multifactor.module

<?php
/**
 * @file Implementation of drupal core hooks.
 *
 * @todo the entire file needs cleaning.
 * @todo This needs to be hookified so that new multifactor modules can leverage the framework laid out here.
 * 
 */

/**
 * Implementation of hook_cron().
 *
 * @todo add a a field that indicates expire time.
 *
 * @return void
 */
function multifactor_cron() {
  watchdog('multifactor', 'Deleting stale nonces.');
  db_query("DELETE FROM {multifactor_nonce} WHERE timestamp < %d", array(time() - 120));
}

/**
 * Constants
 *
 * @todo This still needed? 
 */
define('MULTIFACTOR_ROLE_AUTHENTICATED_USER_DISABLED',
  variable_get('multifactor_role_authenticated_user_disabled', TRUE));
define('MULTIFACTOR_BRICK_ON_ERROR', variable_get('multifactor_brick_on_error', FALSE));
define('MULTIFACTOR_ROLE_USER_1_FAILOVER', variable_get('multifactor_role_user_1_failover', TRUE));

/**
 * Implementation of hook_form_alter().
 */
function multifactor_form_alter(&$form, $form_state, $form_id) {
  switch ($form_id) {
    case 'user_login':
    case 'user_login_block':
        // @todo Ugg address multiple login based modules from fighting here...modules like login_security etc.
        $form['#validate'] = array_merge(array('multifactor_user_login_validate'), $form['#validate']);
      break;
  }
}

/**
 * Implementation of form validate. This functions does more than just validating, but it's main
 * Intention is to break the login form flow.
 *
 * @param $form_item
 *   The status of the name field in the form field after being submitted by the user.
 *
 */
function multifactor_user_login_validate($form, &$form_state) {
  //love u

  static $modules;

  // @todo create a form for mapping multifactor options to roles.
  // @todo allow a selection of which role can use which multifactor authentication type.
  // @todo Check which method the user prefers

  // Call hook_multifactor_info(); Basically everyone that does multifactor implements this
  foreach (module_implements('multifactor_info') as $module) {
    $modules[] = $module;
  }

  /*
   *
   * switch(profile->multifactor_method) {
   *   case 'text': validate_text($form_state); break;
   *   case 'voip': // Fall through...
   *   default: validate_voip($form_state); break;
   * }
   */

  // Load user name from the form field - name.
  $name = $form_state['values']['name'];

  // Load the user.
  $user = user_load(array('name' => $name));
  // Fail silenty if the user doesn't exist.
  if(empty($user->uid) || !is_numeric($user->uid)) {
    return;
  }

  /**
   * @note This is a performance trade off and could be disabled safely with a variable_get or patch. I'll wait for the need
   * to crop up before I add anything in here that might slow the process.
   */
  if(user_is_blocked($name)) {
    // Fail silently and let the next non-multi-factor module have at it if the user is blocked.
    //@todo Should this be a form_set_error?
    return;
  }

  // Load Profile Data
  profile_load_profile($user);

  // Call hook_multifactor_after_user_load($user, &$form_state) so that all other modules can run their checks.
  module_invoke_all('multifactor_after_user_load', $user, $form_state);

  // Check if anyone set an error on the form during hook_multifactor_after_user_load($user, &$form_state).
  $errors = form_get_errors();

  if(!$errors) {
    // Call hook_multifactor_validate($user, &$form_state). This is where the meat of most modules should be.
    module_invoke_all('multifactor_validate', $user, $form_state);
    
    // Check if anyone set an error on the form during hook_multifactor_validate($user, &$form_state).
    $errors = form_get_errors();
  }
  
  // Call hook_multifactor_finalize($user, $errors, &$form_state).
  module_invoke_all('multifactor_finalize', $user, $errors, $form_state);
}