1 password.inc | user_check_password($password, $account) |
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
Parameters
$password: A plain-text password
$account: A user object with at least the fields from the {users} table.
Return value
TRUE or FALSE.:
File
- core/
includes/ password.inc, line 233 - Secure password hashing functions for user authentication.
Code
function user_check_password($password, $account) {
if (substr($account->pass, 0, 2) == 'U$') {
$stored_hash = substr($account->pass, 1);
$password = md5($password);
}
else {
$stored_hash = $account->pass;
}
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal Backdrop password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier Backdrop version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return FALSE;
}
return ($hash && $stored_hash == $hash);
}