Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
drupal7/modules/user/user.module | ||
---|---|---|
2335 | 2335 |
*/ |
2336 | 2336 |
function user_pass_reset_url($account) { |
2337 | 2337 |
$timestamp = REQUEST_TIME; |
2338 |
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE)); |
|
2338 |
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
|
2339 | 2339 |
} |
2340 | 2340 |
|
2341 | 2341 |
/** |
... | ... | |
2357 | 2357 |
*/ |
2358 | 2358 |
function user_cancel_url($account) { |
2359 | 2359 |
$timestamp = REQUEST_TIME; |
2360 |
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE)); |
|
2360 |
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
|
2361 | 2361 |
} |
2362 | 2362 |
|
2363 | 2363 |
/** |
... | ... | |
2377 | 2377 |
* A UNIX timestamp, typically REQUEST_TIME. |
2378 | 2378 |
* @param int $login |
2379 | 2379 |
* The UNIX timestamp of the user's last login. |
2380 |
* @param int $uid |
|
2381 |
* The user ID of the user account. |
|
2380 | 2382 |
* |
2381 | 2383 |
* @return |
2382 | 2384 |
* A string that is safe for use in URLs and SQL statements. |
2383 | 2385 |
*/ |
2384 |
function user_pass_rehash($password, $timestamp, $login) { |
|
2385 |
return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password); |
|
2386 |
function user_pass_rehash($password, $timestamp, $login, $uid) { |
|
2387 |
// Backwards compatibility: Try to determine a $uid if one was not passed. |
|
2388 |
// (Since $uid is a required parameter to this function, a PHP warning will |
|
2389 |
// be generated if it's not provided, which is an indication that the calling |
|
2390 |
// code should be updated. But the code below will try to generate a correct |
|
2391 |
// hash in the meantime.) |
|
2392 |
if (!isset($uid)) { |
|
2393 |
$uids = db_query_range('SELECT uid FROM {users} WHERE pass = :password AND login = :login AND uid > 0', 0, 2, array(':password' => $password, ':login' => $login))->fetchCol(); |
|
2394 |
// If exactly one user account matches the provided password and login |
|
2395 |
// timestamp, proceed with that $uid. |
|
2396 |
if (count($uids) == 1) { |
|
2397 |
$uid = reset($uids); |
|
2398 |
} |
|
2399 |
// Otherwise there is no safe hash to return, so return a random string |
|
2400 |
// that will never be treated as a valid token. |
|
2401 |
else { |
|
2402 |
return drupal_random_key(); |
|
2403 |
} |
|
2404 |
} |
|
2405 |
|
|
2406 |
return drupal_hmac_base64($timestamp . $login . $uid, drupal_get_hash_salt() . $password); |
|
2386 | 2407 |
} |
2387 | 2408 |
|
2388 | 2409 |
/** |
Formats disponibles : Unified diff
Update core to 7.35