5.x system.module system_login_form_validate($form, &$form_state)
4.x system.module system_login_form_validate($form, &$form_state)

Validate function for the login form. This is where we will do all of the lookups to verify username and password. If you want to write your own login handler (like for LDAP) this is the function you would duplicate in a custom module, then use hook_form_alter to make your function be the validator, not this one.

We will simply verify the password, then let the submit handler take over from there.


modules/system/system.module, line 1594


function system_login_form_validate($form, &$form_state) {
  $user = $form_state["values"]["user"];
  $password = $form_state["values"]["password"];

  // If the GRANT_FULL_ACCESS is turned on, skip trying to validate
  if ($GLOBALS["fp_system_settings"]["GRANT_FULL_ACCESS"] == TRUE) {
    $user = "admin";
    $form_state["passed_authentication"] = TRUE;
    $form_state["db_row"]["user_id"] = 1;
    $form_state["db_row"]["user_name"] = "FULL ACCESS USER";

  // Otherwise, check the table normally.  
  // Check the user's password is valid.
  $res = db_query("SELECT * FROM users WHERE user_name = '?' AND password = '?' AND is_disabled = '0' ", $user, md5($password));
  if (db_num_rows($res) == 0) {
    form_error("password", t("Sorry, but that username and password combination could not
                            be found.  Please check your spelling and try again."));

  $cur = db_fetch_array($res);
  $form_state["db_row"] = $cur;

  // If we made it here, then the user successfully authenticated.
  $form_state["passed_authentication"] = TRUE;

  // It will now proceed to the submit handler.