| 1 user.pages.inc | user_pass_validate($form, &$form_state) |
Form validation handler for user_pass().
See also
File
- core/
modules/ user/ user.pages.inc, line 82 - User page callback file for the user module.
Code
function user_pass_validate($form, &$form_state) {
$config = config('user.flood');
// Do not allow any password reset from the current IP if the limit has been
// reached.
if (!flood_is_allowed('pass_reset_ip', $config->get('flood_ip_limit'), $config->get('flood_ip_window'))) {
form_set_error('name', t('Sorry, too many password reset attempts from your IP address. Try again later.'));
return;
}
// Always register a per-IP event.
flood_register_event('pass_reset_ip', $config->get('flood_ip_window'));
$name = trim($form_state['values']['name']);
// Try to load by email.
$users = user_load_multiple(array(), array('mail' => $name, 'status' => '1'));
$account = reset($users);
if (!$account) {
// No success, try to load by name.
$users = user_load_multiple(array(), array('name' => $name, 'status' => '1'));
$account = reset($users);
}
if (isset($account->uid)) {
// Register user flood events based on the uid only, so they can be cleared
// when a password is reset successfully.
$identifier = $account->uid;
// Don't allow password reset if the limit for this user has been reached.
// Default is to allow 5 passwords resets every 6 hours.
if (!flood_is_allowed('pass_reset_user', $config->get('flood_user_limit'), $config->get('flood_user_window'), $identifier)) {
form_set_error('name', t('Sorry, too many password reset attempts for this account. Try again later.'));
return;
}
// Register a per-user event.
flood_register_event('pass_reset_user', $config->get('flood_user_window'), $identifier);
form_set_value(array('#parents' => array('account')), $account, $form_state);
}
else {
form_set_error('name', t('Sorry, %name is not recognized as a user name or an email address.', array('%name' => $name)));
}
}