md5($valueToEncrypt); } } else { return password_hash($password, PASSWORD_BCRYPT); } } /** * Generate a random password. * Assumes the random number generator has already been seeded. * @param $length int the length of the password to generate (default 8) * @return string */ function generatePassword($length = 8) { $letters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'; $numbers = '23456789'; $password = ""; for ($i=0; $i<$length; $i++) { $password .= mt_rand(1, 4) == 4 ? $numbers[mt_rand(0,strlen($numbers)-1)] : $letters[mt_rand(0, strlen($letters)-1)]; } return $password; } /** * Generate a hash value to use for confirmation to reset a password. * @param $userId int * @return string (boolean false if user is invalid) */ function generatePasswordResetHash($userId) { $userDao =& DAORegistry::getDAO('UserDAO'); if (($user = $userDao->getUser($userId)) == null) { // No such user return false; } // create hash payload $salt = Config::getVar('security', 'salt'); // use last login time to create a basic expiry coeffecient $lastLogin = strtotime($user->getDateLastLogin()); $time = time(); $normalised = ($time - ($time % 3600)) + 7200; $diff = floor(($normalised - $lastLogin) / 3600); $data = $user->getUsername() . $user->getPassword() . $lastLogin . $diff; switch (true) { case function_exists('hash_hmac'): // always use HMAC SHA256 if available return hash_hmac('sha256', $data, $salt); case function_exists('sha1'); // use SHA1 is HMAC not available return sha1($data . $salt); default: // fallback to MD5 return md5($data . $salt); } } /** * Suggest a username given the first and last names. * @return string */ function suggestUsername($firstName, $lastName) { $initial = String::substr($firstName, 0, 1); $suggestion = String::regexp_replace('/[^a-zA-Z0-9_-]/', '', String::strtolower($initial . $lastName)); $userDao =& DAORegistry::getDAO('UserDAO'); for ($i = ''; $userDao->userExistsByUsername($suggestion . $i); $i++); return $suggestion . $i; } /** * Check if the user must change their password in order to log in. * @return boolean */ function isLoggedIn() { $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $userId = $session->getUserId(); return isset($userId) && !empty($userId); } /** * Shortcut for checking authorization as site admin. * @return boolean */ function isSiteAdmin() { return Validation::isAuthorized(ROLE_ID_SITE_ADMIN); } /** * Shortcut for checking authorization as journal manager. * @param $journalId int * @return boolean */ function isJournalManager($journalId = -1) { return Validation::isAuthorized(ROLE_ID_JOURNAL_MANAGER, $journalId); } /** * Shortcut for checking authorization as editor. * @param $journalId int * @return boolean */ function isEditor($journalId = -1) { return Validation::isAuthorized(ROLE_ID_EDITOR, $journalId); } /** * Shortcut for checking authorization as section editor. * @param $journalId int * @return boolean */ function isSectionEditor($journalId = -1) { return Validation::isAuthorized(ROLE_ID_SECTION_EDITOR, $journalId); } /** * Shortcut for checking authorization as layout editor. * @param $journalId int * @return boolean */ function isLayoutEditor($journalId = -1) { return Validation::isAuthorized(ROLE_ID_LAYOUT_EDITOR, $journalId); } /** * Shortcut for checking authorization as reviewer. * @param $journalId int * @return boolean */ function isReviewer($journalId = -1) { return Validation::isAuthorized(ROLE_ID_REVIEWER, $journalId); } /** * Shortcut for checking authorization as copyeditor. * @param $journalId int * @return boolean */ function isCopyeditor($journalId = -1) { return Validation::isAuthorized(ROLE_ID_COPYEDITOR, $journalId); } /** * Shortcut for checking authorization as proofreader. * @param $journalId int * @return boolean */ function isProofreader($journalId = -1) { return Validation::isAuthorized(ROLE_ID_PROOFREADER, $journalId); } /** * Shortcut for checking authorization as author. * @param $journalId int * @return boolean */ function isAuthor($journalId = -1) { return Validation::isAuthorized(ROLE_ID_AUTHOR, $journalId); } /** * Shortcut for checking authorization as reader. * @param $journalId int * @return boolean */ function isReader($journalId = -1) { return Validation::isAuthorized(ROLE_ID_READER, $journalId); } /** * Shortcut for checking authorization as subscription manager. * @param $journalId int * @return boolean */ function isSubscriptionManager($journalId = -1) { return Validation::isAuthorized(ROLE_ID_SUBSCRIPTION_MANAGER, $journalId); } /** * Check whether a user is allowed to administer another user. * @param $journalId int * @param $userId int * @return boolean */ function canAdminister($journalId, $userId) { if (Validation::isSiteAdmin()) return true; if (!Validation::isJournalManager($journalId)) return false; // Check for roles in other journals that this user // doesn't have administrative rights over. $roleDao =& DAORegistry::getDAO('RoleDAO'); $roles =& $roleDao->getRolesByUserId($userId); foreach ($roles as $role) { if ($role->getRoleId() == ROLE_ID_SITE_ADMIN) return false; if ( $role->getJournalId() != $journalId && !Validation::isJournalManager($role->getJournalId()) ) return false; } // There were no conflicting roles. return true; } } ?>

Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/LSWbZ
function name:  (null)
number of ops:  7
compiled vars:  none
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   16     0  E >   INIT_FCALL_BY_NAME                                       'import'
          1        SEND_VAL_EX                                              'classes.security.Role'
          2        DO_FCALL                                      0          
   17     3        INIT_FCALL_BY_NAME                                       'import'
          4        SEND_VAL_EX                                              'classes.security.password'
          5        DO_FCALL                                      0          
  490     6      > RETURN                                                   1

Class Validation:
Function login:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 16, Position 2 = 30
Branch analysis from position: 16
2 jumps found. (Code = 43) Position 1 = 20, Position 2 = 29
Branch analysis from position: 20
1 jumps found. (Code = 42) Position 1 = 97
Branch analysis from position: 97
2 jumps found. (Code = 43) Position 1 = 99, Position 2 = 101
Branch analysis from position: 99
Return found
Branch analysis from position: 101
2 jumps found. (Code = 43) Position 1 = 104, Position 2 = 112
Branch analysis from position: 104
2 jumps found. (Code = 43) Position 1 = 109, Position 2 = 110
Branch analysis from position: 109
Return found
Branch analysis from position: 110
Branch analysis from position: 112
2 jumps found. (Code = 46) Position 1 = 141, Position 2 = 147
Branch analysis from position: 141
2 jumps found. (Code = 43) Position 1 = 148, Position 2 = 159
Branch analysis from position: 148
Return found
Branch analysis from position: 159
Branch analysis from position: 147
Branch analysis from position: 29
Branch analysis from position: 30
2 jumps found. (Code = 43) Position 1 = 38, Position 2 = 39
Branch analysis from position: 38
Return found
Branch analysis from position: 39
2 jumps found. (Code = 43) Position 1 = 42, Position 2 = 52
Branch analysis from position: 42
2 jumps found. (Code = 43) Position 1 = 54, Position 2 = 80
Branch analysis from position: 54
2 jumps found. (Code = 43) Position 1 = 60, Position 2 = 79
Branch analysis from position: 60
2 jumps found. (Code = 43) Position 1 = 70, Position 2 = 79
Branch analysis from position: 70
2 jumps found. (Code = 43) Position 1 = 76, Position 2 = 79
Branch analysis from position: 76
1 jumps found. (Code = 42) Position 1 = 97
Branch analysis from position: 97
Branch analysis from position: 79
Branch analysis from position: 79
Branch analysis from position: 79
Branch analysis from position: 80
2 jumps found. (Code = 46) Position 1 = 90, Position 2 = 93
Branch analysis from position: 90
2 jumps found. (Code = 43) Position 1 = 94, Position 2 = 97
Branch analysis from position: 94
2 jumps found. (Code = 43) Position 1 = 99, Position 2 = 101
Branch analysis from position: 99
Branch analysis from position: 101
Branch analysis from position: 97
Branch analysis from position: 93
Branch analysis from position: 52
filename:       /in/LSWbZ
function name:  login
number of ops:  169
compiled vars:  !0 = $username, !1 = $password, !2 = $reason, !3 = $remember, !4 = $implicitAuth, !5 = $valid, !6 = $userDao, !7 = $user, !8 = $authDao, !9 = $auth, !10 = $oldEmail, !11 = $rehash, !12 = $sessionManager, !13 = $session
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   29     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV                                             !2      
          3        RECV_INIT                                        !3      <false>
   30     4        INIT_STATIC_METHOD_CALL                                  'Config', 'getVar'
          5        SEND_VAL_EX                                              'security'
          6        SEND_VAL_EX                                              'implicit_auth'
          7        DO_FCALL                                      0  $14     
          8        ASSIGN                                                   !4, $14
   32     9        ASSIGN                                                   !2, null
   33    10        ASSIGN                                                   !5, <false>
   34    11        INIT_STATIC_METHOD_CALL                                  'DAORegistry', 'getDAO'
         12        SEND_VAL_EX                                              'UserDAO'
         13        DO_FCALL                                      0  $18     
         14        ASSIGN_REF                                               !6, $18
   36    15      > JMPZ                                                     !4, ->30
   37    16    >   INIT_STATIC_METHOD_CALL                                  'Validation', 'isLoggedIn'
         17        DO_FCALL                                      0  $20     
         18        BOOL_NOT                                         ~21     $20
         19      > JMPZ                                                     ~21, ->29
   38    20    >   INIT_STATIC_METHOD_CALL                                  'PluginRegistry', 'loadCategory'
         21        SEND_VAL_EX                                              'implicitAuth'
