You are here

Home » API reference » Simple Password Reset 7 » simple_pass_reset.module

function simple_pass_reset_pass_reset_access in Simple Password Reset 7

Access callback for use with Drupal's menu API.

1 string reference to 'simple_pass_reset_pass_reset_access'
simple_pass_reset_menu_alter in ./simple_pass_reset.module
Implements hook_menu_alter().

File

./simple_pass_reset.module, line 22

Code

function simple_pass_reset_pass_reset_access($uid, $timestamp, $hashed_pass) {
  if (user_is_logged_in()) {
    return FALSE;
  }

  // This timeout check imitates core logic in user_pass_reset(). The timeout
  // number is expressed in seconds, with 86400 equal to one day. There is no
  // UI to adjust this number, but sites can customize it in their settings.php.
  $timeout = variable_get('user_password_reset_timeout', 86400);

  // Ensure the user is not blocked.
  $users = user_load_multiple(array(
    $uid,
  ), array(
    'status' => '1',
  ));
  if ($timestamp <= REQUEST_TIME && ($account = reset($users))) {

    // Bypass the timeout check if the user has not logged in before.
    if ($account->login && REQUEST_TIME - $timestamp > $timeout) {
      drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'status', FALSE);
      drupal_goto('user/password');
    }
    elseif ($account->uid && $timestamp >= $account->login && $timestamp <= REQUEST_TIME && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
      return TRUE;
    }
  }
  return FALSE;
}