1 user.module user_password_policy_validate($form, &$form_state)

Validation callback for password constraints.

See also

user_account_form()

user_pass_reset_form()

File

core/modules/user/user.module, line 1146
Enables the user registration and login system.

Code

function user_password_policy_validate($form, &$form_state) {
  $strength = 0;
  if (!array_key_exists('pass', $form_state['values'])) {
    // If mail verification is required, user registration forms don't have a
    // password field.
    return;
  }
  $password = trim($form_state['values']['pass']);

  if ($form['#form_id'] == 'user_profile_form' && strlen($password) == 0) {
    // On profile form and no new password has been set.
    return;
  }
  $config = config('system.core');
  $messages = array();
  if ($form['#form_id'] == 'user_pass_reset_form') {
    $account = $form['#account'];
    $username = $account->name;
    $email = $account->mail;
  }
  else {
    $username = $form_state['values']['name'];
    $email = $form_state['values']['mail'];
  }
  module_load_include('password.inc', 'user', 'user');
  // @todo add a hook so modules can override the strength.
  $strength = _user_password_evaluate_strength($password, $username, $email);

  if ($strength < $config->get('user_password_strength_threshold')) {
    form_set_error('complex_pass', t('The password is too weak. Please consider making your password longer or more complex: that it contains a number of lower- and uppercase letters, digits and punctuation.'));
  }

  if (backdrop_strtolower($password) == backdrop_strtolower($username)) {
    form_set_error('username_pass', t('The password cannot be the same as the username.'));
  }
  if (backdrop_strtolower($password) == backdrop_strtolower($email)) {
    form_set_error('email_pass', t('The password cannot be the same as the email.'));
  }
}