function tfa_user_login in Two-factor Authentication (TFA) 7.2
Same name and namespace in other branches
- 7 tfa.module \tfa_user_login()
Implements hook_user_login().
File
- ./
tfa.module, line 344 - Two-factor authentication for Drupal.
Code
function tfa_user_login(&$edit, $account) {
if (!variable_get('tfa_enabled', 0)) {
return;
}
// Return early if user has succesfully gone through TFA process or if
// a login plugin specifically allows it.
if (tfa_login_allowed($account)) {
return;
}
$tfa = tfa_get_process($account);
// Check if TFA has been set up by the account.
if (!$tfa
->ready()) {
// Allow other modules to act on login when account is not set up for TFA.
$require_tfa = array_filter(module_invoke_all('tfa_ready_require', $account));
if (!empty($require_tfa)) {
tfa_logout();
drupal_goto('user');
}
}
else {
// User has been authenticated so force logout and redirect to TFA form.
tfa_logout();
// Restart flood levels, session context, and TFA process.
$identifier = variable_get('user_failed_login_identifier_uid_only', FALSE) ? $account->uid : $account->uid . '-' . ip_address();
flood_clear_event('tfa_user', $identifier);
flood_register_event('tfa_begin');
tfa_start_context($account);
$tfa = tfa_get_process($account);
// Hold onto destination. It will be used in tfa_form_submit().
$query = drupal_get_query_parameters();
if (arg(0) == 'user' && arg(1) == 'reset') {
// If one-time login reset destination and hold onto token.
$query['destination'] = 'user/' . $account->uid . '/edit';
$query['pass-reset-token'] = arg(4);
}
unset($_GET['destination']);
// Begin TFA and set process context.
$tfa
->begin();
$context = $tfa
->getContext();
tfa_set_context($account, $context);
$login_hash = tfa_login_hash($account);
// Use of $_GET['destination'] would allow other hooks to run but since the
// current user is no longer authenticated their expectation would be wrong.
drupal_goto('system/tfa/' . $account->uid . '/' . $login_hash, array(
'query' => $query,
));
}
}