ad_check_password (public)

 ad_check_password user_id password_from_form

Defined in packages/acs-tcl/tcl/security-procs.tcl

Check if the provided password is correct. OpenACS never stores password, but uses salted hashes for identification. Different algorithm can be used. When the stored hash is from another hash algorithm, which is preferred, this function updates the password hash automatically, but only, when the password is correct.

Parameters:

user_id (required)

password_from_form (required)

Returns:

Returns 1 if the password is correct for the given user ID.

Testcases:

auth_password_change, auth_password_implementations, ad_change_check_password

Source code:

    set found_p [db_0or1row password_select {
        select password, salt, password_hash_algorithm from users where user_id = :user_id
    }]
    if { !$found_p } {
        return 0
    }

    if {$password ne [::security::hash::$password_hash_algorithm $password_from_form $salt]  } {
        return 0
    }

    set preferred_hash_algorithm [security::preferred_password_hash_algorithm]
    if {$preferred_hash_algorithm ne $password_hash_algorithm} {
        ns_log notice "upgrade password hash for user $user_id from"  "$password_hash_algorithm to $preferred_hash_algorithm"
        ad_change_password  -password_hash_algorithm $preferred_hash_algorithm  $user_id  $password_from_form
    }
    return 1

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql