user_restrictions.module in User restrictions 8

<?php

/**
 * @file
 * Specifies rules for restricting the data users can set for their accounts.
 */
use Drupal\user_restrictions\UserRestrictionsManager;
use Drupal\Core\Form\FormStateInterface;

/**
 * Implements hook_cron().
 *
 * Delete expired items in the user_restrictions table.
 */
function user_restrictions_cron() {
  $entity_manager = \Drupal::getContainer()
    ->get('entity_type.manager');
  $user_restrictions_type_manager = \Drupal::getContainer()
    ->get('user_restrictions.type_manager');
  $logger = \Drupal::getContainer()
    ->get('logger.factory')
    ->get('user_restrictions');
  $user_restrictions = new UserRestrictionsManager($entity_manager, $user_restrictions_type_manager, $logger);
  $user_restrictions
    ->deleteExpiredRules();
}

/**
 * Implements hook_help().
 */
function user_restrictions_help($path, $arg) {
  switch ($path) {
    case 'help.page.user_restrictions':
      $output = '';
      $output .= '<h3>' . t('About') . '</h3>';
      $output .= '<p>' . t("The user restrictions module allows you to specify rules for allowable usernames, or e-mail addresses. A rule may either explicitly <q>allow</q> access or <q>deny</q> access based on the rule's <em>Access type</em>, <em>Rule type</em>, and <em>Pattern</em>. For <em>Username</em> and <em>E-Mail</em> rule types, if the username or e-mail address of an existing account or new registration matches the <em>Mask</em> of a <q>deny</q> rule, but not an <q>allow</q> rule, then the account will not be created (for new registrations) or able to log in (for existing accounts). The user restrictions module could also be used to prevent new users from registering with usernames like <q>Admin</q> or with e-mail addresses from certain domains. Existing logged-in users with e-mail addresses or usernames that match a <q>deny</q> rule (but not an <q>allow</q> rule) are not immediately logged out (but once they log out, may not log back in), Be careful to not create a <q>deny</q> rule that includes your administrative account.Visitors attempting to view your site from an IP address or hostname that matches a <q>deny</q> rule will receive a <q>banned address</q> message. Drupal checks incoming addresses for potential bans before any other Drupal modules or themes are loaded.") . '</p>';
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t("Go to /admin/modules and enable User Restrictions and User Restrictions UI module.") . '</dt>';
      $output .= '<dt>' . t("Go to /admin/config/people/user-restrictions, and click Add rule.") . '</dt>';
      $output .= '<dt>' . t("Select Access type, Rule type, Expire time, and fill the Mask field.") . '</dt>';
      $output .= '<dd>' . t("Use Access type to specifically deny or allow the matched mask.") . '</dd>';
      $output .= '<dd>' . t("Rule type is used to tell the module to restrict/allow based on username or user email.") . '</dd>';
      $output .= '<dd>' . t("Use wildcard % or _ in Mask field to match the username or email address. A % will match any number of characters, a _ will match precisely one character.") . '</dd>';
      $output .= '<dd>' . t("Set up the expired hours/days for the restriction or alternatively leave for unlimited restriction.") . '</dd>';
      $output .= '<dt>' . t("Click Save rule button and the matched user account will be restricted.") . '</dt>';
      $output .= '<dt>' . t("Edit/Delete the restriction rules in /admin/config/people/user-restrictions.") . '</dt>';
      $output .= '<dt>' . t("You can also test usernames and emails in the CHECK RULES fieldset that appears after at least one rule has been created.") . '</dt>';
      return $output;
    case 'admin/config/people/user-restrictions':
      return t("Set up rules for allowable usernames and e-mail address. A rule may either explicitly allow access or deny access based on the rule's Access type, Rule type, and Pattern. If the username or e-mail address of an existing account or new registration matches a deny rule, but not an allow rule, then the account will not be created (for new registrations) or able to log in (for existing accounts).");
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for user_login_form.
 */
function user_restrictions_form_user_login_form_alter(&$form, &$form_state) {
  $form['#validate'][] = 'user_restrictions_validate';
}

/**
 * Implements hook_form_FORM_ID_alter() for user_register_form.
 */
function user_restrictions_form_user_register_form_alter(&$form, &$form_state) {
  $form['#validate'][] = 'user_restrictions_validate';
}

/**
 * Implements hook_form_FORM_ID_alter() for user_form.
 */
function user_restrictions_form_user_form_alter(&$form, &$form_state) {
  $form['#validate'][] = 'user_restrictions_validate';
}

/**
 * Validation function to determine if the user is allowed on the site.
 *
 * @param array $form
 *   Nested array of form elements that comprise the form.
 * @param \Drupal\Core\Form\FormStateInterface $form_state
 *   The current state of the form.
 */
function user_restrictions_validate(array $form, FormStateInterface $form_state) {
  if (\Drupal::currentUser()
    ->hasPermission('bypass user restriction rules')) {
    return;
  }

  // During log in the current user will not be logged in so check first and
  // load the user attempting to log in if this operation is occuring.
  if (!\Drupal::currentUser()
    ->isAuthenticated()) {
    $user = user_load_by_name($form_state
      ->getValue('name'));
    if ($user && $user
      ->hasPermission('bypass user restriction rules')) {
      return;
    }
  }

  /** @var Drupal\user_restrictions\UserRestrictionsManagerInterface $restriction_manager */
  $restriction_manager = \Drupal::service('user_restrictions.manager');
  if ($restriction_manager
    ->matchesRestrictions($form_state
    ->getValues())) {
    foreach ($restriction_manager
      ->getErrors() as $type => $message) {
      $form_state
        ->setError($form, $message);
    }
  }
}