<?php

/**
 * @file
 * Main file for the Username Enumeration Prevention.
 *
 * Adds the required functionality for removing the reset password error
 * message. Also, if views is installed restricts the callback function to work
 * only for users with the access user profiles permission.
 */

/**
 * Implements hook_menu_alter().
 */
function username_enumeration_prevention_menu_alter(&$items) {
  $items['user/%user']['delivery callback'] = 'username_enumeration_prevention_delivery_wrapper';
}

/**
 * Converts 403 Access Denied responses to 404 Not Found on user profiles.
 */
function username_enumeration_prevention_delivery_wrapper($page_callback_result) {
  if ($page_callback_result == MENU_ACCESS_DENIED) {
    $page_callback_result = MENU_NOT_FOUND;
  }
  drupal_deliver_html_page($page_callback_result);
}

/**
 * Implements hook_form_FORM_ID_alter().
 *
 * Checks for the user password reset form and changes the validate and submit
 * functions. Uses the overrided functions defined in this module instead of
 * Drupal cores.
 */
function username_enumeration_prevention_form_user_pass_alter(&$form, &$form_state, $form_id) {
  // Override core validate and submit actions.
  $key_validate = array_search('user_pass_validate', $form['#validate']);
  if ($key_validate !== FALSE) {
    $form['#validate'][$key_validate] = 'username_enumeration_prevention_pass_validate';
  }
  $key_submit = array_search('user_pass_submit', $form['#submit']);
  if ($key_submit !== FALSE) {
    $form['#submit'][$key_submit] = 'username_enumeration_prevention_pass_submit';
  }
}

/**
 * Overrides user_pass_validate() found in user.pages.inc.
 */
function username_enumeration_prevention_pass_validate($form, &$form_state) {
  $name = trim($form_state['values']['name']);
  // Try to load by email.
  $users = user_load_multiple(array(), array('mail' => $name, 'status' => '1'));
  $account = reset($users);
  if (!$account) {
    // No success, try to load by name.
    $users = user_load_multiple(array(), array('name' => $name, 'status' => '1'));
    $account = reset($users);
  }

  if (isset($account->uid)) {
    form_set_value(array('#parents' => array('account')), $account, $form_state);
  }
}

/**
 * Overrides the user_pass_submit() found in user.pages.inc.
 */
function username_enumeration_prevention_pass_submit($form, &$form_state) {
  if (isset($form_state['values']['account'])) {
    global $language;
    $account = $form_state['values']['account'];

    // Mail one time login URL and instructions using current language.
    _user_mail_notify('password_reset', $account, $language);
    watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
  }
  // Set the same message as when an email has been sent whenever the form is
  // submitted. Moved from validation callback to prevent message to be
  // displayed in case there is another form error for other modules like
  // captcha.
  drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
  $form_state['redirect'] = 'user';
}