function password_policy_user in Password Policy 5
Same name and namespace in other branches
- 6 password_policy.module \password_policy_user()
The implementation of hook_user(). Used to trap the validation step so we can test any currently enabled password policies.
File
- ./
password_policy.module, line 516
Code
function password_policy_user($type, &$edit, &$user, $category = NULL) {
if ($category == 'account' && !empty($edit['pass'])) {
if ($type == 'validate') {
$constraint = password_policy_load_active_policy();
if ($constraint && $constraint
->validate($edit['pass'], $user) == FALSE) {
form_set_error('pass', t('Your password must meet the following requirements:') . $constraint
->getValidationErrorMessage($edit['pass'], $user));
}
else {
// as long as the password policy module is enabled, we will track the hashed password values which
// can then be used in the history constraint.
if ($user->uid) {
_password_policy_store_password($user->uid, $edit['pass']);
}
// if user successfully changed his password we will unblock the account
db_query("UPDATE {users} SET status = 1 WHERE uid = %d", $user->uid);
db_query("DELETE FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
}
}
else {
if ($type == 'insert' && !empty($edit['pass'])) {
// new users will not yet have a uid during the validation step, but they will at this
// insert step. Here we store record their first password in the system for use
// with the history constraint (if used).
if ($user->uid) {
_password_policy_store_password($user->uid, $edit['pass']);
}
}
}
}
if ($type == 'login') {
$constraint = password_policy_load_active_policy();
// $edit['name'] is NULL for a one time login
if ($constraint && ($user->uid > 1 || variable_get('password_policy_admin', false)) && !empty($edit['name'])) {
$expiration = $constraint
->getExpiration();
$warning = max(explode(',', $constraint
->getWarning()));
$expiration_seconds = $expiration * 60 * 60 * 24;
$warning_seconds = $warning * 60 * 60 * 24;
$policy_enabled = _password_policy_enabled($expiration_seconds);
}
if (!empty($expiration)) {
$result = db_query_range("SELECT * FROM {password_policy_users} WHERE uid = %d ORDER BY created DESC", $user->uid, 0, 1);
if ($row = db_fetch_object($result)) {
$last_change = $row->created;
}
else {
// user has not changed his pwd after this module had been enabled
$last_change = $user->created;
}
$time = time();
if ($time > max($policy_enabled, $last_change) + $expiration_seconds) {
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $user->uid);
$result = db_query("SELECT * FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
if ($row = db_fetch_array($result)) {
db_query("UPDATE {password_policy_expiration} SET blocked = %d WHERE uid = %d", $time, $user->uid);
}
else {
db_query("INSERT INTO {password_policy_expiration} (uid, blocked) VALUES (%d, %d)", $user->uid, $time);
}
watchdog('password_policy', t('Password for user %name has expired.', array(
'%name' => $user->name,
)), WATCHDOG_NOTICE, l(t('edit'), "user/{$user->uid}/edit"));
if (variable_get('password_policy_block', 0) == 0) {
user_logout();
}
else {
drupal_set_message(t('Your password has expired. You have to change it now or you won\'t be able to login again.'), 'error');
unset($_REQUEST['destination']);
drupal_goto("user/{$user->uid}/edit");
}
}
elseif ($time > max($policy_enabled, $last_change) + $expiration_seconds - $warning_seconds) {
$days_left = ceil((max($policy_enabled, $last_change) + $expiration_seconds - $time) / (60 * 60 * 24));
drupal_set_message(t('Your password will expire in less than %number %days. Please change it.', array(
'%number' => $days_left,
'%days' => format_plural($days_left, t('day'), t('days')),
)));
unset($_REQUEST['destination']);
drupal_goto("user/{$user->uid}/edit");
}
}
}
if ($type == 'delete') {
db_query("DELETE FROM {password_policy_users} WHERE uid = %d", $user->uid);
db_query("DELETE FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
}
}