1 user.module | user_account_form(&$form, &$form_state) |
Helper function to add default user account fields to user registration and edit form.
See also
user_validate_mail()
user_password_policy_validate()
File
- core/
modules/ user/ user.module, line 784 - Enables the user registration and login system.
Code
function user_account_form(&$form, &$form_state) {
global $user;
$site_config = config('system.core');
$account = $form['#user'];
$register = ($form['#user']->uid > 0 ? FALSE : TRUE);
$admin_users = user_access('administer users');
$admin_roles = user_access('assign roles');
$form['#validate'][] = 'user_account_form_validate';
module_load_include('password.inc', 'user', 'user');
$reject_weak = user_password_reject_weak($user->name);
if ($reject_weak) {
$form['#validate'][] = 'user_password_policy_validate';
}
// Account information.
$form['account'] = array(
'#type' => 'container',
'#weight' => -10,
);
// Only show name field on registration form or user can change own username.
$form['account']['name'] = array(
'#type' => 'textfield',
'#title' => t('Username'),
'#maxlength' => USERNAME_MAX_LENGTH,
'#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, apostrophes, and underscores.'),
'#required' => TRUE,
'#attributes' => array(
'class' => array('username'),
// Add attributes to field to prevent spell-jacking and unwanted
// automatic changes caused by the browser.
'autocapitalize' => 'none',
'autocorrect' => 'off',
'spellcheck' => 'false',
),
'#default_value' => (!$register ? $account->name : ''),
'#access' => ($register || ($user->uid == $account->uid && user_access('change own username')) || $admin_users),
'#weight' => -10,
);
// Autofocus the username field (on the registration form only).
if ($register) {
$form['account']['name']['#attributes']['autofocus'] = 'autofocus';
}
$form['account']['mail'] = array(
'#type' => 'email',
'#title' => t('Email address'),
'#description' => t('A valid email address. All emails from the system will be sent to this address. The email address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by email.'),
'#required' => TRUE,
'#default_value' => (!$register ? $account->mail : ''),
'#attributes' => array(
// Add attributes to field to prevent spell-jacking and unwanted
// automatic changes caused by the browser.
'autocapitalize' => 'none',
'autocorrect' => 'off',
'spellcheck' => 'false',
),
);
// Display password field only for existing users or when user is allowed to
// assign a password during registration.
if (!$register) {
$form['account']['pass'] = array(
'#title' => t('New password'),
'#type' => 'password',
'#password_toggle' => TRUE,
'#password_strength' => TRUE,
);
// To skip the current password field, the user must have logged in via a
// one-time link and have the token in the URL. Store this in $form_state
// so it persists even on subsequent Ajax requests.
if (!isset($form_state['user_pass_reset'])) {
$form_state['user_pass_reset'] = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
}
$protected_values = array();
$current_pass_description = '';
// The user may only change their own password without their current
// password if they logged in via a one-time login link.
if (!$form_state['user_pass_reset']) {
$protected_values['mail'] = $form['account']['mail']['#title'];
$protected_values['pass'] = t('Password');
$request_new = l(t('Reset password'), 'user/password', array('attributes' => array('title' => t('Reset password via one-time login link.'))));
$current_pass_description = t('Required if you want to change the %mail or %pass below. !request_new.', array('%mail' => $protected_values['mail'], '%pass' => $protected_values['pass'], '!request_new' => $request_new));
}
// The user must enter their current password to change to a new one.
if ($user->uid == $account->uid) {
$form['account']['current_pass_required_values'] = array(
'#type' => 'value',
'#value' => $protected_values,
);
$form['account']['current_pass'] = array(
'#type' => 'password',
'#title' => t('Current password'),
'#access' => !empty($protected_values),
'#description' => $current_pass_description,
'#weight' => -5,
'#password_toggle' => TRUE,
// Do not let web browsers remember this password, since we are
// trying to confirm that the person submitting the form actually
// knows the current one.
'#attributes' => array('autocomplete' => 'off'),
);
$form['#validate'][] = 'user_validate_current_pass';
}
}
else {
if (!$site_config->get('user_email_verification') && !$admin_users) {
// Someone registers a new account and may set a password directly.
$form['account']['pass'] = array(
'#type' => 'password',
'#title' => t('Password'),
'#password_toggle' => TRUE,
'#password_strength' => TRUE,
'#required' => TRUE,
);
}
if ($admin_users) {
// An admin creates an account.
