function user_check_password
Search API
| 6.x password.inc | user_check_password($password, $stored_hash) |
| 5.x password.inc | user_check_password($password, $stored_hash) |
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
Parameters
$password: A plain-text password
$stored_hash: The password hash for a user from the database.
Return value
TRUE or FALSE.
2 calls to user_check_password()
- system_login_form_validate in modules/
system/ system.module - Validate function for the login form. This is where we will do all of the lookups to verify username and password. If you want to write your own login handler (like for LDAP) this is the function you would duplicate in a custom module, then use…
- user_user_settings_form_validate in modules/
user/ user.module - Needed if we are trying to change password.
File
- includes/
password.inc, line 306 - Secure password hashing functions for user authentication.
Code
function user_check_password($password, $stored_hash) {
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal FlightPath 6 password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier FlightPath version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return FALSE;
}
return ($hash && $stored_hash == $hash);
}