You are here

Home » API reference » Password Strength 6.2 » password_strength.module

function password_strength_ajax_check in Password Strength 6.2

Same name and namespace in other branches
  1. 7 password_strength.module \password_strength_ajax_check()

Menu callback for AJAX password check.

1 string reference to 'password_strength_ajax_check'
password_strength_menu in ./password_strength.module
Implements hook_menu().

File

./password_strength.module, line 227
Provides password controls, validation, and strength checker.

Code

function password_strength_ajax_check() {

  // Prevent this page from being cached.
  // @todo https://www.drupal.org/node/2296737

  //drupal_page_is_cacheable(FALSE);

  // Ensure we have required data.
  if (!isset($_POST['token']) || !isset($_POST['uid']) || !isset($_POST['password']) || !is_numeric($_POST['uid'])) {
    password_strength_d7_drupal_json_output(FALSE);
    return;
  }
  $password = urldecode($_POST['password']);

  // Disallow POSTs larger than 256 characters as minor protection against DOS.
  if (strlen($password) > 256) {
    password_strength_d7_drupal_json_output(FALSE);
    return;
  }

  // Provide account as context for password strength.
  $account = user_load($_POST['uid']);
  $key = 'password_strength';
  $key .= ':' . $account->uid;

  // Validate token.
  if ($account->uid && !drupal_valid_token($_POST['token'], $key)) {
    password_strength_d7_drupal_json_output(FALSE);
    return;
  }

  // Get strength information from the password checker library.
  $strength = password_strength_strength($password, $account);

  // Get messages.
  $message_strength = password_strength_get_message_strength($strength);
  $message_flaws = password_strength_get_message_flaws($strength);

  // Here or password_strength_strength() may need to do zxcvbn() format
  // manipulation @todo
  $data = array(
    'entropy' => $strength['entropy'],
    'matches' => $strength['matches'],
    'score' => $strength['score'],
    'score_required' => $strength['score_required'],
    'percent' => $strength['percent'],
    'message_strength' => drupal_render($message_strength),
    'message_requirements' => '',
    'message_flaws' => drupal_render($message_flaws),
  );
  password_strength_d7_drupal_json_output($data);
}