diff options
| author | Chris Cornutt <enygma@phpdeveloper.org> | 2015-02-18 11:40:32 -0500 |
|---|---|---|
| committer | Chris Cornutt <enygma@phpdeveloper.org> | 2015-02-18 11:40:32 -0500 |
| commit | 570b9748b1349b34b64422ae3ff6d178a2f16f80 (patch) | |
| tree | eedeb91ee96bab64cb0290038613949da1f51a81 /src | |
| parent | 5a45a80abe00b68916a3121ece9352c42b18e0a1 (diff) | |
| download | gatekeeper-570b9748b1349b34b64422ae3ff6d178a2f16f80.zip gatekeeper-570b9748b1349b34b64422ae3ff6d178a2f16f80.tar.gz gatekeeper-570b9748b1349b34b64422ae3ff6d178a2f16f80.tar.bz2 | |
adding a check to the addSecurityQuestion method to ensure answer != password
Diffstat (limited to 'src')
| -rw-r--r-- | src/Psecio/Gatekeeper/UserModel.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Psecio/Gatekeeper/UserModel.php b/src/Psecio/Gatekeeper/UserModel.php index f294587..1a797f7 100644 --- a/src/Psecio/Gatekeeper/UserModel.php +++ b/src/Psecio/Gatekeeper/UserModel.php @@ -477,6 +477,11 @@ class UserModel extends \Psecio\Gatekeeper\Model\Mysql throw new \InvalidArgumentException('Invalid question/answer data provided.'); } + // Ensure that the answer isn't the same as the user's password + if (password_verify($data['answer'], $this->password) === true) { + throw new \InvalidArgumentException('Security question answer cannot be the same as password.'); + } + $question = new SecurityQuestionModel($this->getDb(), array( 'question' => $data['question'], 'answer' => $data['answer'], |