You are here

Home » API reference » Username Enumeration Prevention 7

username_enumeration_prevention.install in Username Enumeration Prevention 7

Same filename and directory in other branches
  1. 8 username_enumeration_prevention.install

Install file for the Username Enumeration Prevention module.

Checks if the requirements are met when enabling the module.

File

username_enumeration_prevention.install
View source 
<?php

/**
 * @file
 * Install file for the Username Enumeration Prevention module.
 *
 * Checks if the requirements are met when enabling the module.
 */

/**
 * Implements hook_requirements().
 */
function username_enumeration_prevention_requirements($phase) {
  $requirements = array();

  // Ensure translations don't break during installation.
  $t = get_t();

  // Only in the Runtime $phase environment.
  if ($phase == 'runtime') {
    $username_enumeration_prevention_roles = user_roles(FALSE, 'access user profiles');
    if (isset($username_enumeration_prevention_roles[1]) && $username_enumeration_prevention_roles[1] == "anonymous user") {
      $value = $t('WARNING! Anonymous users have permission to access user
        profiles.');
      $severity = REQUIREMENT_WARNING;
    }
    else {
      $value = $t('Anonymous users do not have permission to access user
        profiles.');
      $severity = REQUIREMENT_OK;
    }
    $requirements['username_enumeration_prevention_via_permissions'] = array(
      'title' => $t('Username enumeration prevention'),
      'value' => $value,
      'description' => $t('Granting anonymous users permission to access user
      profiles poses a security risk because it allows users who are not logged
      into the site to obtain usernames via callbacks. More information is
      available in the module README or on the !url.', array(
        '!url' => l($t('project page'), 'http://drupal.org/project/username_enumeration_prevention'),
      )),
      'severity' => isset($severity) ? $severity : REQUIREMENT_OK,
    );
    if (module_exists('pathauto') && module_exists('globalredirect')) {
      $globalredirect_settings = _globalredirect_get_settings();
      if (strstr(variable_get('pathauto_user_pattern', 'users/[user:name]'), '[user:name]') && !$globalredirect_settings['menu_check']) {
        $value = $t('WARNING! Current Pathauto and Global Redirect settings may
          expose usernames.');
        $severity = REQUIREMENT_WARNING;
      }
      else {
        $value = $t('Pathauto and Global Redirect settings have been changed from
          the defaults that can expose username.');
      }
      $requirements['username_enumeration_prevention_via_redirects'] = array(
        'title' => $t('Username enumeration prevention'),
        'value' => $value,
        'description' => $t("Pathauto's default user paths, along with Global\n        Redirect's default Menu Access Checking disabled combine to create\n        redirects with no access checking. More information is available in the\n        !url.", array(
          '!url' => l($t('Global Redirect issue queue'), 'http://drupal.org/node/782476'),
        )),
        'severity' => isset($severity) ? $severity : REQUIREMENT_OK,
      );
    }
  }
  return $requirements;
}

Functions

Namesort descending Description
username_enumeration_prevention_requirements Implements hook_requirements().