You are here

Home » API reference » Security Questions 6 » security_questions.module

function security_questions_user_login_validate_answer in Security Questions 6

Same name and namespace in other branches
  1. 7 security_questions.module \security_questions_user_login_validate_answer()

Validation handler for security_questions_form_user_login_alter().

1 string reference to 'security_questions_user_login_validate_answer'
security_questions_form_user_login_alter in ./security_questions.module
Implements hook_form_FORM_ID_alter() for user_login().

File

./security_questions.module, line 880
Main module file for security_questions.

Code

function security_questions_user_login_validate_answer($form, &$form_state) {
  $errors = form_get_errors();
  $mode = variable_get('security_questions_protection_mode', 'before');
  if (!$errors) {
    $uid = $form['#parameters'][1]['security_questions']['account']->uid;

    // Get question from session.
    $sq_id = $_SESSION['security_question'];

    // Get answer from database.
    $answer = db_fetch_object(db_query('SELECT user_answer FROM {security_questions_answers}
                        WHERE uid = %d AND security_question_id = %d', $uid, $sq_id));

    // Grab the user provided answer from the form, and from the database.
    $user_answer = _security_questions_clean_answer($form_state['values']['security_answer'], ' .!');
    $db_answer = _security_questions_clean_answer($answer->user_answer, ' .!');

    // Check to see if the user's answers match.
    if ($user_answer != $db_answer) {

      // Instead of showing the same question, randomly pick a new one
      // when a wrong answer is submitted.
      form_set_error('security_answer', t("That's not it... Here's a new question:"));
    }
    elseif ($user_answer == $db_answer) {

      // If cookies are enabled, set them.
      if (variable_get('security_questions_cookie', FALSE)) {
        security_questions_set_cookie($uid, $form_state);
      }
      if ($mode == 'after') {
        $form_values['name'] = $form_state['values']['name'];
        $form_values['pass'] = $form_state['values']['pass'];
        user_authenticate($form_values);
      }
    }
  }
}