diff options
Diffstat (limited to 'modules/user/user.module')
| -rw-r--r-- | modules/user/user.module | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 74372eaaf..9f4910146 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -157,7 +157,7 @@ function user_load($array = array()) { } else if ($key == 'pass') { $query[] = "pass = '%s'"; - $params[] = md5($value); + $params[] = $value; } else { $query[]= "LOWER($key) = LOWER('%s')"; @@ -214,7 +214,13 @@ function user_save($account, $array = array(), $category = 'account') { $user_fields = $table['fields']; if (!empty($array['pass'])) { - $array['pass'] = md5($array['pass']); + // Allow alternate password hashing schemes. + require_once variable_get('password_inc', './includes/password.inc'); + $array['pass'] = user_hash_password(trim($array['pass'])); + // Abort if the hashing failed and returned FALSE. + if (!$array['pass']) { + return FALSE; + } } else { // Avoid overwriting an existing password with a blank password. @@ -1283,12 +1289,26 @@ function user_login_final_validate($form, &$form_state) { function user_authenticate($form_values = array()) { global $user; + $password = trim($form_values['pass']); // Name and pass keys are required. - if (!empty($form_values['name']) && !empty($form_values['pass']) && - $account = user_load(array('name' => $form_values['name'], 'pass' => trim($form_values['pass']), 'status' => 1))) { - $user = $account; - user_authenticate_finalize($form_values); - return $user; + if (!empty($form_values['name']) && !empty($password)) { + $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name'])); + if ($account) { + // Allow alternate password hashing schemes. + require_once variable_get('password_inc', './includes/password.inc'); + if (user_check_password($password, $account)) { + if (user_needs_new_hash($account)) { + $new_hash = user_hash_password($password); + if ($new_hash) { + db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account->uid); + } + } + $account = user_load(array('uid' => $account->uid, 'status' => 1)); + $user = $account; + user_authenticate_finalize($form_values); + return $user; + } + } } } |