From c40fde088c95cb6d44767b1b1a23f57f21894f63 Mon Sep 17 00:00:00 2001 From: webchick Date: Wed, 29 Jun 2011 23:47:28 -0700 Subject: Issue #1198396 by pillarsdotnet, jhodgdon: Fixed Add required docs to user_pass_rehash() function. --- modules/user/user.module | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'modules/user') diff --git a/modules/user/user.module b/modules/user/user.module index 84430b2f7..e5fdb77b8 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2287,6 +2287,27 @@ function user_cancel_url($account) { return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE)); } +/** + * Creates a unique hash value for use in time-dependent per-user URLs. + * + * This hash is normally used to build a unique and secure URL that is sent to + * the user by email for purposes such as resetting the user's password. In + * order to validate the URL, the same hash can be generated again, from the + * same information, and compared to the hash value from the URL. The URL + * normally contains both the time stamp and the numeric user ID. The login + * name and hashed password are retrieved from the database as necessary. For a + * usage example, see user_cancel_url() and user_cancel_confirm(). + * + * @param $password + * The hashed user account password value. + * @param $timestamp + * A unix timestamp. + * @param $login + * The user account login name. + * + * @return + * A string that is safe for use in URLs and SQL statements. + */ function user_pass_rehash($password, $timestamp, $login) { return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password); } -- cgit v1.2.3