You are here

function password_policy_user in Password Policy 5

Same name and namespace in other branches
  1. 6 password_policy.module \password_policy_user()

The implementation of hook_user(). Used to trap the validation step so we can test any currently enabled password policies.

File

./password_policy.module, line 516

Code

function password_policy_user($type, &$edit, &$user, $category = NULL) {
  if ($category == 'account' && !empty($edit['pass'])) {
    if ($type == 'validate') {
      $constraint = password_policy_load_active_policy();
      if ($constraint && $constraint
        ->validate($edit['pass'], $user) == FALSE) {
        form_set_error('pass', t('Your password must meet the following requirements:') . $constraint
          ->getValidationErrorMessage($edit['pass'], $user));
      }
      else {

        // as long as the password policy module is enabled, we will track the hashed password values which
        // can then be used in the history constraint.
        if ($user->uid) {
          _password_policy_store_password($user->uid, $edit['pass']);
        }

        // if user successfully changed his password we will unblock the account
        db_query("UPDATE {users} SET status = 1 WHERE uid = %d", $user->uid);
        db_query("DELETE FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
      }
    }
    else {
      if ($type == 'insert' && !empty($edit['pass'])) {

        // new users will not yet have a uid during the validation step, but they will at this
        // insert step.  Here we store record their first password in the system for use
        // with the history constraint (if used).
        if ($user->uid) {
          _password_policy_store_password($user->uid, $edit['pass']);
        }
      }
    }
  }
  if ($type == 'login') {
    $constraint = password_policy_load_active_policy();

    // $edit['name'] is NULL for a one time login
    if ($constraint && ($user->uid > 1 || variable_get('password_policy_admin', false)) && !empty($edit['name'])) {
      $expiration = $constraint
        ->getExpiration();
      $warning = max(explode(',', $constraint
        ->getWarning()));
      $expiration_seconds = $expiration * 60 * 60 * 24;
      $warning_seconds = $warning * 60 * 60 * 24;
      $policy_enabled = _password_policy_enabled($expiration_seconds);
    }
    if (!empty($expiration)) {
      $result = db_query_range("SELECT * FROM {password_policy_users} WHERE uid = %d ORDER BY created DESC", $user->uid, 0, 1);
      if ($row = db_fetch_object($result)) {
        $last_change = $row->created;
      }
      else {

        // user has not changed his pwd after this module had been enabled
        $last_change = $user->created;
      }
      $time = time();
      if ($time > max($policy_enabled, $last_change) + $expiration_seconds) {
        db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $user->uid);
        $result = db_query("SELECT * FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
        if ($row = db_fetch_array($result)) {
          db_query("UPDATE {password_policy_expiration} SET blocked = %d WHERE uid = %d", $time, $user->uid);
        }
        else {
          db_query("INSERT INTO {password_policy_expiration} (uid, blocked) VALUES (%d, %d)", $user->uid, $time);
        }
        watchdog('password_policy', t('Password for user %name has expired.', array(
          '%name' => $user->name,
        )), WATCHDOG_NOTICE, l(t('edit'), "user/{$user->uid}/edit"));
        if (variable_get('password_policy_block', 0) == 0) {
          user_logout();
        }
        else {
          drupal_set_message(t('Your password has expired. You have to change it now or you won\'t be able to login again.'), 'error');
          unset($_REQUEST['destination']);
          drupal_goto("user/{$user->uid}/edit");
        }
      }
      elseif ($time > max($policy_enabled, $last_change) + $expiration_seconds - $warning_seconds) {
        $days_left = ceil((max($policy_enabled, $last_change) + $expiration_seconds - $time) / (60 * 60 * 24));
        drupal_set_message(t('Your password will expire in less than %number %days. Please change it.', array(
          '%number' => $days_left,
          '%days' => format_plural($days_left, t('day'), t('days')),
        )));
        unset($_REQUEST['destination']);
        drupal_goto("user/{$user->uid}/edit");
      }
    }
  }
  if ($type == 'delete') {
    db_query("DELETE FROM {password_policy_users} WHERE uid = %d", $user->uid);
    db_query("DELETE FROM {password_policy_expiration} WHERE uid = %d", $user->uid);
  }
}