user_check_password
function user_check_password
user_check_password($password, $account)
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
Parameters
$password: A plain-text password
$account: A user object with at least the fields from the {users} table.
Return value
TRUE or FALSE.
File
- includes/password.inc, line 234
- Secure password hashing functions for user authentication.
Code
function user_check_password($password, $account) { if (substr($account->pass, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5(). $stored_hash = substr($account->pass, 1); $password = md5($password); } else { $stored_hash = $account->pass; } $type = substr($stored_hash, 0, 3); switch ($type) { case '$S$': // A normal Drupal 7 password using sha512. $hash = _password_crypt('sha512', $password, $stored_hash); break; case '$H$': // phpBB3 uses "$H$" for the same thing as "$P$". case '$P$': // A phpass password generated using md5. This is an // imported password or from an earlier Drupal version. $hash = _password_crypt('md5', $password, $stored_hash); break; default: return FALSE; } return ($hash && $stored_hash == $hash); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!password.inc/function/user_check_password/7.x