function ccl_validate_existing_account in Commerce Checkout Login 7.2
Known user validation helper.
1 call to ccl_validate_existing_account()
- commerce_checkout_login_account_form_validate in ./
commerce_checkout_login.panes.inc - Account pane validation handler.
File
- ./
commerce_checkout_login.module, line 107 - Adds a new checkout pane to allow users to login, create an account or checkout anonymously depending on site configuration.
Code
function ccl_validate_existing_account(&$form, &$form_state, &$account) {
if ($user = user_uid_optional_load()) {
if ($user->uid === $account->uid) {
// Nothing to validate, the user is already logged in.
return TRUE;
}
}
// user_login_authenticate_validate() does a flood controlled authentication
// of the credentials based on a form submission. We therefor simulate a form
// submission to make use of existing code.
$credentials['values'] = array(
'pass' => $form_state['values']['account_form']['select']['login']['password'],
'name' => $account->name,
'mail' => $account->mail,
);
user_login_authenticate_validate(array(), $credentials);
// The uid is added to the credentials when validation is successful.
if (isset($credentials['uid']) && $credentials['uid']) {
// Clear past failures for this user so as not to block a user who might
// log in and out more than once in an hour.
if (isset($credentials['flood_control_user_identifier'])) {
flood_clear_event('failed_login_attempt_user', $credentials['flood_control_user_identifier']);
}
$form_state['commerce_checkout_login_uid'] = $credentials['uid'];
return TRUE;
}
else {
// Register events for flood control.
// Copied/adjusted from user_login_final_validate().
// Always register an IP-based failed login event.
flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));
// Register a per-user failed login event.
if (isset($credentials['flood_control_user_identifier'])) {
flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $credentials['flood_control_user_identifier']);
}
if (isset($credentials['flood_control_triggered'])) {
if ($credentials['flood_control_triggered'] == 'user') {
form_set_error('account_form][select][login][name', format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array(
'@url' => url('user/password'),
)));
}
else {
// We did not find a uid, so the limit is IP-based.
form_set_error('account_form][select][login][name', t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array(
'@url' => url('user/password'),
)));
}
}
else {
form_set_error('account_form][select][login][name', t('Sorry, unrecognized e-mail address or password. <a href="@password">Have you forgotten your password?</a>', array(
'@password' => url('user/password', array(
'query' => array(
'name' => $credentials['values']['mail'],
),
)),
)));
watchdog('commerce_checkout_login', 'Login attempt failed for %mail.', array(
'%mail' => $credentials['values']['mail'],
));
}
}
// Display an appropriate error message if the user account is blocked.
if (user_is_blocked($account->name)) {
form_set_error('account_form][select][login][email', t('The username %name has not been activated or is blocked.', array(
'%name' => $account->name,
)));
return FALSE;
}
return FALSE;
}