You are here

Home » API reference » Simple LDAP 7 » simple_ldap_user.password.inc

function user_needs_new_hash in Simple LDAP 7

Same name and namespace in other branches
  1. 7.2 simple_ldap_user/simple_ldap_user.password.inc \user_needs_new_hash()

Check whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable password_count_log2 or DRUPAL_HASH_COUNT or if the user's password hash was generated in an update like user_update_7000().

Alternative implementations of this function might use other criteria based on the fields in $account.

Parameters

object $account: A user object with at least the fields from the {users} table.

Return value

boolean TRUE or FALSE.

File

simple_ldap_user/simple_ldap_user.password.inc, line 289
Secure password hashing functions for user authentication.

Code

function user_needs_new_hash($account) {

  // Check whether this was an updated password.
  if (substr($account->pass, 0, 3) != '$S$' || strlen($account->pass) != DRUPAL_HASH_LENGTH) {
    return TRUE;
  }

  // Ensure that $count_log2 is within set bounds.
  $count_log2 = _password_enforce_log2_boundaries(variable_get('password_count_log2', DRUPAL_HASH_COUNT));

  // Check whether the iteration count used differs from the standard number.
  return _password_get_count_log2($account->pass) !== $count_log2;
}