function password_policy_delay_constraint in Password Policy 7.2
Constraint callback for delay constraint.
File
- plugins/
constraint/ delay.inc, line 47
Code
function password_policy_delay_constraint($password, $account, $constraint) {
// Determine user.
global $user;
if (!$account) {
$account = $user;
}
// @TODO Find out why the hook_user_load is not running correctly.
if (!isset($account->password_history)) {
password_policy_user_load(array(
$account->uid => $account,
));
}
// If password has never been changed, don't apply constraint.
if (empty($account->password_history)) {
return TRUE;
}
$password_index = !empty($constraint->config['threshold']) ? $constraint->config['threshold'] - 1 : 0;
// The threshold cannot be exceeded if the password has been changed fewer
// times than the threshold, so don't apply constraint.
if (!isset($account->password_history[$password_index])) {
return TRUE;
}
// If user has only system-generated password, uses one-time link and has the
// token in the URL, don't apply constraint.
$is_password_generated = count($account->password_history) == 1 && $account->password_history[0]->is_generated;
$is_one_time_login = isset($_SESSION['pass_reset_' . $account->uid], $_GET['pass-reset-token']) && $_GET['pass-reset-token'] === $_SESSION['pass_reset_' . $account->uid];
if ($is_password_generated && $is_one_time_login) {
return TRUE;
}
// Apply constraint if last number of password changes defined by threshold
// happened too recently.
return $account->password_history[$password_index]->created <= strtotime('-' . $constraint->config['delay']);
}