function _security_review_weak_passwords in Security Review 6
Same name and namespace in other branches
- 7 security_review.inc \_security_review_weak_passwords()
1 call to _security_review_weak_passwords()
File
- ./
security_review.inc, line 594 - Stand-alone security checks and review system.
Code
function _security_review_weak_passwords($trusted_roles) {
$weak_users = array();
// Select users with a trusted role whose password is their username.
$sql = "SELECT u.uid, u.name, COUNT(rid) AS count FROM {users} u LEFT JOIN\n {users_roles} ur ON u.uid = ur.uid AND ur.rid in (" . db_placeholders($trusted_roles) . ")\n WHERE pass = md5(name) GROUP BY uid";
$results = db_query($sql, $trusted_roles);
// @todo pager_query?
while ($row = db_fetch_object($results)) {
$record[] = $row;
if ($row->count > 0) {
$weak_users[$row->uid] = $row->name;
}
}
// Explicitly check uid 1 in case they have no roles.
$weak_uid1 = db_fetch_object(db_query("SELECT u.uid, u.name, 1 AS count FROM {users} u WHERE pass = md5(name) AND uid = 1"));
if (!empty($weak_uid1->count)) {
$weak_users[$weak_uid1->uid] = $weak_uid1->name;
}
return $weak_users;
}