function simple_ldap_user_check_drupal_password in Simple LDAP 7.2
A copy of the original user_check_password() function so we can fallback to Drupal's authentication for UID1 and certain other cases.
Parameters
string $password: The password to be checked.
object $account: The account to be authenticated.
Return value
boolean Returns TRUE if the password matches.
1 call to simple_ldap_user_check_drupal_password()
- user_check_password in simple_ldap_user/
simple_ldap_user.password.inc - Check whether a plain text password matches a stored hashed password.
File
- simple_ldap_user/
simple_ldap_user.password.inc, line 290 - Secure password hashing functions for user authentication.
Code
function simple_ldap_user_check_drupal_password($password, $account) {
if (substr($account->pass, 0, 2) == 'U$') {
// This may be an updated password from user_update_7000(). Such hashes
// have 'U' added as the first character and need an extra md5().
$stored_hash = substr($account->pass, 1);
$password = md5($password);
}
else {
$stored_hash = $account->pass;
}
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal Drupal 7 password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier Drupal version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return FALSE;
}
return $hash && $stored_hash == $hash;
}