You are here

Home » API reference » Two-factor Authentication (TFA) 7.2 » tfa.module

function tfa_login_submit in Two-factor Authentication (TFA) 7.2

Login submit handler to determine if TFA process is applicable.

1 string reference to 'tfa_login_submit'
tfa_form_alter in ./tfa.module
Implements hook_form_alter().

File

./tfa.module, line 267
Two-factor authentication for Drupal.

Code

function tfa_login_submit($form, &$form_state) {

  // Similar to tfa_user_login() but not required to force user logout.
  $account = isset($form_state['uid']) ? user_load($form_state['uid']) : user_load_by_name($form_state['values']['name']);

  // Return early if user has succesfully gone through TFA process or if
  // a login plugin specifically allows it.
  if (tfa_login_allowed($account)) {

    // Authentication can continue so invoke user_login_submit().
    user_login_submit($form, $form_state);
    return;
  }
  $tfa = tfa_get_process($account);

  // Check if TFA has been set up by the account.
  if (!$tfa
    ->ready() && !$tfa
    ->isFallback()) {

    // Allow other modules to act on login when account is not set up for TFA.
    $require_tfa = array_filter(module_invoke_all('tfa_ready_require', $account));
    if (!empty($require_tfa)) {
      $form_state['redirect'] = !empty($form_state['redirect']) ? $form_state['redirect'] : 'user';
      return;
    }
    else {

      // Not required so continue with log in.
      user_login_submit($form, $form_state);
      return;
    }
  }
  else {

    // Restart flood levels, session context, and TFA process.
    $identifier = variable_get('user_failed_login_identifier_uid_only', FALSE) ? $account->uid : $account->uid . '-' . ip_address();
    flood_clear_event('tfa_user', $identifier);
    flood_register_event('tfa_begin');
    tfa_start_context($account);
    $tfa = tfa_get_process($account);
    $query = drupal_get_query_parameters();
    unset($_GET['destination']);

    // Begin TFA and set process context.
    $tfa
      ->begin();
    $context = $tfa
      ->getContext();

    // Support form set redirect. Will be used on completion of TFA form
    // process.
    if (!empty($form_state['redirect'])) {
      $context['redirect'] = $form_state['redirect'];
    }
    tfa_set_context($account, $context);
    $login_hash = tfa_login_hash($account);
    $form_state['tfa_redirect'] = array(
      'system/tfa/' . $account->uid . '/' . $login_hash,
      array(
        'query' => $query,
      ),
    );
  }
}