You are here

Home » API reference » Drupal 8 » UserPasswordForm.php » UserPasswordForm

public function UserPasswordForm::validateForm in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  2. 10 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()

Form validation handler.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Overrides FormBase::validateForm

File

core/modules/user/src/Form/UserPasswordForm.php, line 137

Class

UserPasswordForm
Provides a user password reset form.

Namespace

Drupal\user\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
  $flood_config = $this->configFactory
    ->get('user.flood');
  if (!$this->flood
    ->isAllowed('user.password_request_ip', $flood_config
    ->get('ip_limit'), $flood_config
    ->get('ip_window'))) {
    $form_state
      ->setErrorByName('name', $this
      ->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
    return;
  }
  $this->flood
    ->register('user.password_request_ip', $flood_config
    ->get('ip_window'));
  $name = trim($form_state
    ->getValue('name'));

  // Try to load by email.
  $users = $this->userStorage
    ->loadByProperties([
    'mail' => $name,
  ]);
  if (empty($users)) {

    // No success, try to load by name.
    $users = $this->userStorage
      ->loadByProperties([
      'name' => $name,
    ]);
  }
  $account = reset($users);
  if ($account && $account
    ->id()) {

    // Blocked accounts cannot request a new password.
    if (!$account
      ->isActive()) {
      $form_state
        ->setErrorByName('name', $this
        ->t('%name is blocked or has not been activated yet.', [
        '%name' => $name,
      ]));
    }
    else {

      // Register flood events based on the uid only, so they apply for any
      // IP address. This allows them to be cleared on successful reset (from
      // any IP).
      $identifier = $account
        ->id();
      if (!$this->flood
        ->isAllowed('user.password_request_user', $flood_config
        ->get('user_limit'), $flood_config
        ->get('user_window'), $identifier)) {
        $form_state
          ->setErrorByName('name', $this
          ->t('Too many password recovery requests for this account. It is temporarily blocked. Try again later or contact the site administrator.'));
        return;
      }
      $this->flood
        ->register('user.password_request_user', $flood_config
        ->get('user_window'), $identifier);
      $form_state
        ->setValueForElement([
        '#parents' => [
          'account',
        ],
      ], $account);
    }
  }
  else {
    $form_state
      ->setErrorByName('name', $this
      ->t('%name is not recognized as a username or an email address.', [
      '%name' => $name,
    ]));
  }
}