/[drupal]/contributions/modules/phpass/phpass.module
ViewVC logotype

Diff of /contributions/modules/phpass/phpass.module

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.1.4.1, Mon Dec 24 01:28:41 2007 UTC revision 1.1.4.2, Fri Aug 29 12:18:08 2008 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id: phpass.module,v 1.1.2.4 2007/12/24 00:57:22 douggreen Exp $  // $Id: phpass.module,v 1.1.4.1 2007/12/24 01:28:41 douggreen Exp $
3    
4  /**  /**
5   * phpass Module   * phpass Module
# Line 13  Line 13 
13   */   */
14  function phpass_form_alter(&$form, $form_state, $form_id) {  function phpass_form_alter(&$form, $form_state, $form_id) {
15    // check for any login process    // check for any login process
16    if (isset($form['#validate'])) {    $validate = isset($form['#validate']['user_login_validate']);
     $pos = array_search('user_login_authenticate_validate', $form['#validate']);  
     if ($pos !== FALSE) {  
       $validate = TRUE;  
     }  
   }  
17    
18    // act as-if the module is not installed if SecurePass.php is not installed properly    // act as-if the module is not installed if SecurePass.php is not installed properly
19    if (($form_id == 'user_edit' || $form_id == 'system_modules' || $form_id == 'user_admin_settings' || isset($validate)) && _phpass_is_passwordhash_php_missing()) {    if (($form_id == 'user_edit' || $form_id == 'system_modules' || $form_id == 'user_admin_settings' || $validate) && _phpass_is_passwordhash_php_missing()) {
20      return;      return;
21    }    }
22    
23    // hook any login process    // hook any login process
24    if (isset($pos) && $pos !== FALSE) {    if ($validate) {
25      $form['#validate'][$pos] = 'phpass_login_validate';      $form['#validate'][$pos] = 'phpass_login_validate';
26    }    }
27    
28    // hook the change password form    // hook the change password form
29    switch ($form_id) {    switch ($form_id) {
     case 'user_edit':  
       $form['#submit'][] = 'phpass_edit_submit';  
       break;  
   
30      case 'system_modules':      case 'system_modules':
31        // don't allow the user to uninstall this module        // don't allow the user to uninstall this module
32        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE pass = 'phpass'"))) {        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE pass = 'phpass'"))) {
# Line 102  function phpass_form_alter(&$form, $form Line 93  function phpass_form_alter(&$form, $form
93  }  }
94    
95  /**  /**
96     * Implement hook_user to save the hash password.
97     */
98    function phpass_user($op, &$edit, &$account, $category = NULL) {
99      switch ($op) {
100        case 'submit':
101          _phpass_save($account->uid, $edit['pass']);
102          unset($edit['pass']);
103          break;
104      }
105    }
106    
107    /**
108   * This is a copy of user_login_validate, that calls our validate   * This is a copy of user_login_validate, that calls our validate
109   * instead of the default user validation.   * instead of the default user validation.
110   *   *
# Line 149  function _phpass_user_authenticate($user Line 152  function _phpass_user_authenticate($user
152        require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');        require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');
153        $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE));        $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE));
154        if ($phpass->CheckPassword($pass, $userpass->hash)) {        if ($phpass->CheckPassword($pass, $userpass->hash)) {
155            _phpass_load($userpass);
156          return $userpass;          return $userpass;
157        }        }
158      }      }
159    
160      // check if the password matches the old md5 hash      // check if the password matches the old md5 hash
161      elseif ($userpass->pass) {      if ($userpass->pass) {
162        if ($userpass->pass == md5($pass)) {        if ($userpass->pass == md5($pass)) {
163          _phpass_save($userpass->uid, $pass);          _phpass_save($userpass->uid, $pass);
164            _phpass_load($userpass);
165          return $userpass;          return $userpass;
166        }        }
167      }      }
# Line 169  function _phpass_user_authenticate($user Line 174  function _phpass_user_authenticate($user
174          // convert the phpass hashes back to md5 hashes          // convert the phpass hashes back to md5 hashes
175          db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", md5($pass), $userpass->uid);          db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", md5($pass), $userpass->uid);
176          db_query("DELETE FROM {user_phpass} WHERE uid = %d", $userpass->uid);          db_query("DELETE FROM {user_phpass} WHERE uid = %d", $userpass->uid);
177            _phpass_load($userpass);
178          return $userpass;          return $userpass;
179        }        }
180      }      }
# Line 178  function _phpass_user_authenticate($user Line 184  function _phpass_user_authenticate($user
184    return user_authenticate($user, $pass);    return user_authenticate($user, $pass);
185  }  }
186    
 /**  
  * Save the password  
  */  
 function phpass_edit_submit($form, &$form_state) {  
   _phpass_save($user->uid, $form_state['values']['pass']);  
 }  
   
187  function _phpass_save($uid, $pass) {  function _phpass_save($uid, $pass) {
188    // initialize phpass    // initialize phpass
189    require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');    require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');
# Line 201  function _phpass_save($uid, $pass) { Line 200  function _phpass_save($uid, $pass) {
200    else {    else {
201      // store the secure phpass hash      // store the secure phpass hash
202      db_query("INSERT INTO {user_phpass} (hash, uid) VALUES ('%s', %d)", $phpass_hash, $uid);      db_query("INSERT INTO {user_phpass} (hash, uid) VALUES ('%s', %d)", $phpass_hash, $uid);
   
     // lose the insecure md5 hash  
     db_query("UPDATE {users} SET pass = 'phpass' WHERE uid = %d", $uid);  
203    }    }
204    
205      // lose the insecure md5 hash
206      db_query("UPDATE {users} SET pass = 'phpass' WHERE uid = %d", $uid);
207  }  }
208    
209  function _phpass_is_passwordhash_php_missing() {  function _phpass_is_passwordhash_php_missing() {
Legend:
Removed from v.1.1.4.1  
changed lines
  Added in v.1.1.4.2
  ViewVC Help
Powered by ViewVC 1.1.2