You are here

Home » API reference » Password Policy 7 » password_policy.module

function password_policy_user_update in Password Policy 7

Implements hook_user_update().

File

./password_policy.module, line 298
Allows enforcing restrictions on user passwords by defining policies.

Code

function password_policy_user_update(&$edit, $account, $category) {
  global $user;

  // If the user is being forced to change their password and is changing their
  // password, toggle the force_change field off.
  if (isset($account->original->force_password_change) && $account->original->force_password_change && isset($edit['pass'])) {
    db_update('password_policy_force_change')
      ->fields(array(
      'force_change' => 0,
    ))
      ->condition('uid', $account->uid)
      ->execute();
    db_delete('password_policy_expiration')
      ->condition('uid', $account->uid)
      ->execute();
  }
  elseif (!empty($edit['force_password_change'])) {

    // Check if user already has a force change entry.
    // If any users were created after this module was enabled, they will not
    // yet have an entry in this table.
    $user_exists = db_select('password_policy_force_change')
      ->condition('uid', $account->uid)
      ->countQuery()
      ->execute()
      ->fetchField();
    if ($user_exists == 0) {
      db_insert('password_policy_force_change')
        ->fields(array(
        'uid' => $account->uid,
        'force_change' => 1,
      ))
        ->execute();
    }
    else {
      db_update('password_policy_force_change')
        ->fields(array(
        'force_change' => 1,
      ))
        ->condition('uid', $account->uid)
        ->execute();
    }
    if ($user->uid != $account->uid) {
      drupal_set_message(t('@user will be required to change their password the next time they log in.', array(
        '@user' => $account->name,
      )));
    }
    if ($user->uid) {
      watchdog('password_policy', '@user flagged to change password on next login by @admin.', array(
        '@user' => $account->name,
        '@admin' => $user->name,
      ), WATCHDOG_NOTICE);
    }
    else {

      // The user may be updated programmatically (e.g., via Drupal cron). In
      // this case, there is no administrator forcing the password change.
      watchdog('password_policy', '@user flagged to change password on next login.', array(
        '@user' => $account->name,
      ), WATCHDOG_NOTICE);
    }
  }
  elseif (isset($edit['force_password_change'])) {
    db_update('password_policy_force_change')
      ->fields(array(
      'force_change' => 0,
    ))
      ->condition('uid', $account->uid)
      ->execute();
  }
  if (_password_policy_was_updated_user_unblocked($account)) {
    _password_policy_handle_unblock($account);
  }
}