function user_check_password
Search API
| 7.x password.inc | user_check_password($password, $stored_hash) |
| 6.x password.inc | user_check_password($password, $stored_hash) |
| 5.x password.inc | user_check_password($password, $stored_hash) |
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
Parameters
$password: A plain-text password
$stored_hash: The password hash for a user from the database.
Return value
TRUE or FALSE.
1 call to user_check_password()
- system_login_form_validate in modules/
system/ system.module - Validate function for the login form. This is where we will do all of the lookups to verify username and password. If you want to write your own login handler (like for LDAP) this is the function you would duplicate in a custom module, then use…
File
- includes/
password.inc, line 306 - Secure password hashing functions for user authentication.
Code
function user_check_password($password, $stored_hash) {
/*
if (substr($account->pass, 0, 2) == 'U$') {
// This may be an updated password from user_update_7000(). Such hashes
// have 'U' added as the first character and need an extra md5().
$stored_hash = substr($account->pass, 1);
$password = md5($password);
}
else {
$stored_hash = $account->pass;
}
*/
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal FlightPath 7 password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier FlightPath version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return FALSE;
}
return ($hash && $stored_hash == $hash);
}