You are here

Home » API reference » Username Enumeration Prevention 6 » username_enumeration_prevention.module

function username_enumeration_prevention_pass_validate in Username Enumeration Prevention 6

Same name and namespace in other branches
  1. 8 username_enumeration_prevention.module \username_enumeration_prevention_pass_validate()
  2. 7 username_enumeration_prevention.module \username_enumeration_prevention_pass_validate()

Overrides the Drupal Core user_pass_validate() function found in user.pages.inc

1 string reference to 'username_enumeration_prevention_pass_validate'
username_enumeration_prevention_form_alter in ./username_enumeration_prevention.module
Implements hook_form_alter(). Checks for the user password reset form and changes the validate and submit functions. Uses the overrided functions defined in this module instead of Drupal cores.

File

./username_enumeration_prevention.module, line 54
Main file for the Username Enumeration Prevention. Adds the required functionality for removing the reset password error message. Also, if views is installed restricts the callback function to work only for users with the access user profiles permission.

Code

function username_enumeration_prevention_pass_validate($form, &$form_state) {
  $name = trim($form_state['values']['name']);

  // Try to load by email.
  $account = user_load(array(
    'mail' => $name,
    'status' => 1,
  ));
  if (!$account) {

    // No success, try to load by name.
    $account = user_load(array(
      'name' => $name,
      'status' => 1,
    ));
  }
  if ($account) {

    // Blocked accounts cannot request a new password,
    // check provided username and email against access rules.
    if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {

      // set the same message as when an email has been sent but only if a value was entered in form.
      if ($name != '') {
        drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
      }
    }
  }
  if (isset($account->uid)) {
    form_set_value(array(
      '#parents' => array(
        'account',
      ),
    ), $account, $form_state);
  }
  else {

    // set the same message as when an email has been sent but only if a value was entered in form.
    if ($name != '') {
      drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
    }
  }
}