function user_pass_rehash
Same name in other branches
- 9 core/modules/user/user.module \user_pass_rehash()
- 8.9.x core/modules/user/user.module \user_pass_rehash()
- 10 core/modules/user/user.module \user_pass_rehash()
- 11.x core/modules/user/user.module \user_pass_rehash()
Creates a unique hash value for use in time-dependent per-user URLs.
This hash is normally used to build a unique and secure URL that is sent to the user by email for purposes such as resetting the user's password. In order to validate the URL, the same hash can be generated again, from the same information, and compared to the hash value from the URL. The URL normally contains both the time stamp and the numeric user ID. The login timestamp and hashed password are retrieved from the database as necessary. For a usage example, see user_cancel_url() and user_cancel_confirm().
Parameters
string $password: The hashed user account password value.
int $timestamp: A UNIX timestamp, typically REQUEST_TIME.
int $login: The UNIX timestamp of the user's last login.
int $uid: The user ID of the user account.
string $mail: The e-mail address of the user.
Return value
A string that is safe for use in URLs and SQL statements.
13 calls to user_pass_rehash()
- StatisticsAdminTestCase::testDeleteUser in modules/
statistics/ statistics.test - Tests that accesslog reflects when a user is deleted.
- UserCancelTestCase::testUserAnonymize in modules/
user/ user.test - Delete account and anonymize all content.
- UserCancelTestCase::testUserBlock in modules/
user/ user.test - Disable account and keep all content.
- UserCancelTestCase::testUserBlockUnpublish in modules/
user/ user.test - Disable account and unpublish all content.
- UserCancelTestCase::testUserCancelInvalid in modules/
user/ user.test - Attempt invalid account cancellations.
File
-
modules/
user/ user.module, line 2451
Code
function user_pass_rehash($password, $timestamp, $login, $uid, $mail = '') {
// Backwards compatibility: Try to determine a $uid if one was not passed.
// (Since $uid is a required parameter to this function, a PHP warning will
// be generated if it's not provided, which is an indication that the calling
// code should be updated. But the code below will try to generate a correct
// hash in the meantime.)
if (!isset($uid)) {
$uids = db_query_range('SELECT uid FROM {users} WHERE pass = :password AND login = :login AND uid > 0', 0, 2, array(
':password' => $password,
':login' => $login,
))->fetchCol();
// If exactly one user account matches the provided password and login
// timestamp, proceed with that $uid.
if (count($uids) == 1) {
$uid = reset($uids);
}
else {
return drupal_random_key();
}
}
// Backwards compatibility: If the $mail parameter is not provided, load it
// from the user object.
if (empty($mail)) {
$account = user_load($uid);
$mail = $account->mail;
}
return drupal_hmac_base64($timestamp . $login . $uid . $mail, drupal_get_hash_salt() . $password);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.