$form['account']['notify'] = array(
'#type' => 'checkbox',
'#title' => t('Notify user of new account'),
'#default_value' => 1,
'#description' => t('The user will receive an email with a one-time login link which leads to a page where they can set their password.'),
);
$form['account']['pass'] = array(
'#type' => 'password',
'#title' => t('Password'),
'#password_toggle' => TRUE,
'#password_strength' => TRUE,
'#required' => FALSE,
'#element_validate' => array('user_pass_required_validate'),
'#states' => array(
'visible' => array(
':input[name="notify"]' => array('checked' => FALSE),
),
'required' => array(
':input[name="notify"]' => array('checked' => FALSE),
),
),
);
}
}
$description = !$register && $user->uid == $account->uid ? t('The current password must be entered to set a new password.') : '';
// If weak passwords are being rejected, append the list of password strength
// criteria to the help text of the password field.
if ($reject_weak) {
$description .= !empty($description) ? '<br /><br />' : '';
$description .= _user_password_policy_help();
}
$form['account']['pass']['#description'] = $description;
$form['additional_settings'] = array(
'#type' => 'vertical_tabs',
'#weight' => 99,
'#attached' => array(
'js' => array(backdrop_get_path('module', 'user') . '/js/user.admin.js'),
),
);
$form['account_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Account settings'),
'#weight' => 1,
'#access' => $admin_users || $admin_roles,
'#group' => 'additional_settings',
);
if ($admin_users) {
$status = isset($account->status) ? $account->status : 1;
}
else {
$status = $register ? $site_config->get('user_register') == USER_REGISTER_VISITORS : $account->status;
}
$form['account_settings']['status'] = array(
'#type' => 'radios',
'#title' => t('Status'),
'#default_value' => $status,
'#options' => array(t('Blocked'), t('Active')),
'#access' => $admin_users,
);
$roles = user_roles(TRUE, NULL, TRUE);
$form['account_settings']['roles'] = array(
'#type' => 'checkboxes',
'#title' => t('Roles'),
'#default_value' => (!$register && isset($account->roles) ? $account->roles : array()),
'#options' => array(),
'#access' => count($roles) && $admin_roles,
);
// Lock the authenticated role, which cannot be removed.
$form['account_settings']['roles'][BACKDROP_AUTHENTICATED_ROLE] = array(
'#disabled' => TRUE,
'#value' => 'authenticated',
);
// Add each role as a checkbox option with a description.
foreach ($roles as $role_name => $role) {
$form['account_settings']['roles']['#options'][$role_name] = $role->label;
if (strlen($role->description)) {
$form['account_settings']['roles'][$role_name]['#description'] = filter_xss_admin($role->description);
}
}
$form['personalization'] = array(
'#type' => 'fieldset',
'#title' => t('Personalization'),
'#weight' => 2,
'#access' => (!$register && ($site_config->get('user_signatures') || $site_config->get('user_pictures'))),
'#group' => 'additional_settings',
);
// Signature.
if ($site_config->get('user_signatures')) {
$form['personalization']['signature'] = array(
'#type' => 'text_format',
'#title' => t('Signature'),
'#default_value' => isset($account->signature) ? $account->signature : '',
'#description' => t('Your signature will be publicly displayed at the end of your comments.'),
'#format' => isset($account->signature_format) ? $account->signature_format : NULL,
);
}
// Picture/avatar.
if ($site_config->get('user_pictures')) {
$form['personalization']['picture'] = array(
'#type' => 'value',
'#value' => isset($account->picture) ? $account->picture : NULL,
);
$form['personalization']['picture_current'] = array(
'#markup' => theme('user_picture', array('account' => $account)),
);
$form['personalization']['picture_delete'] = array(
'#type' => 'checkbox',
'#title' => t('Delete picture'),
'#access' => !empty($account->picture->fid),
'#description' => t('Check this box to delete your current picture.'),
);
$form['personalization']['picture_upload'] = array(
'#type' => 'file',
'#title' => t('Upload picture'),
'#size' => 48,
'#description' => t('Your virtual face or picture. Pictures larger than @dimensions pixels will be scaled down.', array('@dimensions' => $site_config->get('user_picture_dimensions'))) . ' ' . filter_xss_admin($site_config->get('user_picture_guidelines')),
);
$form['#validate'][] = 'user_validate_picture';
}
$form['region_language'] = array(
'#type' => 'fieldset',
'#title' => t('Region and language'),
'#weight' => 6,
'#access' => (!$register && config_get('system.date', 'user_configurable_timezones')) || (module_exists('locale') && language_multilingual()),
'#group' => 'additional_settings',
);
// See system_user_timezone() and locale_language_selector_form() for the form
// items displayed here.
}