         22        DO_FCALL                                      0          
   42    23        INIT_STATIC_METHOD_CALL                                  'HookRegistry', 'call'
         24        SEND_VAL_EX                                              'ImplicitAuthPlugin%3A%3AimplicitAuth'
         25        INIT_ARRAY                                       ~23     !7
         26        SEND_VAL_EX                                              ~23
         27        DO_FCALL                                      0          
   44    28        ASSIGN                                                   !5, <true>
         29    > > JMP                                                      ->97
   47    30    >   INIT_METHOD_CALL                                         !6, 'getByUsername'
         31        SEND_VAR_EX                                              !0
         32        SEND_VAL_EX                                              <true>
         33        DO_FCALL                                      0  $26     
         34        ASSIGN_REF                                               !7, $26
   49    35        ISSET_ISEMPTY_CV                                 ~28     !7
         36        BOOL_NOT                                         ~29     ~28
         37      > JMPZ                                                     ~29, ->39
   51    38    > > RETURN_BY_REF                                            !5
   54    39    >   INIT_METHOD_CALL                                         !7, 'getAuthId'
         40        DO_FCALL                                      0  $30     
         41      > JMPZ                                                     $30, ->52
   55    42    >   INIT_STATIC_METHOD_CALL                                  'DAORegistry', 'getDAO'
         43        SEND_VAL_EX                                              'AuthSourceDAO'
         44        DO_FCALL                                      0  $31     
         45        ASSIGN_REF                                               !8, $31
   56    46        INIT_METHOD_CALL                                         !8, 'getPlugin'
         47        INIT_METHOD_CALL                                         !7, 'getAuthId'
         48        DO_FCALL                                      0  $33     
         49        SEND_VAR_NO_REF_EX                                       $33
         50        DO_FCALL                                      0  $34     
         51        ASSIGN_REF                                               !9, $34
   59    52    >   ISSET_ISEMPTY_CV                                         !9
         53      > JMPZ                                                     ~36, ->80
   61    54    >   INIT_METHOD_CALL                                         !9, 'authenticate'
         55        SEND_VAR_EX                                              !0
         56        SEND_VAR_EX                                              !1
         57        DO_FCALL                                      0  $37     
         58        ASSIGN                                                   !5, $37
   62    59      > JMPZ                                                     !5, ->79
   63    60    >   INIT_METHOD_CALL                                         !7, 'getEmail'
         61        DO_FCALL                                      0  $39     
         62        ASSIGN                                                   !10, $39
   64    63        INIT_METHOD_CALL                                         !9, 'doGetUserInfo'
         64        SEND_VAR_EX                                              !7
         65        DO_FCALL                                      0          
   65    66        INIT_METHOD_CALL                                         !7, 'getEmail'
         67        DO_FCALL                                      0  $42     
         68        IS_NOT_EQUAL                                             !10, $42
         69      > JMPZ                                                     ~43, ->79
   67    70    >   INIT_METHOD_CALL                                         !6, 'userExistsByEmail'
         71        INIT_METHOD_CALL                                         !7, 'getEmail'
         72        DO_FCALL                                      0  $44     
         73        SEND_VAR_NO_REF_EX                                       $44
         74        DO_FCALL                                      0  $45     
         75      > JMPZ                                                     $45, ->79
   68    76    >   INIT_METHOD_CALL                                         !7, 'setEmail'
         77        SEND_VAR_EX                                              !10
         78        DO_FCALL                                      0          
         79    > > JMP                                                      ->97
   74    80    >   INIT_STATIC_METHOD_CALL                                  'Validation', 'verifyPassword'
         81        SEND_VAR_EX                                              !0
         82        SEND_VAR_EX                                              !1
         83        INIT_METHOD_CALL                                         !7, 'getPassword'
         84        DO_FCALL                                      0  $47     
