class PasswordPolicyExpire in Password Policy 7.2

class PasswordPolicyExpire extends PasswordPolicyItem {
  public $ppType = array(
    'item',
    'cron',
    'init',
  );

  /**
   * Checks on init if the user password has expired.
   *
   * If the password has expired, we send the user to the user edit page until
   * they set a new password.
   */
  public function init($account) {

    // Do not do anything if expiration is disabled.
    $enabled = $this->config['expire_enabled'];
    if (!$enabled) {
      return;
    }

    // An expiration interval equal to zero means expiration is disabled.
    $expire_int = password_policy_parse_interval($this->config['expire_limit']);
    if (!$expire_int) {
      return;
    }

    // If this is a command line request (Drush, etc), skip processing.
    if (drupal_is_cli()) {
      return FALSE;
    }
    $stop = module_invoke_all('password_policy_expire_url_exclude', $account);
    if (!empty($stop)) {
      return FALSE;
    }

    // @TODO this should not be necessary
    password_policy_user_load(array(
      $account->uid => $account,
    ));
    if ($account->uid == 0) {
      return;
    }

    // If there is no password history, start one.
    if (!isset($account->password_history[0])) {
      $account->password_history[0] = (object) array(
        'uid' => $account->uid,
        'pass' => $account->pass,
        'created' => REQUEST_TIME,
        'is_generated' => FALSE,
      );
      password_policy_update_password_history($account->password_history[0]);
    }

    // Check to see that the password has expired.
    if ($account->password_history[0]->created + $expire_int < REQUEST_TIME) {

      // If we are on the check ajax page, then skip.
      if (current_path() != 'password_policy/check') {

        // If not on the password change page, go there.
        $password_change_path = $this
          ->getPasswordChangePath($account);
        if (current_path() != $password_change_path) {
          $this
            ->setExpiredWarningMessage();
          $this
            ->goToPasswordChangePath($account);
        }
      }
    }
  }

  /**
   * Gets password change path.
   *
   * @param object $account
   *   User object.
   *
   * @return string
   *   Password change path for the user.
   */
  public function getPasswordChangePath($account) {
    return "user/{$account->uid}/edit";
  }

  /**
   * Redirects user to password change path.
   *
   * @param object $account
   *   User object of user to be redirected.
   */
  public function goToPasswordChangePath($account) {
    $password_change_path = $this
      ->getPasswordChangePath($account);

    // Set query to redirect user back to their original destination after
    // leaving password change page.
    $options = array(
      'query' => drupal_get_destination(),
    );
    unset($_GET['destination']);
    drupal_goto($password_change_path, $options);
  }

  /**
   * Sets warning message indicating password has expired.
   */
  public function setExpiredWarningMessage() {
    if (!empty($this->config['expire_warning_message'])) {
      drupal_set_message($this->config['expire_warning_message'], 'warning');
    }
  }

  /**
   * Cron task for expiration plugin.
   *
   * Pulls all users that have expired passwords, ensures they are active with
   * this policy, and then notifies them of their soon-to-be expired password.
   */
  public function cron() {

    // Do not do anything if expiration is disabled.
    $enabled = $this->config['expire_enabled'];
    if (!$enabled) {
      return;
    }

    // Don't do anything if the policy does not require notification e-mails.
    if (empty($this->config['expire_warning_email_sent'])) {
      return;
    }
    $notice_interval_strings = explode(',', $this->config['expire_warning_email_sent']);
    $expire_interval_string = $this->config['expire_limit'];
    $policy_name = $this->policy->name;
    foreach ($notice_interval_strings as $notice_interval_string) {
      $notice_interval_string = trim($notice_interval_string);

      // See if we should be subtracting from expire interval.
      $from_interval = drupal_substr($notice_interval_string, 0, 1) == '-';
      $notice_interval_string = ltrim($notice_interval_string, '-');

      // Convert notice interval to secs.
      $notice_int = password_policy_parse_interval($notice_interval_string);

      // If we need to subtract from expire do so.
      $expire_int = password_policy_parse_interval($expire_interval_string);
      if ($from_interval) {
        $notice_int = $expire_int - $notice_int;
      }
      $candidates = _password_policy_expire_query_users($notice_int, $policy_name);
      foreach ($candidates as $candidate) {
        $account = user_load($candidate->uid, TRUE);
        if ($this->policy
          ->match($account)) {
          $message = _password_policy_expire_notify($account, $candidate, $candidate->created + $expire_int, $this);
          if ($message['result']) {
            watchdog('password_policy', 'Password expiration warning mailed to %username at %email.', array(
              '%username' => $account->name,
              '%email' => $account->mail,
            ));
            $notice_history = (object) array(
              'hid' => $candidate->hid,
              'name' => $this->policy->name,
              'timeframe' => $notice_int,
              // We use time() and not REQUEST_TIME so the stored sent time
              // will be as close as possible to the time the expiration
              // warning e-mail was sent.
              // @ignore upgrade7x_6
              'sent' => time(),
            );
            drupal_write_record('password_policy_notice_history', $notice_history);
          }
        }
      }
    }
  }

}