You are here

Home » API reference » Login Security 5 » login_security.module

function login_security_user in Login Security 5

Same name and namespace in other branches
  1. 6 login_security.module \login_security_user()

Implementation of hook_user().

File

./login_security.module, line 38
Login Security

Code

function login_security_user($op, &$edit, &$account, $category = NULL) {
  global $user;
  static $login_security_last_login = FALSE;
  static $login_security_last_access = FALSE;
  switch ($op) {
    case 'load':
      if (!empty($user->uid) && $login_security_last_login === FALSE) {
        $login_security_last_login = $user->login;
      }
      if (!empty($user->uid) && $login_security_last_access === FALSE) {
        $login_security_last_access = $user->access;
      }
      break;
    case 'login':
      if (variable_get('login_security_last_login_timestamp', 0) && $login_security_last_login > 0) {
        drupal_set_message(t('Your last login was !stamp', array(
          '!stamp' => format_date($login_security_last_login, 'large'),
        )));
      }
      if (variable_get('login_security_last_access_timestamp', 0) && $login_security_last_access > 0) {
        drupal_set_message(t('Your last page access (site activity) was !stamp', array(
          '!stamp' => format_date($login_security_last_access, 'large'),
        )));
      }

      // Remove any notice message.. Damm.. I have to add more code to clean the message than to work for security :D
      if (variable_get('login_security_notice_attempts_available', LOGIN_SECURITY_NOTICE_ATTEMPTS_AVAILABLE) && isset($_SESSION['messages']['status'])) {
        foreach ($_SESSION['messages']['status'] as $mid => $mstr) {
          if (drupal_substr($mstr, 0, 23) == "<!-- login_security -->") {
            unset($_SESSION['messages']['status'][$mid]);
          }
        }
      }

      // clean the messages queue..
      if (!count($_SESSION['messages']['status'])) {
        unset($_SESSION['messages']['status']);
      }
      if (!count($_SESSION['messages'])) {
        unset($_SESSION['messages']);
      }

      // On success login remove any temporary protection for the IP address and the username
      db_query("DELETE FROM {login_security_track} WHERE name = '%s' and host = '%s'", $edit['name'], mip_address());
      break;
    case 'update':

      // The update case can be launched by the user or by any user administrator
      // On update, remove only the unser information tracked
      db_query("DELETE FROM {login_security_track} WHERE name = '%s'", $edit['name']);
      break;
  }
}