function UserPasswordForm::validateForm

Same name and namespace in other branches
  1. 9 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  2. 10 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  3. 11.x core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()

Overrides FormBase::validateForm

File

core/modules/user/src/Form/UserPasswordForm.php, line 137

Class

UserPasswordForm
Provides a user password reset form.

Namespace

Drupal\user\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
  $flood_config = $this->configFactory
    ->get('user.flood');
  if (!$this->flood
    ->isAllowed('user.password_request_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) {
    $form_state->setErrorByName('name', $this->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
    return;
  }
  $this->flood
    ->register('user.password_request_ip', $flood_config->get('ip_window'));
  $name = trim($form_state->getValue('name'));
  // Try to load by email.
  $users = $this->userStorage
    ->loadByProperties([
    'mail' => $name,
  ]);
  if (empty($users)) {
    // No success, try to load by name.
    $users = $this->userStorage
      ->loadByProperties([
      'name' => $name,
    ]);
  }
  $account = reset($users);
  if ($account && $account->id()) {
    // Blocked accounts cannot request a new password.
    if (!$account->isActive()) {
      $form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', [
        '%name' => $name,
      ]));
    }
    else {
      // Register flood events based on the uid only, so they apply for any
      // IP address. This allows them to be cleared on successful reset (from
      // any IP).
      $identifier = $account->id();
      if (!$this->flood
        ->isAllowed('user.password_request_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
        $form_state->setErrorByName('name', $this->t('Too many password recovery requests for this account. It is temporarily blocked. Try again later or contact the site administrator.'));
        return;
      }
      $this->flood
        ->register('user.password_request_user', $flood_config->get('user_window'), $identifier);
      $form_state->setValueForElement([
        '#parents' => [
          'account',
        ],
      ], $account);
    }
  }
  else {
    $form_state->setErrorByName('name', $this->t('%name is not recognized as a username or an email address.', [
      '%name' => $name,
    ]));
  }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.