function UserLoginForm::validateFinal
Same name in other branches
- 8.9.x core/modules/user/src/Form/UserLoginForm.php \Drupal\user\Form\UserLoginForm::validateFinal()
- 10 core/modules/user/src/Form/UserLoginForm.php \Drupal\user\Form\UserLoginForm::validateFinal()
- 11.x core/modules/user/src/Form/UserLoginForm.php \Drupal\user\Form\UserLoginForm::validateFinal()
Checks if user was not authenticated, or if too many logins were attempted.
This validation function should always be the last one.
File
-
core/
modules/ user/ src/ Form/ UserLoginForm.php, line 237
Class
- UserLoginForm
- Provides a user login form.
Namespace
Drupal\user\FormCode
public function validateFinal(array &$form, FormStateInterface $form_state) {
$flood_config = $this->config('user.flood');
if (!$form_state->get('uid')) {
// Always register an IP-based failed login event.
$this->userFloodControl
->register('user.failed_login_ip', $flood_config->get('ip_window'));
// Register a per-user failed login event.
if ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
$this->userFloodControl
->register('user.failed_login_user', $flood_config->get('user_window'), $flood_control_user_identifier);
}
if ($flood_control_triggered = $form_state->get('flood_control_triggered')) {
if ($flood_control_triggered == 'user') {
$message = $this->formatPlural($flood_config->get('user_limit'), 'There has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', 'There have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', [
':url' => Url::fromRoute('user.pass')->toString(),
]);
}
else {
// We did not find a uid, so the limit is IP-based.
$message = $this->t('Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', [
':url' => Url::fromRoute('user.pass')->toString(),
]);
}
$response = $this->bareHtmlPageRenderer
->renderBarePage([
'#markup' => $message,
], $this->t('Login failed'), 'maintenance_page');
$response->setStatusCode(403);
$form_state->setResponse($response);
}
else {
// Use $form_state->getUserInput() in the error message to guarantee
// that we send exactly what the user typed in. The value from
// $form_state->getValue() may have been modified by validation
// handlers that ran earlier than this one.
$user_input = $form_state->getUserInput();
$query = isset($user_input['name']) ? [
'name' => $user_input['name'],
] : [];
$form_state->setErrorByName('name', $this->t('Unrecognized username or password. <a href=":password">Forgot your password?</a>', [
':password' => Url::fromRoute('user.pass', [], [
'query' => $query,
])->toString(),
]));
$accounts = $this->userStorage
->loadByProperties([
'name' => $form_state->getValue('name'),
]);
if (!empty($accounts)) {
$this->logger('user')
->notice('Login attempt failed for %user.', [
'%user' => $form_state->getValue('name'),
]);
}
else {
// If the username entered is not a valid user,
// only store the IP address.
$this->logger('user')
->notice('Login attempt failed from %ip.', [
'%ip' => $this->getRequest()
->getClientIp(),
]);
}
}
}
elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
// Clear past failures for this user so as not to block a user who might
// log in and out more than once in an hour.
$this->userFloodControl
->clear('user.failed_login_user', $flood_control_user_identifier);
}
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.