You are here

function security_questions_bypass_challenge in Security Questions 7.2

Same name and namespace in other branches
  1. 6.2 security_questions.module \security_questions_bypass_challenge()

Checks whether a user can bypass a security question challenge.

Parameters

$account: The user account object.

Return value

Boolean indicating whether the user can skip normally required challenges.

4 calls to security_questions_bypass_challenge()
security_questions_form_user_pass_alter in ./security_questions.module
Implements hook_form_FORM_ID_alter().
security_questions_user_login_answer_validate in ./security_questions.module
Validation handler for _security_questions_user_login_form_alter().
security_questions_user_pass_submit in ./security_questions.module
Submission handler for security_questions_form_user_pass_alter().
_security_questions_user_login_form_alter in ./security_questions.module
Helper function for altering the login forms.

File

./security_questions.module, line 435
Main module file for security_questions.

Code

function security_questions_bypass_challenge($account) {

  // Check for the bypass permission.
  if (user_access('bypass security questions', $account)) {
    return TRUE;
  }

  // If "remember me" cookies are allowed, check for one.
  // @todo Replace the cookies option with a more secure method.
  if (variable_get('security_questions_cookie', FALSE) && isset($_COOKIE['security_questions'])) {
    $cookie = $_COOKIE['security_questions'];
    $cookie = explode('-', $cookie);
    $cookie_uid = $cookie[3];
    if ($account->uid == $cookie_uid) {
      return TRUE;
    }
  }

  // Finally, if the user has no answers on file, we have to skip it.
  if (!security_questions_get_answer_list($account->uid)) {
    return TRUE;
  }
  return FALSE;
}