function security_questions_bypass_challenge in Security Questions 7.2
Same name and namespace in other branches
- 6.2 security_questions.module \security_questions_bypass_challenge()
Checks whether a user can bypass a security question challenge.
Parameters
$account: The user account object.
Return value
Boolean indicating whether the user can skip normally required challenges.
4 calls to security_questions_bypass_challenge()
- security_questions_form_user_pass_alter in ./
security_questions.module - Implements hook_form_FORM_ID_alter().
- security_questions_user_login_answer_validate in ./
security_questions.module - Validation handler for _security_questions_user_login_form_alter().
- security_questions_user_pass_submit in ./
security_questions.module - Submission handler for security_questions_form_user_pass_alter().
- _security_questions_user_login_form_alter in ./
security_questions.module - Helper function for altering the login forms.
File
- ./
security_questions.module, line 435 - Main module file for security_questions.
Code
function security_questions_bypass_challenge($account) {
// Check for the bypass permission.
if (user_access('bypass security questions', $account)) {
return TRUE;
}
// If "remember me" cookies are allowed, check for one.
// @todo Replace the cookies option with a more secure method.
if (variable_get('security_questions_cookie', FALSE) && isset($_COOKIE['security_questions'])) {
$cookie = $_COOKIE['security_questions'];
$cookie = explode('-', $cookie);
$cookie_uid = $cookie[3];
if ($account->uid == $cookie_uid) {
return TRUE;
}
}
// Finally, if the user has no answers on file, we have to skip it.
if (!security_questions_get_answer_list($account->uid)) {
return TRUE;
}
return FALSE;
}