         85        SEND_VAR_NO_REF_EX                                       $47
         86        SEND_VAR_EX                                              !11
         87        DO_FCALL                                      0  $48     
         88        ASSIGN                                                   !5, $48
   76    89      > JMPZ_EX                                          ~50     !5, ->93
         90    >   ISSET_ISEMPTY_CV                                 ~51     !11
         91        BOOL_NOT                                         ~52     ~51
         92        BOOL                                             ~50     ~52
         93    > > JMPZ                                                     ~50, ->97
   78    94    >   INIT_METHOD_CALL                                         !7, 'setPassword'
         95        SEND_VAR_EX                                              !11
         96        DO_FCALL                                      0          
   83    97    >   BOOL_NOT                                         ~54     !5
         98      > JMPZ                                                     ~54, ->101
   85    99    > > RETURN_BY_REF                                            !5
        100*       JMP                                                      ->168
   88   101    >   INIT_METHOD_CALL                                         !7, 'getDisabled'
        102        DO_FCALL                                      0  $55     
        103      > JMPZ                                                     $55, ->112
   90   104    >   INIT_METHOD_CALL                                         !7, 'getDisabledReason'
        105        DO_FCALL                                      0  $56     
        106        ASSIGN                                                   !2, $56
   91   107        TYPE_CHECK                                    2          !2
        108      > JMPZ                                                     ~58, ->110
        109    >   ASSIGN                                                   !2, ''
   92   110    >   ASSIGN                                                   !5, <false>
   93   111      > RETURN_BY_REF                                            !5
   97   112    >   INIT_STATIC_METHOD_CALL                                  'SessionManager', 'getManager'
        113        DO_FCALL                                      0  $61     
        114        ASSIGN_REF                                               !12, $61
  100   115        INIT_METHOD_CALL                                         !12, 'regenerateSessionId'
        116        DO_FCALL                                      0          
  102   117        INIT_METHOD_CALL                                         !12, 'getUserSession'
        118        DO_FCALL                                      0  $64     
        119        ASSIGN_REF                                               !13, $64
  103   120        INIT_METHOD_CALL                                         !13, 'setSessionVar'
        121        SEND_VAL_EX                                              'userId'
        122        INIT_METHOD_CALL                                         !7, 'getId'
        123        DO_FCALL                                      0  $66     
        124        SEND_VAR_NO_REF_EX                                       $66
        125        DO_FCALL                                      0          
  104   126        INIT_METHOD_CALL                                         !13, 'setUserId'
        127        INIT_METHOD_CALL                                         !7, 'getId'
        128        DO_FCALL                                      0  $68     
        129        SEND_VAR_NO_REF_EX                                       $68
        130        DO_FCALL                                      0          
  105   131        INIT_METHOD_CALL                                         !13, 'setSessionVar'
        132        SEND_VAL_EX                                              'username'
        133        INIT_METHOD_CALL                                         !7, 'getUsername'
        134        DO_FCALL                                      0  $70     
        135        SEND_VAR_NO_REF_EX                                       $70
        136        DO_FCALL                                      0          
  106   137        INIT_METHOD_CALL                                         !13, 'setRemember'
        138        SEND_VAR_EX                                              !3
        139        DO_FCALL                                      0          
  108   140      > JMPZ_EX                                          ~73     !3, ->147
        141    >   INIT_STATIC_METHOD_CALL                                  'Config', 'getVar'
        142        SEND_VAL_EX                                              'general'
        143        SEND_VAL_EX                                              'session_lifetime'
        144        DO_FCALL                                      0  $74     
        145        IS_SMALLER                                       ~75     0, $74
        146        BOOL                                             ~73     ~75
