function system_login_form_validate

6.x system.module system_login_form_validate($form, &$form_state)
4.x system.module system_login_form_validate($form, &$form_state)
5.x system.module system_login_form_validate($form, &$form_state)

Validate function for the login form. This is where we will do all of the lookups to verify username and password. If you want to write your own login handler (like for LDAP) this is the function you would duplicate in a custom module, then use hook_form_alter to make your function be the validator, not this one.

We will simply verify the password, then let the submit handler take over from there.

File

modules/system/system.module, line 2658

Code

function system_login_form_validate($form, &$form_state) {
  $user = $form_state ["values"]["user"];

  if ($user != 'admin' && variable_get('disable_login_except_admin', 'no') == 'yes') {
    fp_goto("disable-login");
    return;
  }


  $password = $form_state ["values"]["password"];

  // If the GRANT_FULL_ACCESS is turned on, skip trying to validate
  if ($GLOBALS ["fp_system_settings"]["GRANT_FULL_ACCESS"] == TRUE) {
    $user = "admin";
    $form_state ["passed_authentication"] = TRUE;
    $form_state ["db_row"]["user_id"] = 1;
    $form_state ["db_row"]["user_name"] = "FULL ACCESS USER";
    return;
  }

  // Otherwise, check the table normally.  

  /*
  
  $res = db_query("SELECT * FROM users WHERE user_name = '?' AND password = '?' AND is_disabled = '0' ", $user, md5($password));
  if (db_num_rows($res) == 0) {
    form_error("password", t("Sorry, but that username and password combination could not
                            be found.  Please check your spelling and try again."));
    return;    
  }
  */

  $res = db_query("SELECT * FROM users WHERE user_name = ? AND is_disabled = '0' ", $user);

  $cur = db_fetch_array($res);

  // Check the user's password is valid.
  $stored_hash = @$cur ["password"];
  if (!user_check_password($password, $stored_hash)) {
    form_error("password", t("Sorry, but that username and password combination could not
                            be found.  Please check your spelling and try again."));
    return;
  }


  // If this is a student, does this student have an accepted "allowed rank" (ie, FR, SO, JR, etc)?
  $allowed_ranks_str = variable_get("allowed_student_ranks", "FR, SO, JR, SR");
  $allowed_ranks = csv_to_array($allowed_ranks_str);
  if (intval($cur ['is_student']) === 1) {
    $rank_code = db_result(db_query("SELECT rank_code FROM students WHERE cwid = ?", array($cur ['cwid'])));
    if (!in_array($rank_code, $allowed_ranks)) {

      form_error("password", t("Sorry, your rank/classification is %rc.  At this time FlightPath is only available to students
                                in the following ranks/classifications: @ranks_str", array("%rc" => $rank_code, "@ranks_str" => $allowed_ranks_str)));
      return;

    }
  }


  // otherwise, we know it must be correct.  Continue.  
  $form_state ["db_row"] = $cur;


  // If we made it here, then the user successfully authenticated.
  $form_state ["passed_authentication"] = TRUE;

  // It will now proceed to the submit handler.  
}