You are here

Home » API reference » Simple LDAP 7.2 » simple_ldap_user.password.inc

function user_check_password in Simple LDAP 7.2

Same name and namespace in other branches
  1. 7 simple_ldap_user/simple_ldap_user.password.inc \user_check_password()

Check whether a plain text password matches a stored hashed password.

Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.

Parameters

string $password: A plain-text password

object $account: A user object with at least the fields from the {users} table.

Return value

boolean TRUE or FALSE.

File

simple_ldap_user/simple_ldap_user.password.inc, line 232
Secure password hashing functions for user authentication.

Code

function user_check_password($password, $account) {

  // Use normal authentication for User1.
  if ($account->uid == 1) {
    return simple_ldap_user_check_drupal_password($password, $account);
  }
  $fallback = simple_ldap_user_variable_get('simple_ldap_user_auth_fallback');
  $fallback_writeback = simple_ldap_user_variable_get('simple_ldap_user_auth_fallback_writeback');
  $password_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');

  // Use LDAP authentication for everyone else.
  $ldap_user = SimpleLdapUser::singleton($account->name);
  if (!empty($password_attribute_name)) {
    $password_attribute = $ldap_user->{$password_attribute_name};
  }
  if (!empty($password_attribute) && $password_attribute['count'] != 0) {
    $ldap_password = $password_attribute[0];
  }
  if ($ldap_user->exists && !empty($ldap_password)) {
    return $ldap_user
      ->authenticate($password);
  }
  $valid_password = FALSE;

  // If the user is in LDAP, but has no password set AND we are set to fallback to Drupal, check Drupal.
  if ($ldap_user->exists && empty($ldap_password) && in_array('nopass', $fallback, TRUE)) {
    $valid_password = simple_ldap_user_check_drupal_password($password, $account);
    if ($valid_password && in_array('nopass', $fallback_writeback, TRUE)) {
      $account->writeback_password = TRUE;
    }
  }
  elseif (!$ldap_user->exists && in_array('norecord', $fallback, TRUE)) {
    $valid_password = simple_ldap_user_check_drupal_password($password, $account);
    if ($valid_password && in_array('norecord', $fallback_writeback, TRUE)) {
      $account->pass = $password;
      simple_ldap_user_sync_user_to_ldap($account);
    }
  }

  // Could not authenticate, return FALSE
  return $valid_password;
}