        147    > > JMPZ                                                     ~73, ->159
  110   148    >   INIT_METHOD_CALL                                         !12, 'updateSessionLifetime'
        149        INIT_FCALL                                               'time'
        150        DO_ICALL                                         $76     
        151        INIT_STATIC_METHOD_CALL                                  'Config', 'getVar'
        152        SEND_VAL_EX                                              'general'
        153        SEND_VAL_EX                                              'session_lifetime'
        154        DO_FCALL                                      0  $77     
        155        MUL                                              ~78     $77, 86400
        156        ADD                                              ~79     $76, ~78
        157        SEND_VAL_EX                                              ~79
        158        DO_FCALL                                      0          
  113   159    >   INIT_METHOD_CALL                                         !7, 'setDateLastLogin'
        160        INIT_STATIC_METHOD_CALL                                  'Core', 'getCurrentDate'
        161        DO_FCALL                                      0  $81     
        162        SEND_VAR_NO_REF_EX                                       $81
        163        DO_FCALL                                      0          
  114   164        INIT_METHOD_CALL                                         !6, 'updateObject'
        165        SEND_VAR_EX                                              !7
        166        DO_FCALL                                      0          
  116   167      > RETURN_BY_REF                                            !7
  118   168*     > RETURN_BY_REF                                            null

End of function login

Function verifypassword:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 6, Position 2 = 15
Branch analysis from position: 6
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 15
2 jumps found. (Code = 43) Position 1 = 20, Position 2 = 36
Branch analysis from position: 20
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 35
Branch analysis from position: 29
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 35
1 jumps found. (Code = 42) Position 1 = 42
Branch analysis from position: 42
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 36
2 jumps found. (Code = 43) Position 1 = 41, Position 2 = 42
Branch analysis from position: 41
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 42
filename:       /in/LSWbZ
function name:  verifyPassword
number of ops:  44
compiled vars:  !0 = $username, !1 = $password, !2 = $hash, !3 = $rehash, !4 = $oldHash
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  129     0  E >   RECV                                             !0      
          1        RECV                                             !1      
          2        RECV                                             !2      
          3        RECV                                             !3      
  130     4        FETCH_CONSTANT                                   ~5      'LEGACY_ENCRYPTION'
          5      > JMPZ                                                     ~5, ->15
  132     6    >   INIT_STATIC_METHOD_CALL                                  'Validation', 'encryptCredentials'
          7        SEND_VAR_EX                                              !0
          8        SEND_VAR_EX                                              !1
          9        SEND_VAL_EX                                              <false>
         10        SEND_VAL_EX                                              <true>
         11        DO_FCALL                                      0  $6      
         12        IS_IDENTICAL                                     ~7      !2, $6
         13      > RETURN                                                   ~7
         14*       JMP                                                      ->42
  134    15    >   INIT_FCALL                                               'password_needs_rehash'
         16        SEND_VAR                                                 !2
         17        SEND_VAL                                                 '2y'
         18        DO_ICALL                                         $8      
         19      > JMPZ                                                     $8, ->36
  136    20    >   INIT_STATIC_METHOD_CALL                                  'Validation', 'encryptCredentials'
         21        SEND_VAR_EX                                              !0
         22        SEND_VAR_EX                                              !1
         23        SEND_VAL_EX                                              <false>
         24        SEND_VAL_EX                                              <true>
         25        DO_FCALL                                      0  $9      
         26        ASSIGN                                                   !4, $9
  138    27        IS_IDENTICAL                                             !4, !2
         28      > JMPZ                                                     ~11, ->35
