user_pass_rehash | user.module | Drupal 7

Same name and namespace in other branches

10 core/modules/user/user.module \user_pass_rehash()
4.7.x modules/user.module \user_pass_rehash()
5.x modules/user/user.module \user_pass_rehash()
6.x modules/user/user.module \user_pass_rehash()
8.9.x core/modules/user/user.module \user_pass_rehash()
9 core/modules/user/user.module \user_pass_rehash()

Creates a unique hash value for use in time-dependent per-user URLs.

This hash is normally used to build a unique and secure URL that is sent to the user by email for purposes such as resetting the user's password. In order to validate the URL, the same hash can be generated again, from the same information, and compared to the hash value from the URL. The URL normally contains both the time stamp and the numeric user ID. The login timestamp and hashed password are retrieved from the database as necessary. For a usage example, see user_cancel_url() and user_cancel_confirm().

Parameters

string $password: The hashed user account password value.

int $timestamp: A UNIX timestamp, typically REQUEST_TIME.

int $login: The UNIX timestamp of the user's last login.

int $uid: The user ID of the user account.

string $mail: The e-mail address of the user.

Return value

A string that is safe for use in URLs and SQL statements.

14 calls to user_pass_rehash()

StatisticsAdminTestCase::testDeleteUser in modules/statistics/statistics.test: Tests that accesslog reflects when a user is deleted.
UserCancelTestCase::testUserAnonymize in modules/user/user.test: Delete account and anonymize all content.
UserCancelTestCase::testUserBlock in modules/user/user.test: Disable account and keep all content.
UserCancelTestCase::testUserBlockUnpublish in modules/user/user.test: Disable account and unpublish all content.
UserCancelTestCase::testUserCancelInvalid in modules/user/user.test: Attempt invalid account cancellations.

... See full list

File

modules/user/user.module, line 2447: Enables the user registration and login system.

Code

function user_pass_rehash($password, $timestamp, $login, $uid, $mail = '') {

  // Backwards compatibility: Try to determine a $uid if one was not passed.
  // (Since $uid is a required parameter to this function, a PHP warning will
  // be generated if it's not provided, which is an indication that the calling
  // code should be updated. But the code below will try to generate a correct
  // hash in the meantime.)
  if (!isset($uid)) {
    $uids = db_query_range('SELECT uid FROM {users} WHERE pass = :password AND login = :login AND uid > 0', 0, 2, array(
      ':password' => $password,
      ':login' => $login,
    ))
      ->fetchCol();

    // If exactly one user account matches the provided password and login
    // timestamp, proceed with that $uid.
    if (count($uids) == 1) {
      $uid = reset($uids);
    }
    else {
      return drupal_random_key();
    }
  }

  // Backwards compatibility: If the $mail parameter is not provided, load it
  // from the user object.
  if (empty($mail)) {
    $account = user_load($uid);
    $mail = $account->mail;
  }
  return drupal_hmac_base64($timestamp . ':' . $login . ':' . $uid . ':' . $mail, drupal_get_hash_salt() . $password);
}

function user_pass_rehash

Parameters

Return value

File

Code

Search Drupal 7

News items

Our community

Documentation

Drupal code base

Governance of community