diff --git a/commerce_checkout_login.module b/commerce_checkout_login.module
index 825ccec..1bbe05a 100644
--- a/commerce_checkout_login.module
+++ b/commerce_checkout_login.module
@@ -29,13 +29,6 @@ function commerce_checkout_login_form_commerce_checkout_pane_settings_form_alter
'#default_value' => variable_get('commerce_checkout_login_username', FALSE),
);
- $settings_form['commerce_checkout_login_password'] = array(
- '#type' => 'checkbox',
- '#title' => t('Allow new customers choose their password'),
- '#description' => t('If checked, a new customer will have the option to choose a password if the system wide settings permit this.'),
- '#default_value' => variable_get('commerce_checkout_login_password', FALSE),
- );
-
$settings_form['commerce_checkout_login_send_welcome_message'] = array(
'#type' => 'checkbox',
'#title' => t('Send welcome e-mail after creating a new user.'),
@@ -107,35 +100,14 @@ function commerce_checkout_login_form_commerce_checkout_form_alter(&$form, &$for
$form['account']['login']['mail_confirm']['#access'] = FALSE;
}
}
- elseif (variable_get('commerce_checkout_login_username', FALSE) || variable_get('commerce_checkout_login_password', FALSE)) {
- if (variable_get('commerce_checkout_login_username', FALSE)) {
- $form['account']['login']['name'] = array(
- '#type' => 'textfield',
- '#title' => t('Username'),
- '#maxlength' => USERNAME_MAX_LENGTH,
- '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, apostrophes, and underscores.'),
- '#attributes' => array('class' => array('username')),
- );
- }
-
- // Find out if email verification is required.
- $mail_verify = variable_get('user_email_verification', TRUE);
- $mail_verify = !$mail_verify ? variable_get('logintoboggan_confirm_email_at_registration', 0) : $mail_verify;
-
- // If password selection is enabled and verification is not required add
- // the password field.
- if (variable_get('commerce_checkout_login_password', FALSE) && !$mail_verify) {
- $desc = t('Provide a password for the new account in both fields.');
- if ($min_pass = variable_get('logintoboggan_minimum_password_length', 0)) {
- $desc .= ' ' . t('Password must be at least %length characters.', array('%length' => $min_pass));
- }
-
- $form['account']['login']['pass'] = array(
- '#type' => 'password_confirm',
- '#size' => 25,
- '#description' => $desc,
- );
- }
+ elseif (variable_get('commerce_checkout_login_username', FALSE)) {
+ $form['account']['login']['name'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Username'),
+ '#maxlength' => USERNAME_MAX_LENGTH,
+ '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, apostrophes, and underscores.'),
+ '#attributes' => array('class' => array('username')),
+ );
}
}
}
@@ -210,7 +182,6 @@ function commerce_checkout_login_commerce_checkout_pane_validate(&$form, &$form_
}
}
- $username = substr($mail, 0, strpos($mail, '@'));
if (variable_get('commerce_checkout_login_username', FALSE)) {
$username = $form_state['values']['account']['login']['name'];
// Validate username.
@@ -225,44 +196,11 @@ function commerce_checkout_login_commerce_checkout_pane_validate(&$form, &$form_
}
}
else{
- // Make sure the automatic username does not already exist.
- $similar_names = db_select('users')
- ->fields('users', array('uid', 'name'))
- ->condition('name', db_like($username), 'LIKE')
- ->execute()
- ->fetchCol(1);
- if ($similar_names && in_array($username, $similar_names)) {
- for ($i = 1; $i < count($similar_names) + 2; $i++) {
- if (!in_array($username.$i, $similar_names)) {
- $username = $username.$i;
- break;
- }
- }
- }
- }
-
- if (variable_get('commerce_checkout_login_password', FALSE)) {
- // Validate password if logintoboggan is present.
- if (isset($form_state['values']['account']['login']['pass']) && module_exists('logintoboggan')) {
- if ($error = logintoboggan_validate_pass($form_state['values']['account']['login']['pass'])) {
- form_set_error('account][login][pass', $error);
- $validated = FALSE;
- }
- }
+ $username = commerce_order_get_properties($order, array(), 'mail_username');
}
if ($validated) {
- // Create new user.
- $edit = array(
- 'name' => $username,
- 'mail' => $mail,
- 'init' => $mail,
- 'pass' => isset($form_state['values']['account']['login']['pass']) ? $form_state['values']['account']['login']['pass'] : user_password(),
- 'status' => 1,
- 'timezone' => variable_get('user_default_timezone', variable_get('date_default_timezone', '')),
- );
-
- $account = user_save(NULL, $edit);
+ $account = commerce_checkout_create_account($username, $mail, user_password(), TRUE, TRUE);
// set the uid to enable automatic login on submit.
$form_state['commerce_checkout_login_uid'] = $account->uid;
@@ -348,16 +286,49 @@ function _validate_existing_account(&$form, &$form_state, &$account) {
return FALSE;
}
- // If the user authenticates based on the name of the loaded account and the
- // supplied password, retain the uid to login the user on final submission.
- if ($uid = user_authenticate($account->name, $form_state['values']['account']['login']['password'])) {
- $form_state['commerce_checkout_login_uid'] = $uid;
+ // user_login_authenticate_validate() does a flood controlled authentication
+ // of the credentials based on a form submission. We therefor simulate a
+ // form submission to make use of existing code.
+ $credentials['values'] = array(
+ 'pass' => $form_state['values']['account']['login']['password'],
+ 'name' => $account->name,
+ );
+ user_login_authenticate_validate(array(), $credentials);
+ // The uid is added to the credentials when validation is successful.
+ if (isset($credentials['uid']) && $credentials['uid']) {
+ if (isset($credentials['flood_control_user_identifier'])) {
+ // Clear past failures for this user so as not to block a user who might
+ // log in and out more than once in an hour.
+ flood_clear_event('failed_login_attempt_user', $credentials['flood_control_user_identifier']);
+ }
+ $form_state['commerce_checkout_login_uid'] = $credentials['uid'];
return TRUE;
}
else {
- // Indicate that the user could not be logged in if validation failed.
- form_set_error('account][login][password', t('Sorry, unrecognized username or password. !password', array('!password' => l('Have you forgotten your password?', 'user/password'))));
- return FALSE;
+ // Register events for flood control.
+ // Copied/adjusted from user_login_final_validate().
+
+ // Always register an IP-based failed login event.
+ flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));
+ // Register a per-user failed login event.
+ if (isset($credentials['flood_control_user_identifier'])) {
+ flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $credentials['flood_control_user_identifier']);
+ }
+
+ if (isset($credentials['flood_control_triggered'])) {
+ if ($credentials['flood_control_triggered'] == 'user') {
+ form_set_error('account][login][name', format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or request a new password.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.', array('@url' => url('user/password'))));
+ }
+ else {
+ // We did not find a uid, so the limit is IP-based.
+ form_set_error('account][login][name', t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or request a new password.', array('@url' => url('user/password'))));
+ }
+ }
+ else {
+ form_set_error('account][login][name', t('Sorry, unrecognized username or password. Have you forgotten your password?', array('@password' => url('user/password', array('query' => array('name' => $credentials['values']['name']))))));
+ watchdog('commerce_checkout_login', 'Login attempt failed for %user.', array('%user' => $credentials['values']['name']));
+ return FALSE;
+ }
}
}
}