4 * Implementation of hook_menu().
6 function noreqnewpass_menu () {
9 $items['admin/people/noreqnewpass'] = array(
10 'title' => t('No Request New Password'),
11 'description' => t('Manage password preferences'),
12 'access arguments' => array('administer noreqnewpass'),
13 'page callback' => 'drupal_get_form',
14 'page arguments' => array('noreqnewpass_admin_form'),
15 'type' => MENU_LOCAL_TASK,
22 * Implementation of hook_menu_alter().
24 function noreqnewpass_menu_alter(&$items) {
25 $items['user/password']['access callback'] = 'noreqnewpass_access_check';
28 function noreqnewpass_access_check() {
29 if (variable_get('noreqnewpass_disabled', TRUE)) {
36 * Implementation of hook_permission().
38 function noreqnewpass_permission() {
40 'administer noreqnewpass' => array(
41 'title' => t('Administer No Request New Password'),
42 'description' => t('Administer No Request New Password module'),
44 'can change your own password' => array(
45 'title' => t('Can change your own password'),
46 'description' => t('Disable this module for a certain role.')
53 * Implementation of hook_form_alter().
55 function noreqnewpass_form_alter(&$form, $form_state, $form_id) {
56 if ($form_id == 'user_login_block' && variable_get('noreqnewpass_disabled', true)) {
58 if (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL)) {
59 $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.'))));
62 $form['links'] = array('#markup' => theme('item_list', array('items' => $items)));
65 if (($form_id == 'user_login_block' || $form_id == 'user_login') && variable_get('noreqnewpass_disabled', true) && (!module_exists('cas'))) {
66 $key = array_search('user_login_final_validate', $form['#validate']);
67 $form['#validate'][$key] = 'noreqnewpass_user_login_final_validate';
70 // Remove pass field from user edit form if he cant change
71 if ($form_id == 'user_profile_form' && !user_access("can change your own password")) {
72 unset($form['account']['pass']);
77 * FAPI definitions for administration form
81 function noreqnewpass_admin_form() {
84 $form['noreqnewpass_disabled'] = array(
85 '#title' => t('Disable Request new password link'),
86 '#type' => 'checkbox',
87 '#default_value' => variable_get('noreqnewpass_disabled', true),
88 '#description' => t('If checked, Request new password link will be disabled.')
91 return system_settings_form($form);
96 * Just for remove request password url at error messages.
98 function noreqnewpass_user_login_final_validate($form_id, &$form_state) {
99 if (empty($form_state['uid'])) {
100 // Always register an IP-based failed login event.
101 flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));
102 // Register a per-user failed login event.
103 if (isset($form_state['flood_control_user_identifier'])) {
104 flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $form_state['flood_control_user_identifier']);
107 if (isset($form_state['flood_control_triggered'])) {
108 if ($form_state['flood_control_triggered'] == 'user') {
109 form_set_error('name', format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later.'));
112 // We did not find a uid, so the limit is IP-based.
113 form_set_error('name', t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later.'));
117 form_set_error('name', t('Sorry, unrecognized username or password.'));
118 watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
121 elseif (isset($form_state['flood_control_user_identifier'])) {
122 // Clear past failures for this user so as not to block a user who might
123 // log in and out more than once in an hour.
124 flood_clear_event('failed_login_attempt_user', $form_state['flood_control_user_identifier']);