ad_check_password (public)

 ad_check_password user_id password_from_form

Defined in packages/acs-tcl/tcl/security-procs.tcl

Check if the provided password is correct. OpenACS never stores password, but uses salted hashes for identification. Different algorithm can be used. When the stored hash is from another hash algorithm, which is preferred, this function updates the password hash automatically, but only, when the password is correct.

Parameters:
user_id
password_from_form
Returns:
Returns 1 if the password is correct for the given user ID.

Partial Call Graph (max 5 caller/called nodes):
%3 test_ad_change_check_password ad_change_check_password (test acs-tcl) ad_check_password ad_check_password test_ad_change_check_password->ad_check_password test_auth_password_change auth_password_change (test acs-authentication) test_auth_password_change->ad_check_password test_auth_password_implementations auth_password_implementations (test acs-authentication) test_auth_password_implementations->ad_check_password ad_change_password ad_change_password (public) ad_check_password->ad_change_password db_0or1row db_0or1row (public) ad_check_password->db_0or1row security::preferred_password_hash_algorithm security::preferred_password_hash_algorithm (private) ad_check_password->security::preferred_password_hash_algorithm auth::local::authentication::Authenticate auth::local::authentication::Authenticate (private) auth::local::authentication::Authenticate->ad_check_password auth::local::password::ChangePassword auth::local::password::ChangePassword (private) auth::local::password::ChangePassword->ad_check_password

Testcases:
auth_password_change, auth_password_implementations, ad_change_check_password
Source code:

    set found_p [db_0or1row password_select {
        select password, salt, password_hash_algorithm from users where user_id = :user_id
    }]
    if { !$found_p } {
        return 0
    }

    if {$password ne [::security::hash::$password_hash_algorithm $password_from_form $salt]  } {
        return 0
    }

    set preferred_hash_algorithm [security::preferred_password_hash_algorithm]
    if {$preferred_hash_algorithm ne $password_hash_algorithm} {
        ns_log notice "upgrade password hash for user $user_id from"  "$password_hash_algorithm to $preferred_hash_algorithm"
        ad_change_password  -password_hash_algorithm $preferred_hash_algorithm  $user_id  $password_from_form
    }
    return 1
Generic XQL file:
packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:
packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:
packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: