You are here

Home » API reference » Recovery Password (Email New Password) 7 » recovery_pass.module

function _recovery_pass_match_old_password in Recovery Password (Email New Password) 7

Matches old password stored in recovery_pass table with user input password.

1 call to _recovery_pass_match_old_password()
recovery_pass_user_login_validate in ./recovery_pass.module
Custom Submit handler for user login form.

File

./recovery_pass.module, line 253
Alters default Drupal password recovery process by overriding default submit.

Code

function _recovery_pass_match_old_password($password, $old_password) {

  // Allow alternate password hashing schemes.
  require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
  if (substr($old_password, 0, 2) == 'U$') {

    // This may be an updated password from user_update_7000(). Such hashes
    // have 'U' added as the first character and need an extra md5().
    $stored_hash = substr($old_password, 1);
    $password = md5($password);
  }
  else {
    $stored_hash = $old_password;
  }
  $type = substr($stored_hash, 0, 3);
  switch ($type) {
    case '$S$':

      // A normal Drupal 7 password using sha512.
      $hash = _password_crypt('sha512', $password, $stored_hash);
      break;
    case '$H$':

    // phpBB3 uses "$H$" for the same thing as "$P$".
    case '$P$':

      // A phpass password generated using md5.  This is an
      // imported password or from an earlier Drupal version.
      $hash = _password_crypt('md5', $password, $stored_hash);
      break;
    default:
      return FALSE;
  }
  return $hash && $stored_hash == $hash;
}