  140    29    >   INIT_STATIC_METHOD_CALL                                  'Validation', 'encryptCredentials'
         30        SEND_VAR_EX                                              !0
         31        SEND_VAR_EX                                              !1
         32        DO_FCALL                                      0  $12     
         33        ASSIGN                                                   !3, $12
  142    34      > RETURN                                                   <true>
         35    > > JMP                                                      ->42
  145    36    >   INIT_FCALL                                               'password_verify'
         37        SEND_VAR                                                 !1
         38        SEND_VAR                                                 !2
         39        DO_ICALL                                         $14     
         40      > JMPZ                                                     $14, ->42
  146    41    > > RETURN                                                   <true>
  149    42    > > RETURN                                                   <false>
  150    43*     > RETURN                                                   null

End of function verifypassword

Function logout:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 18, Position 2 = 24
Branch analysis from position: 18
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 24
filename:       /in/LSWbZ
function name:  logout
number of ops:  33
compiled vars:  !0 = $sessionManager, !1 = $session, !2 = $sessionDao
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  157     0  E >   INIT_STATIC_METHOD_CALL                                  'SessionManager', 'getManager'
          1        DO_FCALL                                      0  $3      
          2        ASSIGN_REF                                               !0, $3
  158     3        INIT_METHOD_CALL                                         !0, 'getUserSession'
          4        DO_FCALL                                      0  $5      
          5        ASSIGN_REF                                               !1, $5
  159     6        INIT_METHOD_CALL                                         !1, 'unsetSessionVar'
          7        SEND_VAL_EX                                              'userId'
          8        DO_FCALL                                      0          
  160     9        INIT_METHOD_CALL                                         !1, 'unsetSessionVar'
         10        SEND_VAL_EX                                              'signedInAs'
         11        DO_FCALL                                      0          
  161    12        INIT_METHOD_CALL                                         !1, 'setUserId'
         13        SEND_VAL_EX                                              null
         14        DO_FCALL                                      0          
  163    15        INIT_METHOD_CALL                                         !1, 'getRemember'
         16        DO_FCALL                                      0  $10     
         17      > JMPZ                                                     $10, ->24
  164    18    >   INIT_METHOD_CALL                                         !1, 'setRemember'
         19        SEND_VAL_EX                                              0
         20        DO_FCALL                                      0          
  165    21        INIT_METHOD_CALL                                         !0, 'updateSessionLifetime'
         22        SEND_VAL_EX                                              0
         23        DO_FCALL                                      0          
  168    24    >   INIT_STATIC_METHOD_CALL                                  'DAORegistry', 'getDAO'
         25        SEND_VAL_EX                                              'SessionDAO'
         26        DO_FCALL                                      0  $13     
         27        ASSIGN_REF                                               !2, $13
  169    28        INIT_METHOD_CALL                                         !2, 'updateObject'
         29        SEND_VAR_EX                                              !1
         30        DO_FCALL                                      0          
  171    31      > RETURN                                                   <true>
  172    32*     > RETURN                                                   null

End of function logout

Function redirectlogin:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 5, Position 2 = 9
Branch analysis from position: 5
2 jumps found. (Code = 43) Position 1 = 11, Position 2 = 13
Branch analysis from position: 11
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 13
Branch analysis from position: 9
filename:       /in/LSWbZ
function name:  redirectLogin
number of ops:  21
compiled vars:  !0 = $message, !1 = $args
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  178     0  E >   RECV_INIT                                        !0      null
  179     1        ASSIGN                                                   !1, <array>
  181     2        FETCH_IS                                         ~3      '_SERVER'
