You are here

Home » API reference » Password Separate Form 8 » ChangePasswordForm.php » ChangePasswordForm

public function ChangePasswordForm::buildForm in Password Separate Form 8

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

\Drupal\user\UserInterface $user: The user object.

Overrides FormInterface::buildForm

File

src/Form/ChangePasswordForm.php, line 68

Class

ChangePasswordForm
Provides a user password reset form.

Namespace

Drupal\change_pwd_page\Form

Code

public function buildForm(array $form, FormStateInterface $form_state, UserInterface $user = NULL) {

  /** @var \Drupal\user\UserInterface $account */
  $this->userProfile = $account = $user;
  $user = $this
    ->currentUser();
  $config = \Drupal::config('user.settings');
  $form['#cache']['tags'] = $config
    ->getCacheTags();
  $register = $account
    ->isAnonymous();

  // Account information.
  $form['account'] = [
    '#type' => 'container',
    '#weight' => -10,
  ];

  // Display password field only for existing users or when user is allowed to
  // assign a password during registration.
  if (!$register) {
    $form['account']['pass'] = [
      '#type' => 'password_confirm',
      '#size' => 25,
      '#description' => $this
        ->t('To change the current user password, enter the new password in both fields.'),
      '#required' => TRUE,
    ];

    // To skip the current password field, the user must have logged in via a
    // one-time link and have the token in the URL. Store this in $form_state
    // so it persists even on subsequent Ajax requests.
    if (!$form_state
      ->get('user_pass_reset') && ($token = $this
      ->getRequest()
      ->get('pass-reset-token'))) {
      $session_key = 'pass_reset_' . $account
        ->id();
      $user_pass_reset = isset($_SESSION[$session_key]) && hash_equals($_SESSION[$session_key], $token);
      $form_state
        ->set('user_pass_reset', $user_pass_reset);
    }

    // The user must enter their current password to change to a new one.
    if ($user
      ->id() == $account
      ->id()) {
      $form['account']['current_pass'] = [
        '#type' => 'password',
        '#title' => $this
          ->t('Current password'),
        '#size' => 25,
        '#access' => !$form_state
          ->get('user_pass_reset'),
        '#weight' => -5,
        // Do not let web browsers remember this password, since we are
        // trying to confirm that the person submitting the form actually
        // knows the current one.
        '#attributes' => [
          'autocomplete' => 'off',
        ],
        '#required' => TRUE,
      ];
      $form_state
        ->set('user', $account);

      // The user may only change their own password without their current
      // password if they logged in via a one-time login link.
      if (!$form_state
        ->get('user_pass_reset')) {
        $form['account']['current_pass']['#description'] = $this
          ->t('Required if you want to change the %pass below. <a href=":request_new_url" title="Send password reset instructions via email.">Reset your password</a>.', [
          '%pass' => $this
            ->t('Password'),
          ':request_new_url' => Url::fromRoute('user.pass')
            ->toString(),
        ]);
      }
    }

    // This should never show. The data is needed by other modules.
    $roles = array_map([
      '\\Drupal\\Component\\Utility\\Html',
      'escape',
    ], user_role_names(TRUE));
    $form['account']['roles'] = [
      '#type' => 'checkboxes',
      '#title' => $this
        ->t('Roles'),
      '#default_value' => !$register ? $account
        ->getRoles() : [],
      '#options' => $roles,
      '#access' => FALSE,
    ];
  }
  $form['actions'] = [
    '#type' => 'actions',
  ];
  $form['actions']['submit'] = [
    '#type' => 'submit',
    '#value' => $this
      ->t('Submit'),
  ];
  return $form;
}