| 1 user.module | user_password_policy_validate($form, &$form_state) |
Validation callback for password constraints.
See also
File
- core/
modules/ user/ user.module, line 1145 - Enables the user registration and login system.
Code
function user_password_policy_validate($form, &$form_state) {
$strength = 0;
if (!array_key_exists('pass', $form_state['values'])) {
// If mail verification is required, user registration forms don't have a
// password field.
return;
}
$password = trim($form_state['values']['pass']);
if ($form['#form_id'] == 'user_profile_form' && strlen($password) == 0) {
// On profile form and no new password has been set.
return;
}
$config = config('system.core');
$messages = array();
if ($form['#form_id'] == 'user_pass_reset_form') {
$account = $form['#account'];
$username = $account->name;
$email = $account->mail;
}
else {
$username = $form_state['values']['name'];
$email = $form_state['values']['mail'];
}
module_load_include('password.inc', 'user', 'user');
// @todo add a hook so modules can override the strength.
$strength = _user_password_evaluate_strength($password, $username, $email);
if ($strength < $config->get('user_password_strength_threshold')) {
form_set_error('complex_pass', t('The password is too weak. Please consider making your password longer or more complex: that it contains a number of lower- and uppercase letters, digits and punctuation.'));
}
if (backdrop_strtolower($password) == backdrop_strtolower($username)) {
form_set_error('username_pass', t('The password cannot be the same as the username.'));
}
if (backdrop_strtolower($password) == backdrop_strtolower($email)) {
form_set_error('email_pass', t('The password cannot be the same as the email.'));
}
}