1 user.admin.inc user_login_settings($form, &$form_state)

Login settings form.

Related topics

Form builder functions Functions that build an abstract representation of a HTML form.

File

core/modules/user/user.admin.inc, line 307
Admin page callbacks for the User module.

Code

function user_login_settings($form, &$form_state) {
  $flood_config = config('user.flood');
  $core_config = config('system.core');

  $form['#config'] = 'user.flood';

  // User login settings.
  $form['user_login'] = array(
    '#type' => 'fieldset',
    '#title' => t('User login'),
    '#weight' => -2,
    '#config' => 'system.core',
  );
  $form['user_login']['user_login_method'] = array(
    '#type' => 'radios',
    '#title' => t('Users may log in using'),
    '#options' => array(
      USER_LOGIN_USERNAME_OR_EMAIL => t('Username or email address'),
      USER_LOGIN_USERNAME_ONLY => t('Username'),
      USER_LOGIN_EMAIL_ONLY => t('Email address'),
    ),
    '#default_value' => $core_config->get('user_login_method'),
  );

  $form['ip_limit_settings'] = array(
    '#type' => 'fieldset',
    '#title' => t('Limit login attempts by IP address'),
  );
  $form['ip_limit_settings']['wrapper'] = array(
    '#type' => 'container',
    '#attributes' => array('class' => array('container-inline')),
  );
  $form['ip_limit_settings']['wrapper']['flood_ip_limit'] = array(
    '#type' => 'select',
    '#title' => t('Attempted login limit'),
    '#title_display' => 'invisible',
    '#options' => backdrop_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 30, 40, 50, 75, 100, 125, 150, 200, 250, 500)),
    '#default_value' => $flood_config->get('flood_ip_limit'),
    '#prefix' => t('Limit to'),
  );
  $form['ip_limit_settings']['wrapper']['flood_ip_window'] = array(
    '#type' => 'select',
    '#title' => t('Attempted login time window'),
    '#title_display' => 'invisible',
    '#options' => array(0 => t('None (disabled)')) + backdrop_map_assoc(array(60, 180, 300, 600, 900, 1800, 2700, 3600, 10800, 21600, 32400, 43200, 86400), 'format_interval'),
    '#default_value' => $flood_config->get('flood_ip_window'),
    '#prefix' => t('login attempts from one IP address per'),
  );
  $form['ip_limit_settings']['help'] = array(
    '#type' => 'item',
    '#description' => t('Do not allow any login from the current user\'s IP if the limit has been reached. This is independent of the per-user limit to catch attempts from one IP to log in to many different user accounts. By default we have a reasonably high limit since there may be only one apparent IP for all users at an institution.'),
  );
  $form['user_limit_settings'] = array(
    '#type' => 'fieldset',
    '#title' => t('Limit login attempts by user'),
  );
  $form['user_limit_settings']['wrapper'] = array(
    '#type' => 'container',
    '#attributes' => array('class' => array('container-inline')),
  );
  $form['user_limit_settings']['wrapper']['flood_user_limit'] = array(
    '#type' => 'select',
    '#title' => t('Attempted login limit'),
    '#title_display' => 'invisible',
    '#options' => backdrop_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 30, 40, 50, 75, 100, 125, 150, 200, 250, 500)),
    '#default_value' => $flood_config->get('flood_user_limit'),
    '#prefix' => t('Limit to'),
  );
  $form['user_limit_settings']['wrapper']['flood_user_window'] = array(
    '#type' => 'select',
    '#title' => t('Attempted login time window'),
    '#title_display' => 'invisible',
    '#options' => array(0 => t('None (disabled)')) + backdrop_map_assoc(array(60, 180, 300, 600, 900, 1800, 2700, 3600, 10800, 21600, 32400, 43200, 86400), 'format_interval'),
    '#default_value' => $flood_config->get('flood_user_window'),
    '#prefix' => t('login attempts by a user per'),
  );
  $form['user_limit_settings']['help'] = array(
    '#type' => 'item',
    '#description' => t('Configure the limit and the time window for users attempting to log in. That is, how many failed login attempts are allowed per specified time period.'),
  );
  $form['user_limit_settings']['flood_uid_only'] = array(
    '#type' => 'radios',
    '#title' => t('Identify users attempting to log in, using'),
    '#options' => array(
      '1' => t('User ID only'),
      '0' => t('User ID and IP address combination'),
    ),
    '#default_value' => $flood_config->get('flood_uid_only'),
    '1' => array(
      '#description' => t('More secure, more likely to lock out users.'),
    ),
    '0' => array(
      '#description' => t('Less secure, less likely to lock out users.'),
    ),
  );

  $form['user_login_appearance_setting'] = array(
    '#type' => 'fieldset',
    '#title' => '',
  );
  $user_login_page_tab_options = array(
    'tabs' => t('Use tabs'),
    'links' => t('Use links'),
    'simplified' => t('Show simplified page'),
  );
  $user_login_appearance = $core_config->get('user_login_appearance');
  $form['user_login_appearance_setting']['user_login_appearance'] = array(
    '#title' => t('Login page options'),
    '#type' => 'radios',
    '#options' => $user_login_page_tab_options,
    '#default_value' => $user_login_appearance ? $user_login_appearance : 'tabs',
    '#config' => 'system.core',
    'tabs' => array(
      '#description' => t('Show tabs for "Create new account", "Log in", and "Reset password" links.'),
    ),
    'links' => array(
      '#description' => t('Show plain links to these pages.'),
    ),
    'simplified' => array(
      '#description' => t('Show plain links to these pages, and hide all layout regions, such as headers, footers, and sidebars.'),
    ),
  );
  $form['user_login_appearance_setting']['login_admin_theme'] = array(
    '#type' => 'checkbox',
    '#title' => t('Use the administration theme for simplified login pages'),
    '#default_value' => $core_config->get('login_admin_theme'),
    '#config' => 'system.core',
    '#description' => t('If disabled, the default front-end theme will be used. This setting only has an effect when the "Show simplified page" option is selected.'),
    '#indentation' => 1,
    '#states' => array(
      'visible' => array(
        ':input[name="user_login_appearance"]' => array('value' => 'simplified'),
      ),
    ),
  );
  $form['flood_log_failed_attempts'] = array(
    '#type' => 'checkbox',
    '#title' => t('Log excessive failed login attempts.'),
    '#default_value' => $flood_config->get('flood_log_failed_attempts'),
    '#description' => t('If there are excessive failed login attempts, the offending IP address or user account will be temporarily blocked. By default these events will be logged, as it helps identify brute force login attacks. You may want to disable logging them if for example, you are using the dblog module, and want to avoid database writes.'),
  );

  $form = system_settings_form($form);

  // Add another submit handler to flush caches on save, needed to rebuild
  // menus and clear the page cache for anonymous users.
  $form['#submit'][] = 'user_login_settings_submit';
  return $form;
}