          3        ISSET_ISEMPTY_DIM_OBJ                         0          ~3, 'REQUEST_URI'
          4      > JMPZ                                                     ~4, ->9
  182     5    >   FETCH_R                      global              ~6      '_SERVER'
          6        FETCH_DIM_R                                      ~7      ~6, 'REQUEST_URI'
          7        ASSIGN_DIM                                               !1, 'source'
          8        OP_DATA                                                  ~7
  184     9    >   TYPE_CHECK                                  1020          !0
         10      > JMPZ                                                     ~8, ->13
  185    11    >   ASSIGN_DIM                                               !1, 'loginMessage'
         12        OP_DATA                                                  !0
  188    13    >   INIT_STATIC_METHOD_CALL                                  'Request', 'redirect'
         14        SEND_VAL_EX                                              null
         15        SEND_VAL_EX                                              'login'
         16        SEND_VAL_EX                                              null
         17        SEND_VAL_EX                                              null
         18        SEND_VAR_EX                                              !1
         19        DO_FCALL                                      0          
  189    20      > RETURN                                                   null

End of function redirectlogin

Function checkcredentials:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 14, Position 2 = 55
Branch analysis from position: 14
2 jumps found. (Code = 43) Position 1 = 17, Position 2 = 27
Branch analysis from position: 17
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 35
Branch analysis from position: 29
1 jumps found. (Code = 42) Position 1 = 55
Branch analysis from position: 55
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 35
2 jumps found. (Code = 46) Position 1 = 45, Position 2 = 48
Branch analysis from position: 45
2 jumps found. (Code = 43) Position 1 = 49, Position 2 = 55
Branch analysis from position: 49
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 55
Branch analysis from position: 48
Branch analysis from position: 27
Branch analysis from position: 55
filename:       /in/LSWbZ
function name:  checkCredentials
number of ops:  57
compiled vars:  !0 = $username, !1 = $password, !2 = $userDao, !3 = $user, !4 = $valid, !5 = $authDao, !6 = $auth, !7 = $rehash
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
  197     0  E >   RECV                                             !0      
          1        RECV                                             !1      
  198     2        INIT_STATIC_METHOD_CALL                                  'DAORegistry', 'getDAO'
          3        SEND_VAL_EX                                              'UserDAO'
          4        DO_FCALL                                      0  $8      
          5        ASSIGN_REF                                               !2, $8
  199     6        INIT_METHOD_CALL                                         !2, 'getByUsername'
          7        SEND_VAR_EX                                              !0
          8        SEND_VAL_EX                                              <false>
          9        DO_FCALL                                      0  $10     
         10        ASSIGN_REF                                               !3, $10
  201    11        ASSIGN                                                   !4, <false>
  202    12        ISSET_ISEMPTY_CV                                         !3
         13      > JMPZ                                                     ~13, ->55
  203    14    >   INIT_METHOD_CALL                                         !3, 'getAuthId'
         15        DO_FCALL                                      0  $14     
         16      > JMPZ                                                     $14, ->27
  204    17    >   INIT_STATIC_METHOD_CALL                                  'DAORegistry', 'getDAO'
         18        SEND_VAL_EX                                              'AuthSourceDAO'
         19        DO_FCALL                                      0  $15     
         20        ASSIGN_REF                                               !5, $15
  205    21        INIT_METHOD_CALL                                         !5, 'getPlugin'
         22        INIT_METHOD_CALL                                         !3, 'getAuthId'
         23        DO_FCALL                                      0  $17     
         24        SEND_VAR_NO_REF_EX                                       $17
         25        DO_FCALL                                      0  $18     
         26        ASSIGN_REF                                               !6, $18
  208    27    >   ISSET_ISEMPTY_CV                                         !6
         28      > JMPZ                                                     ~20, ->35
  209    29    >   INIT_METHOD_CALL                                         !6, 'authenticate'
         30        SEND_VAR_EX

Generated using Vulcan Logic Dumper, using php 8.0.0