'messages' => array
() );
while ($line =
trim(fgets($fileHandle))) { if (substr($line, 0,
$idLength) ===
$id) { if ($this->
_secureStringCompare(substr($line, -32
),
md5("
$this->_username:
$this->_realm:
$this->_password"
))) { $result['code'
] = Zend_Auth_Result::SUCCESS;
} else { $result['code'
] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$result['messages'
][] = 'Password incorrect';
} return new Zend_Auth_Result($result['code'
],
$result['identity'
],
$result['messages'
]);
} } $result['code'
] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
$result['messages'
][] = "Username '
$this->_username' and realm '
$this->_realm' combination not found";
return new Zend_Auth_Result($result['code'
],
$result['identity'
],
$result['messages'
]);
} /**
* Securely compare two strings for equality while avoided C level memcmp()
* optimisations capable of leaking timing information useful to an attacker
* attempting to iteratively guess the unknown string (e.g. password) being
* compared against.
*
* @param string $a
* @param string $b
* @return bool
*/