Home » API reference » password.inc

user_check_password

Versions
7
user_check_password($password, $account)

Check whether a plain text password matches a stored hashed password.

Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.

Parameters

$password A plain-text password

$account A user object with at least the fields from the {users} table.

Return value

TRUE or FALSE.

▸ 1 function calls user_check_password()

▾ 1 function calls user_check_password()

user_authenticate in modules/user/user.module
Try to validate the user's login credentials locally.

Code

includes/password.inc, line 202

<?php
function user_check_password($password, $account) {
  if (substr($account->pass, 0, 3) == 'U$P') {
    // This may be an updated password from user_update_7000(). Such hashes
    // have 'U' added as the first character and need an extra md5().
    $stored_hash = substr($account->pass, 1);
    $password = md5($password);
  }
  else {
    $stored_hash = $account->pass;
  }
  $hash = _password_crypt($password, $stored_hash);
  return ($hash && $stored_hash == $hash);
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.