function username_enumeration_prevention_enable in Username Enumeration Prevention 6

Implements hook_form_alter(). Check to see if any callbacks are enabled for anonymous users and warn user.

File

./username_enumeration_prevention.module, line 16

Main file for the Username Enumeration Prevention. Adds the required functionality for removing the reset password error message. Also, if views is installed restricts the callback function to work only for users with the access user profiles permission.

Code

function username_enumeration_prevention_enable() {
  $username_enumeration_prevention_roles = user_roles(FALSE, 'access user profiles');
  if ($username_enumeration_prevention_roles[1] == "anonymous user") {
    drupal_set_message(t('WARNING! You have anonymous users set up with the permission to access user profiles. This is a security risk because it
    allows users that are not logged into the system to obtain usernames using callbacks. You can read more about this in the
    module README or at the project page.'), 'warning');
  }
}