You are here

Home » API reference » Password Policy 7 » password_policy.module

function password_policy_user_login in Password Policy 7

Implements hook_user_login().

File

./password_policy.module, line 379
Allows enforcing restrictions on user passwords by defining policies.

Code

function password_policy_user_login(&$edit, $account) {
  $roles = is_array($account->roles) ? array_keys($account->roles) : array();
  $policy = _password_policy_load_active_policy($roles, $account);

  // A value $edit['name'] is NULL for a one time login.
  if ($policy && (!empty($account->uid) && $account->uid > 1 || variable_get('password_policy_admin', 1)) && !empty($edit['values']['name'])) {

    // Calculate expiration and warning times.
    $expiration = $policy['expiration'];
    $warning = empty($policy['warning']) ? 0 : max(explode(',', $policy['warning']));
    $expiration_seconds = $expiration * (60 * 60 * 24);
    $warning_seconds = $warning * (60 * 60 * 24);

    // The policy was enabled.
    $policy_start = $policy['created'];
    if (variable_get('password_policy_begin', 0) == 1) {
      $policy_start -= $expiration_seconds;
    }
    if (!empty($expiration)) {

      // Account expiration is active.
      // Get the last password change time.
      $last_change = db_query_range('SELECT created FROM {password_policy_history} WHERE uid = :uid ORDER BY created DESC', 0, 1, array(
        ':uid' => $account->uid,
      ))
        ->fetchField();
      if (empty($last_change)) {

        // User has not changed their password since this module was enabled.
        $last_change = _password_policy_get_user_created_time($account);
      }
      $time = _password_policy_get_request_time();
      if ($time > max($policy_start, $last_change) + $expiration_seconds) {
        if (variable_get('password_policy_block', 0) == 0) {
          $cron_blocked = db_query_range('SELECT blocked FROM {password_policy_expiration} WHERE uid = :uid ORDER BY blocked DESC', 0, 1, array(
            ':uid' => $account->uid,
          ))
            ->fetchField();
          if ($cron_blocked > _password_policy_get_user_login_time($account)) {

            // User is blocked immediately and cannot change their password
            // after expiration.
            _password_policy_block_account($account);
          }
        }
        else {

          // Redirect user and let password force change handle.
          db_update('password_policy_force_change')
            ->fields(array(
            'force_change' => 1,
          ))
            ->condition('uid', $account->uid)
            ->execute();
          _password_policy_set_password_change_forced_message();
          _password_policy_go_to_password_change_page();
        }
      }
      elseif ($time > max($policy_start, $last_change) + $expiration_seconds - $warning_seconds) {

        // The warning is shown on login and the user is transferred to the
        // password change page.
        $days_left = ceil((max($policy_start, $last_change) + $expiration_seconds - $time) / (60 * 60 * 24));
        drupal_set_message(format_plural($days_left, 'Your password will expire in less than one day. Please change it.', 'Your password will expire in less than @count days. Please change it.'));
        _password_policy_go_to_password_change_page();
      }
    }
  }
}