function user_check_password in Simple LDAP 7.2
Same name and namespace in other branches
- 7 simple_ldap_user/simple_ldap_user.password.inc \user_check_password()
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
Parameters
string $password: A plain-text password
object $account: A user object with at least the fields from the {users} table.
Return value
boolean TRUE or FALSE.
File
- simple_ldap_user/
simple_ldap_user.password.inc, line 232 - Secure password hashing functions for user authentication.
Code
function user_check_password($password, $account) {
// Use normal authentication for User1.
if ($account->uid == 1) {
return simple_ldap_user_check_drupal_password($password, $account);
}
$fallback = simple_ldap_user_variable_get('simple_ldap_user_auth_fallback');
$fallback_writeback = simple_ldap_user_variable_get('simple_ldap_user_auth_fallback_writeback');
$password_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');
// Use LDAP authentication for everyone else.
$ldap_user = SimpleLdapUser::singleton($account->name);
if (!empty($password_attribute_name)) {
$password_attribute = $ldap_user->{$password_attribute_name};
}
if (!empty($password_attribute) && $password_attribute['count'] != 0) {
$ldap_password = $password_attribute[0];
}
if ($ldap_user->exists && !empty($ldap_password)) {
return $ldap_user
->authenticate($password);
}
$valid_password = FALSE;
// If the user is in LDAP, but has no password set AND we are set to fallback to Drupal, check Drupal.
if ($ldap_user->exists && empty($ldap_password) && in_array('nopass', $fallback, TRUE)) {
$valid_password = simple_ldap_user_check_drupal_password($password, $account);
if ($valid_password && in_array('nopass', $fallback_writeback, TRUE)) {
$account->writeback_password = TRUE;
}
}
elseif (!$ldap_user->exists && in_array('norecord', $fallback, TRUE)) {
$valid_password = simple_ldap_user_check_drupal_password($password, $account);
if ($valid_password && in_array('norecord', $fallback_writeback, TRUE)) {
$account->pass = $password;
simple_ldap_user_sync_user_to_ldap($account);
}
}
// Could not authenticate, return FALSE
return $valid_password;
}