You are here

Home » API reference » Username Enumeration Prevention 7 » username_enumeration_prevention.install

function username_enumeration_prevention_requirements in Username Enumeration Prevention 7

Same name and namespace in other branches
  1. 8 username_enumeration_prevention.install \username_enumeration_prevention_requirements()

Implements hook_requirements().

File

./username_enumeration_prevention.install, line 13
Install file for the Username Enumeration Prevention module.

Code

function username_enumeration_prevention_requirements($phase) {
  $requirements = array();

  // Ensure translations don't break during installation.
  $t = get_t();

  // Only in the Runtime $phase environment.
  if ($phase == 'runtime') {
    $username_enumeration_prevention_roles = user_roles(FALSE, 'access user profiles');
    if (isset($username_enumeration_prevention_roles[1]) && $username_enumeration_prevention_roles[1] == "anonymous user") {
      $value = $t('WARNING! Anonymous users have permission to access user
        profiles.');
      $severity = REQUIREMENT_WARNING;
    }
    else {
      $value = $t('Anonymous users do not have permission to access user
        profiles.');
      $severity = REQUIREMENT_OK;
    }
    $requirements['username_enumeration_prevention_via_permissions'] = array(
      'title' => $t('Username enumeration prevention'),
      'value' => $value,
      'description' => $t('Granting anonymous users permission to access user
      profiles poses a security risk because it allows users who are not logged
      into the site to obtain usernames via callbacks. More information is
      available in the module README or on the !url.', array(
        '!url' => l($t('project page'), 'http://drupal.org/project/username_enumeration_prevention'),
      )),
      'severity' => isset($severity) ? $severity : REQUIREMENT_OK,
    );
    if (module_exists('pathauto') && module_exists('globalredirect')) {
      $globalredirect_settings = _globalredirect_get_settings();
      if (strstr(variable_get('pathauto_user_pattern', 'users/[user:name]'), '[user:name]') && !$globalredirect_settings['menu_check']) {
        $value = $t('WARNING! Current Pathauto and Global Redirect settings may
          expose usernames.');
        $severity = REQUIREMENT_WARNING;
      }
      else {
        $value = $t('Pathauto and Global Redirect settings have been changed from
          the defaults that can expose username.');
      }
      $requirements['username_enumeration_prevention_via_redirects'] = array(
        'title' => $t('Username enumeration prevention'),
        'value' => $value,
        'description' => $t("Pathauto's default user paths, along with Global\n        Redirect's default Menu Access Checking disabled combine to create\n        redirects with no access checking. More information is available in the\n        !url.", array(
          '!url' => l($t('Global Redirect issue queue'), 'http://drupal.org/node/782476'),
        )),
        'severity' => isset($severity) ? $severity : REQUIREMENT_OK,
      );
    }
  }
  return $requirements;
}