username_enumeration_prevention.module in Username Enumeration Prevention 7
Same filename and directory in other branches
Main file for the Username Enumeration Prevention.
Adds the required functionality for removing the reset password error message. Also, if views is installed restricts the callback function to work only for users with the access user profiles permission.
File
username_enumeration_prevention.moduleView source
<?php
/**
* @file
* Main file for the Username Enumeration Prevention.
*
* Adds the required functionality for removing the reset password error
* message. Also, if views is installed restricts the callback function to work
* only for users with the access user profiles permission.
*/
/**
* Implements hook_menu_alter().
*/
function username_enumeration_prevention_menu_alter(&$items) {
$items['user/%user']['delivery callback'] = 'username_enumeration_prevention_delivery_wrapper';
}
/**
* Converts 403 Access Denied responses to 404 Not Found on user profiles.
*/
function username_enumeration_prevention_delivery_wrapper($page_callback_result) {
if ($page_callback_result == MENU_ACCESS_DENIED) {
$page_callback_result = MENU_NOT_FOUND;
}
drupal_deliver_html_page($page_callback_result);
}
/**
* Implements hook_form_FORM_ID_alter().
*
* Checks for the user password reset form and changes the validate and submit
* functions. Uses the overrided functions defined in this module instead of
* Drupal cores.
*/
function username_enumeration_prevention_form_user_pass_alter(&$form, &$form_state, $form_id) {
// Override core validate and submit actions.
$key_validate = array_search('user_pass_validate', $form['#validate']);
if ($key_validate !== FALSE) {
$form['#validate'][$key_validate] = 'username_enumeration_prevention_pass_validate';
}
$key_submit = array_search('user_pass_submit', $form['#submit']);
if ($key_submit !== FALSE) {
$form['#submit'][$key_submit] = 'username_enumeration_prevention_pass_submit';
}
}
/**
* Overrides user_pass_validate() found in user.pages.inc.
*/
function username_enumeration_prevention_pass_validate($form, &$form_state) {
$name = trim($form_state['values']['name']);
// Try to load by email.
$users = user_load_multiple(array(), array(
'mail' => $name,
'status' => '1',
));
$account = reset($users);
if (!$account) {
// No success, try to load by name.
$users = user_load_multiple(array(), array(
'name' => $name,
'status' => '1',
));
$account = reset($users);
}
if (isset($account->uid)) {
form_set_value(array(
'#parents' => array(
'account',
),
), $account, $form_state);
}
}
/**
* Overrides the user_pass_submit() found in user.pages.inc.
*/
function username_enumeration_prevention_pass_submit($form, &$form_state) {
if (isset($form_state['values']['account'])) {
global $language;
$account = $form_state['values']['account'];
// Mail one time login URL and instructions using current language.
_user_mail_notify('password_reset', $account, $language);
watchdog('user', 'Password reset instructions mailed to %name at %email.', array(
'%name' => $account->name,
'%email' => $account->mail,
));
}
// Set the same message as when an email has been sent whenever the form is
// submitted. Moved from validation callback to prevent message to be
// displayed in case there is another form error for other modules like
// captcha.
drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
$form_state['redirect'] = 'user';
}Functions
Name |
Description |
|---|---|
| username_enumeration_prevention_delivery_wrapper | Converts 403 Access Denied responses to 404 Not Found on user profiles. |
| username_enumeration_prevention_form_user_pass_alter | Implements hook_form_FORM_ID_alter(). |
| username_enumeration_prevention_menu_alter | Implements hook_menu_alter(). |
| username_enumeration_prevention_pass_submit | Overrides the user_pass_submit() found in user.pages.inc. |
| username_enumeration_prevention_pass_validate | Overrides user_pass_validate() found in user.pages.inc. |