You are here

function _prod_check_user_pass in Production check & Production monitor 6

Same name and namespace in other branches
  1. 7 prod_check.module \_prod_check_user_pass()

File

./prod_check.module, line 1271

Code

function _prod_check_user_pass($caller = 'internal') {
  $check = array();
  $secure = TRUE;
  $list = '';
  $title = 'User passwords';
  $path = '';
  if ($caller != 'internal') {
    $path = PRODCHECK_BASEURL;
  }

  // Be sure to omit the anonymous user with id 0.
  $result = db_query('SELECT uid, name FROM {users} WHERE uid <> 0 AND status = 1 AND MD5(name) = pass');
  while ($row = db_fetch_array($result)) {
    $list .= l($row['name'], $path . 'user/' . $row['uid'] . '/edit', array(
      'attributes' => array(
        'title' => t('Edit user') . ' ' . $row['name'],
      ),
      'query' => drupal_get_destination(),
    )) . ', ';
  }
  if (!empty($list)) {
    $secure = FALSE;

    // Remove last comma and space.
    $list = rtrim($list, ', ');
  }
  $check['prod_check_user_pass'] = array(
    '#title' => t($title),
    '#state' => $secure,
    '#severity' => $caller == 'nagios' ? NAGIOS_STATUS_CRITICAL : PROD_CHECK_REQUIREMENT_ERROR,
    '#value_ok' => t('Secure'),
    '#value_nok' => t('Security risk!'),
    '#description_ok' => t('No security risk found.'),
    '#description_nok' => t('Some users have a password that is identical to their username! You should check the following users:' . ' ' . $list . '.'),
    '#nagios_key' => 'USRBD',
    '#nagios_type' => 'state',
  );
  return prod_check_execute_check($check, $caller);
}