diff --git a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php index b7412a9..93236f1 100644 --- a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php +++ b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php @@ -12,6 +12,7 @@ use Drupal\Core\Database\Connection; use Drupal\Core\Flood\FloodInterface; use Drupal\Core\Form\FormInterface; +use Drupal\user\UserStorageControllerInterface; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\HttpFoundation\Request; @@ -42,11 +43,11 @@ class UserLoginForm implements FormInterface, ControllerInterface { protected $flood; /** - * The database connection. + * The user storage controller. * - * @var \Drupal\Core\Database\Connection + * @var \Drupal\user\UserStorageControllerInterface */ - protected $connection; + protected $storageController; /** * Constructs a new UserLoginForm. @@ -55,13 +56,13 @@ class UserLoginForm implements FormInterface, ControllerInterface { * The config factory. * @param \Drupal\Core\Flood\FloodInterface $flood * The flood service. - * @param \Drupal\Core\Database\Connection $connection - * The database connection. + * @param \Drupal\user\UserStorageControllerInterface $storage_controller + * The user storage controller. */ - public function __construct(ConfigFactory $config_factory, FloodInterface $flood, Connection $connection) { + public function __construct(ConfigFactory $config_factory, FloodInterface $flood, UserStorageControllerInterface $storage_controller) { $this->configFactory = $config_factory; $this->flood = $flood; - $this->connection = $connection; + $this->storageController = $storage_controller; } /** @@ -71,7 +72,7 @@ public static function create(ContainerInterface $container) { return new static( $container->get('config.factory'), $container->get('flood'), - $container->get('connection') + $container->get('plugin.manager.entity')->getStorageController('user') ); } @@ -131,8 +132,9 @@ public function validateForm(array &$form, array &$form_state) { * {@inheritdoc} */ public function submitForm(array &$form, array &$form_state) { - $account = user_load($form_state['uid']); - $form_state['redirect'] = 'user/' . $account->uid; + $accounts = $this->storageController->load(array($form_state['uid'])); + $account = reset($accounts)->getBCEntity(); + $form_state['redirect'] = 'user/' . $account->id(); user_login_finalize($account); } @@ -165,18 +167,19 @@ public function validateAuthentication(array &$form, array &$form_state) { $form_state['flood_control_triggered'] = 'ip'; return; } - $account = $this->connection->query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_state['values']['name']))->fetchObject(); + $accounts = $this->storageController->loadByProperties(array('name' => $form_state['values']['name'], 'status' => 1)); + $account = reset($accounts); if ($account) { if ($flood_config->get('uid_only')) { // Register flood events based on the uid only, so they apply for any // IP address. This is the most secure option. - $identifier = $account->uid; + $identifier = $account->id(); } else { // The default identifier is a combination of uid and IP address. This // is less secure but more resistant to denial-of-service attacks that // could lock out all users with public user names. - $identifier = $account->uid . '-' . $this->request->getClientIP(); + $identifier = $account->id() . '-' . $this->request->getClientIP(); } $form_state['flood_control_user_identifier'] = $identifier; @@ -219,7 +222,8 @@ public function validateFinal(array &$form, array &$form_state) { } else { form_set_error('name', t('Sorry, unrecognized username or password. Have you forgotten your password?', array('@password' => url('user/password', array('query' => array('name' => $form_state['values']['name'])))))); - if (user_load_by_name($form_state['values']['name'])) { + $accounts = $this->storageController->loadByProperties(array('name' => $form_state['values']['name'])); + if (!empty($accounts)) { watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name'])); } else {