Loading config/install/recovery_pass.settings.yml +1 −1 Original line number Diff line number Diff line Loading @@ -3,4 +3,4 @@ fpass_redirect: user expiry_period: 1 email_subject: "Replacement login information for [user:name] at [site:name]" email_body: "[user:name], \n\nA request to reset the password for your account has been made at [site:name]. \nYour new password is [user_new_password].\n\n- [site:name] team" old_pass_warning: "You are using <strong>old password</strong>, your password was reset recently. New Password was sent to your registered email id." No newline at end of file old_pass_warning: "You are using old password, your password was reset recently. New Password was sent to your registered email id." recovery_pass.module +71 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ use Drupal\Core\Routing\RouteMatchInterface; use Drupal\Core\Form\FormState; use Drupal\user\Entity\User; use Drupal\Core\Url; use Drupal\Core\Form\FormStateInterface; /** * Implements hook_help(). Loading Loading @@ -145,3 +146,72 @@ function _recovery_pass_store_old_pass($user) { } return FALSE; } /** * Implements hook_form_alter(). */ function recovery_pass_form_alter(&$form, FormStateInterface $form_state, $form_id) { $config = \Drupal::config('recovery_pass.settings')->get('old_pass_show'); if ($config) { switch ($form_id) { case 'user_login_form': // Extending default drupal login validators. $insert = '_recovery_pass_user_login_validate'; $form['#validate'] = _recovery_pass_insert_array($form['#validate'], 1, $insert); break; } } } /** * To insert our validator at index 1 between the default validators. */ function _recovery_pass_insert_array($array, $index, $val) { // Because this will be used one more time. $size = count($array); if (!is_int($index) || $index < 0 || $index > $size) { return -1; } else { $temp = array_slice($array, 0, $index); $temp[] = $val; return array_merge($temp, array_slice($array, $index, $size)); } } /** * Custom Submit handler for user login form. * * Incase user tries to login using old pass then error msg is shown that pass * has been reset, till user tries any other pass. */ function _recovery_pass_user_login_validate($form, FormStateInterface $form_state) { $input_password = trim($form_state->getValue('pass')); if (!empty($form_state->getValue('name')) && !empty($input_password)) { $account = user_load_by_name($form_state->getValue('name')); if ($account) { // Check uid exists in recovery_pass table. $result = \Drupal::database()->select('recovery_pass', 'r') ->fields('r', array('uid', 'old_pass')) ->condition('uid', (int) $account->get('uid')->value) ->execute() ->fetchAssoc(); if ($result) { // If uid exists in table. $passchecker = new \Drupal\Core\Password\PhpassHashedPassword(16); if ($passchecker->check($input_password, $result['old_pass'])) { drupal_set_message(\Drupal::config('recovery_pass.settings')->get('old_pass_warning'), 'warning', FALSE); } else { // Irrespective of the input password delete the entry. $entry_deleted = \Drupal::database()->delete('recovery_pass') ->condition('uid', $result['uid']) ->execute(); if (!$entry_deleted) { \Drupal::logger('recovery_pass')->notice('Error deleting entry from recovery_table for user @id', array('@id' => $user->uid)); } } } } } } Loading
config/install/recovery_pass.settings.yml +1 −1 Original line number Diff line number Diff line Loading @@ -3,4 +3,4 @@ fpass_redirect: user expiry_period: 1 email_subject: "Replacement login information for [user:name] at [site:name]" email_body: "[user:name], \n\nA request to reset the password for your account has been made at [site:name]. \nYour new password is [user_new_password].\n\n- [site:name] team" old_pass_warning: "You are using <strong>old password</strong>, your password was reset recently. New Password was sent to your registered email id." No newline at end of file old_pass_warning: "You are using old password, your password was reset recently. New Password was sent to your registered email id."
recovery_pass.module +71 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ use Drupal\Core\Routing\RouteMatchInterface; use Drupal\Core\Form\FormState; use Drupal\user\Entity\User; use Drupal\Core\Url; use Drupal\Core\Form\FormStateInterface; /** * Implements hook_help(). Loading Loading @@ -145,3 +146,72 @@ function _recovery_pass_store_old_pass($user) { } return FALSE; } /** * Implements hook_form_alter(). */ function recovery_pass_form_alter(&$form, FormStateInterface $form_state, $form_id) { $config = \Drupal::config('recovery_pass.settings')->get('old_pass_show'); if ($config) { switch ($form_id) { case 'user_login_form': // Extending default drupal login validators. $insert = '_recovery_pass_user_login_validate'; $form['#validate'] = _recovery_pass_insert_array($form['#validate'], 1, $insert); break; } } } /** * To insert our validator at index 1 between the default validators. */ function _recovery_pass_insert_array($array, $index, $val) { // Because this will be used one more time. $size = count($array); if (!is_int($index) || $index < 0 || $index > $size) { return -1; } else { $temp = array_slice($array, 0, $index); $temp[] = $val; return array_merge($temp, array_slice($array, $index, $size)); } } /** * Custom Submit handler for user login form. * * Incase user tries to login using old pass then error msg is shown that pass * has been reset, till user tries any other pass. */ function _recovery_pass_user_login_validate($form, FormStateInterface $form_state) { $input_password = trim($form_state->getValue('pass')); if (!empty($form_state->getValue('name')) && !empty($input_password)) { $account = user_load_by_name($form_state->getValue('name')); if ($account) { // Check uid exists in recovery_pass table. $result = \Drupal::database()->select('recovery_pass', 'r') ->fields('r', array('uid', 'old_pass')) ->condition('uid', (int) $account->get('uid')->value) ->execute() ->fetchAssoc(); if ($result) { // If uid exists in table. $passchecker = new \Drupal\Core\Password\PhpassHashedPassword(16); if ($passchecker->check($input_password, $result['old_pass'])) { drupal_set_message(\Drupal::config('recovery_pass.settings')->get('old_pass_warning'), 'warning', FALSE); } else { // Irrespective of the input password delete the entry. $entry_deleted = \Drupal::database()->delete('recovery_pass') ->condition('uid', $result['uid']) ->execute(); if (!$entry_deleted) { \Drupal::logger('recovery_pass')->notice('Error deleting entry from recovery_table for user @id', array('@id' => $user->uid)); } } } } } }
