Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #1982606 by dstol: Added Routine user error can lead to plaintext passwords in the database.

8.0.x
Nathaniel Catchpole 2013-05-05 22:26:23 +01:00
parent 59244c71d0
commit 3d1da5ab8f
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/modules/user/user.module
View File

@ -1369,8 +1369,15 @@ function user_login_final_validate($form, &$form_state) {
} }
else { else {
form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password', array('query' => array('name' => $form_state['values']['name'])))))); form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password', array('query' => array('name' => $form_state['values']['name']))))));
if (user_load_by_name($form_state['values']['name'])) {
watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name'])); watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
} }
else {
// If the username entered is not a valid user,
// only store the IP address.
watchdog('user', 'Login attempt failed from %ip.', array('%ip' => Drupal::request()->getClientIp()));
}
}
} }
elseif (isset($form_state['flood_control_user_identifier'])) { elseif (isset($form_state['flood_control_user_identifier'])) {
// Clear past failures for this user so as not to block a user who might // Clear past failures for this user so as not to block a user who might