diff --git a/constraints/constraint_history.inc b/constraints/constraint_history.inc index 5748b0c..0130bb3 100644 --- a/constraints/constraint_history.inc +++ b/constraints/constraint_history.inc @@ -25,31 +25,21 @@ function password_policy_constraint_history_error($constraint) { * Password validation. */ function password_policy_constraint_history_validate($password, $constraint, $uid) { + // Allow for backporting of phpass (Drupal 7 password caching). user_secure_hashing is implemented in password.inc. + if (function_exists('user_check_password')) { + $account = user_load($uid); + foreach (_password_policy_constraint_history_old_passwords($constraint, $uid) as $old_pass) { + $account->pass = $old_pass; + if (user_check_password($password, $account)) { + return FALSE; + } + } + return TRUE; + } + // user_check_password not found. Use md5 by default. return !in_array(md5($password), _password_policy_constraint_history_old_passwords($constraint, $uid)); } -/** - * Javascript portion. - */ -function password_policy_constraint_history_js($constraint, $uid) { - drupal_add_js(drupal_get_path('module', 'password_policy') .'/constraints/scripts/webtoolkit.md5.js'); - $pass = _password_policy_constraint_history_old_passwords($constraint, $uid); - $s = ''; - $s .= " var num=0;\n"; - $s .= " var pass=new Array(\"". implode('","', $pass) ."\");\n"; - $s .= " var i;\n"; - $s .= " for (i=0;i TRUE, ), 'pass' => array( - 'description' => t("User's password (md5 hash)."), + 'description' => t("User's password hash."), 'type' => 'varchar', - 'length' => 32, + 'length' => 60, 'not null' => TRUE, ), 'created' => array( @@ -356,3 +356,16 @@ function password_policy_update_6006() { array('rid','name')); return $ret; } + +/** +* Alter table password_policy_history to accommodate phpass (D7 hashing method). +*/ +function password_policy_update_6007() { + db_change_field($ret, 'password_policy_history', 'pass', 'pass', array( + 'description' => t("User's password hash."), + 'type' => 'varchar', + 'length' => 60, + 'not null' => TRUE, + )); + return $ret; +} \ No newline at end of file diff --git a/password_policy.module b/password_policy.module index 54942ff..c000ff3 100644 --- a/password_policy.module +++ b/password_policy.module @@ -237,7 +237,9 @@ function password_policy_user($op, &$edit, &$account, $category = NULL) { // New users do not yet have an uid during the validation step, but they do have at this insert step. // Store their first password in the system for use with the history constraint (if used). if ($account->uid) { - _password_policy_store_password($account->uid, $edit['pass']); + // Get the hashed password. + $account = user_load($account->uid); + _password_policy_store_hash($account->uid, $account->pass); } } break; @@ -528,7 +530,9 @@ function password_policy_password_submit($form, &$form_state) { // Track the hashed password values which can then be used in the history constraint. if ($account->uid && !empty($values['pass'])) { - _password_policy_store_password($account->uid, $values['pass']); + // Get the hashed password. + $account = user_load($account->uid); + _password_policy_store_hash($account->uid, $account->pass); } } @@ -796,8 +800,8 @@ function _password_policy_load_active_policy($roles) { * @param $pass * Clear text password. */ -function _password_policy_store_password($uid, $pass) { - db_query("INSERT INTO {password_policy_history} (uid, pass, created) VALUES (%d, '%s', %d)", $uid, md5($pass), time()); +function _password_policy_store_hash($uid, $hash) { + db_query("INSERT INTO {password_policy_history} (uid, pass, created) VALUES (%d, '%s', %d)", $uid, $hash, time()); } /**