modules/salt/salt.module

<?php
// $Id: salt.module,v 1.1 2007/10/24 11:08:19 karthik Exp $

/**
 * @file
 * The salt module allows for Drupal passwords to be 'salted' - an internal
 * string is appended to the password prior to storage - making them less prone
 * to dictionary attacks, rainbow tables and the like.
 *
 * @author Karthik Kumar ( http://drupal.org/user/21209 )
 */

/**
 * Implementation of hook_menu().
 */
function salt_menu($may_cache) {
  global $user;

  $items = array();

  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/settings/salt',
      'title' => t('Salt'),
      'description' => t('Set the salt string.'),
      'callback' => 'drupal_get_form',
      'callback arguments' => 'salt_settings_form',
      'access' => user_access('administer site configuration')
    );
  }

  return $items;
}

/**
 * Menu callback: Display the salt module settings form.
 */
function salt_settings_form() {
  $form['salt'] = array(
    '#type' => 'textfield',
    '#title' => t('Salt'),
    '#description' => t('Enter the salt that you would like appended to user passwords. Changing the salt will automatically invalidate existing passwords which will need to be recovered and reset.'),
    '#default_value' => variable_get('salt', ''),
    '#required' => TRUE
  );

  return system_settings_form($form);
}

/**
 * Validate the salt settings form submission.
 */
function salt_settings_form_validate($form_id, $form_values) {
  // Trim the salt string to avoid whitespace issues during concatenation.
  form_set_value(array('#parents' => array('salt')), trim($form_values['salt']));
}

/**
 * Implementation of hook_form_alter.
 */
function salt_form_alter($form_id, &$form) {
  // Alter the user_login, user_edit and user_register forms. Additionally,
  // login blocks reuse the user_login form handlers via the #base attribute.
  if ($form['#base'] == 'user_login' || $form_id == 'user_login' || $form_id == 'user_edit' || $form_id == 'user_register') {
    // Give salt module's validate function preference over user_login.
    $form['#validate'] = array('salt_login_validate' => array()) + $form['#validate'];
  }
}

/**
 * Validation handler for the user_login form.
 */
function salt_login_validate($form_id, $form_values) {
  $form_values['pass'] = trim($form_values['pass']);
  // The user_edit form allows for empty password strings (retains existing 
  // password).
  if (strlen($form_values['pass'])) {
    form_set_value(array('#parents' => array('pass')), $form_values['pass'] . variable_get('salt', ''));
  }
}
1	<?php
2	// $Id: salt.module,v 1.1 2007/10/24 11:08:19 karthik Exp $
3
4	/**
5	* @file
6	* The salt module allows for Drupal passwords to be 'salted' - an internal
7	* string is appended to the password prior to storage - making them less prone
8	* to dictionary attacks, rainbow tables and the like.
9	*
10	* @author Karthik Kumar ( http://drupal.org/user/21209 )
11	*/
12
13	/**
14	* Implementation of hook_menu().
15	*/
16	function salt_menu($may_cache) {
17	global $user;
18
19	$items = array();
20
21	if ($may_cache) {
22	$items[] = array(
23	'path' => 'admin/settings/salt',
24	'title' => t('Salt'),
25	'description' => t('Set the salt string.'),
26	'callback' => 'drupal_get_form',
27	'callback arguments' => 'salt_settings_form',
28	'access' => user_access('administer site configuration')
29	);
30	}
31
32	return $items;
33	}
34
35	/**
36	* Menu callback: Display the salt module settings form.
37	*/
38	function salt_settings_form() {
39	$form['salt'] = array(
40	'#type' => 'textfield',
41	'#title' => t('Salt'),
42	'#description' => t('Enter the salt that you would like appended to user passwords. Changing the salt will automatically invalidate existing passwords which will need to be recovered and reset.'),
43	'#default_value' => variable_get('salt', ''),
44	'#required' => TRUE
45	);
46
47	return system_settings_form($form);
48	}
49
50	/**
51	* Validate the salt settings form submission.
52	*/
53	function salt_settings_form_validate($form_id, $form_values) {
54	// Trim the salt string to avoid whitespace issues during concatenation.
55	form_set_value(array('#parents' => array('salt')), trim($form_values['salt']));
56	}
57
58	/**
59	* Implementation of hook_form_alter.
60	*/
61	function salt_form_alter($form_id, &$form) {
62	// Alter the user_login, user_edit and user_register forms. Additionally,
63	// login blocks reuse the user_login form handlers via the #base attribute.
64	if ($form['#base'] == 'user_login' \|\| $form_id == 'user_login' \|\| $form_id == 'user_edit' \|\| $form_id == 'user_register') {
65	// Give salt module's validate function preference over user_login.
66	$form['#validate'] = array('salt_login_validate' => array()) + $form['#validate'];
67	}
68	}
69
70	/**
71	* Validation handler for the user_login form.
72	*/
73	function salt_login_validate($form_id, $form_values) {
74	$form_values['pass'] = trim($form_values['pass']);
75	// The user_edit form allows for empty password strings (retains existing
76	// password).
77	if (strlen($form_values['pass'])) {
78	form_set_value(array('#parents' => array('pass')), $form_values['pass'] . variable_get('salt', ''));
79	}
80	}