Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
| drupal7/modules/user/user.module | ||
|---|---|---|
| 2335 | 2335 |
*/ |
| 2336 | 2336 |
function user_pass_reset_url($account) {
|
| 2337 | 2337 |
$timestamp = REQUEST_TIME; |
| 2338 |
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
|
|
| 2338 |
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
|
| 2339 | 2339 |
} |
| 2340 | 2340 |
|
| 2341 | 2341 |
/** |
| ... | ... | |
| 2357 | 2357 |
*/ |
| 2358 | 2358 |
function user_cancel_url($account) {
|
| 2359 | 2359 |
$timestamp = REQUEST_TIME; |
| 2360 |
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
|
|
| 2360 |
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
|
| 2361 | 2361 |
} |
| 2362 | 2362 |
|
| 2363 | 2363 |
/** |
| ... | ... | |
| 2377 | 2377 |
* A UNIX timestamp, typically REQUEST_TIME. |
| 2378 | 2378 |
* @param int $login |
| 2379 | 2379 |
* The UNIX timestamp of the user's last login. |
| 2380 |
* @param int $uid |
|
| 2381 |
* The user ID of the user account. |
|
| 2380 | 2382 |
* |
| 2381 | 2383 |
* @return |
| 2382 | 2384 |
* A string that is safe for use in URLs and SQL statements. |
| 2383 | 2385 |
*/ |
| 2384 |
function user_pass_rehash($password, $timestamp, $login) {
|
|
| 2385 |
return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password); |
|
| 2386 |
function user_pass_rehash($password, $timestamp, $login, $uid) {
|
|
| 2387 |
// Backwards compatibility: Try to determine a $uid if one was not passed. |
|
| 2388 |
// (Since $uid is a required parameter to this function, a PHP warning will |
|
| 2389 |
// be generated if it's not provided, which is an indication that the calling |
|
| 2390 |
// code should be updated. But the code below will try to generate a correct |
|
| 2391 |
// hash in the meantime.) |
|
| 2392 |
if (!isset($uid)) {
|
|
| 2393 |
$uids = db_query_range('SELECT uid FROM {users} WHERE pass = :password AND login = :login AND uid > 0', 0, 2, array(':password' => $password, ':login' => $login))->fetchCol();
|
|
| 2394 |
// If exactly one user account matches the provided password and login |
|
| 2395 |
// timestamp, proceed with that $uid. |
|
| 2396 |
if (count($uids) == 1) {
|
|
| 2397 |
$uid = reset($uids); |
|
| 2398 |
} |
|
| 2399 |
// Otherwise there is no safe hash to return, so return a random string |
|
| 2400 |
// that will never be treated as a valid token. |
|
| 2401 |
else {
|
|
| 2402 |
return drupal_random_key(); |
|
| 2403 |
} |
|
| 2404 |
} |
|
| 2405 |
|
|
| 2406 |
return drupal_hmac_base64($timestamp . $login . $uid, drupal_get_hash_salt() . $password); |
|
| 2386 | 2407 |
} |
| 2387 | 2408 |
|
| 2388 | 2409 |
/** |
Formats disponibles : Unified diff
Update core to 7.35