function _recovery_pass_user_login_validate in Recovery Password (Email New Password) 8

Custom Submit handler for user login form.

Incase user tries to login using old pass then error msg is shown that pass has been reset, till user tries any other pass.

1 string reference to '_recovery_pass_user_login_validate'

recovery_pass_form_alter in ./recovery_pass.module

Implements hook_form_alter().

File

./recovery_pass.module, line 188

Contains module code.

Code

function _recovery_pass_user_login_validate($form, FormStateInterface $form_state) {
  $input_password = trim($form_state
    ->getValue('pass'));
  if (!empty($form_state
    ->getValue('name')) && !empty($input_password)) {
    $account = user_load_by_name($form_state
      ->getValue('name'));
    if ($account) {

      // Check uid exists in recovery_pass table.
      $result = \Drupal::database()
        ->select('recovery_pass', 'r')
        ->fields('r', array(
        'uid',
        'old_pass',
      ))
        ->condition('uid', (int) $account
        ->get('uid')->value)
        ->execute()
        ->fetchAssoc();
      if ($result) {

        // If uid exists in table.
        $passchecker = new \Drupal\Core\Password\PhpassHashedPassword(16);
        if ($passchecker
          ->check($input_password, $result['old_pass'])) {
          drupal_set_message(\Drupal::config('recovery_pass.settings')
            ->get('old_pass_warning'), 'warning', FALSE);
        }
        else {

          // Irrespective of the input password delete the entry.
          $entry_deleted = \Drupal::database()
            ->delete('recovery_pass')
            ->condition('uid', $result['uid'])
            ->execute();
          if (!$entry_deleted) {
            \Drupal::logger('recovery_pass')
              ->notice('Error deleting entry from recovery_table for user @id', array(
              '@id' => $user->uid,
            ));
          }
        }
      }
    }
  }
}