modules/user_disable/user_disable.module

<?php
// $Id
/**
 * Implementation of hook_menu()
 */
function user_disable_form_alter($form_id, &$form) {
  if ($form_id == 'user_login_block' || $form_id == 'user_login') {
    $form['#validate'] = array('user_disable_login_validate' => array());
  }
}

/**
 * Custom login verification. Disables standart user verification.
 */
function user_disable_login_validate($form_id, $form_values) {
  global $user;
  if ($form_values['name']) {
    $attempts = variable_get('attempts', array()); // array with all users and their login attempts data
    $attempts_allowed_count = variable_get('attempts_allowed_count', 5);
    $attempts_block_time = variable_get('attempts_block_time', 60); // User blocking time in minutes
    $attempts_block_time_sec = $attempts_block_time * 60; // User blocking time in seconds
    $name = $form_values['name'];
    if (user_is_blocked($form_values['name'])) {
      // blocked in user administration
      form_set_error('name', t('The username %name has not been activated or is blocked.', array('%name' => $form_values['name'])));
    }
    else if (drupal_is_denied('user', $form_values['name'])) {
      // denied by access controls
      form_set_error('name', t('The name %name is a reserved username.', array('%name' => $form_values['name'])));
    }
    else if ($form_values['pass']) {
      $user = user_authenticate($form_values['name'], trim($form_values['pass']));
      if (!$user->uid) {
        form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
        $account = user_load(array('name' => $name));
        // Check if user with such name exists in database.
        if (!$account) {
          return;
        }
        $attempts[$name]['attempts']++;
        watchdog('user', t('Login attempt failed for %user.', array('%user' => $form_values['name'])));
        // If user login count > then allowed access count then block this user from login and send e-mail to account owner.
        if ($attempts[$name]['attempts'] >= $attempts_allowed_count) {
          $attempts[$name]['blocked'] = time();
          $mail_text = t(variable_get('attempts_mail_text', t("There have been %attempts_count failed attempts to access your user account on %site. As a result your account has been suspended for the next %attempts_block_time minutes. If you have forgotten your password please visit %url.\n\n.\n\nSincerely, %site team")), array('%attempts_count' => $attempts_allowed_count, '%attempts_block_time' => $attempts_block_time, '%url' => url('user/password', NULL, NULL, TRUE), '%site' => url(NULL, NULL, NULL, TRUE)));
          drupal_mail('account_suspended', $u->mail, variable_get('attempts_mail_subject', t('Your account has been suspended')), $mail_text);
          form_set_error('pass', t('This account has been suspended after wrong %count login attempts! User is blocked for %time minutes', array('%count' => $attempts[$name]['attempts'], '%time' => $attempts_block_time)));
          variable_set('attempts', $attempts);
          return FALSE;
        }
        form_set_error('pass', t('There are %count of login attempts remained.', array('%count' => $attempts_allowed_count - $attempts[$name]['attempts'])));
      }
      else { // User enters his password right
        // Check to see if blocking time has gone
        if ((time() - $attempts[$name]['blocked']) > $attempts_block_time_sec) {
          unset($attempts[$name]);
        }
        else { // Block user again
          form_set_error('pass', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
          form_set_error('name', t('This account has been suspended after wrong %count login attempts! User is blocked for %time minutes', array('%count' => $attempts[$name]['attempts'] + 1, '%time' => $attempts_block_time)));
          $user = drupal_anonymous_user();
          $attempts[$name]['attempts']++;
          $attempts[$name]['blocked'] = time();
          variable_set('attempts', $attempts);
          return FALSE;
        }
      }
    }
  }
  variable_set('attempts', $attempts);
}

/**
 * Implementation of hook_menu()
 */
function user_disable_menu($may_cache) {
  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/settings/user_disable',
      'title' => t('User disable settings'),
      'description' => t('User disable module configuration. Blocks user after configured count of wrong login tries on configured time.'),
      'callback' => 'drupal_get_form',
      'callback arguments' => array('user_disable_admin_settings'),
      'access' => user_access('administer site configuration')
    );
  }
  return $items;
}

/**
 * Menu callback for admin settings form
 */
function user_disable_admin_settings () {
  $form = array();
  $attempts_count = variable_get('attempts_count', 10);
  $attempts_block_time = variable_get('attempts_block_time', 60);
  $attempts_block_time = $attempts_block_time * 60;

  $form['attempts_allowed_count'] = array(
    '#type' => 'textfield',
    '#title' => t('Login allowed attempts count'),
    '#description' => t('Number of login attempts before user blocking'),
    '#maxlength' => 3,
    '#default_value' => variable_get('attempts_allowed_count', 5)
  );
  $form['attempts_block_time'] = array(
    '#type' => 'textfield',
    '#title' => t('User blocking time'),
    '#description' => t('User blocking time (in minutes)'),
    '#maxlength' => 4,
    '#default_value' => variable_get('attempts_block_time', 60)
  );
  $form['attempts_mail_subject'] = array(
    '#type' => 'textfield',
    '#title' => t('E-mail subject'),
    '#default_value' => variable_get('attempts_mail_subject', t('Your account has been suspended.'))
  );
  $form['attempts_mail_text'] = array(
    '#type' => 'textarea',
    '#title' => t('E-mail text'),
    '#description' => t('Available variables are: %attempts_count - number of allowed attempts, %attempts_block_time - time when user will be unblocked, %url - recover password url, %site - site url'),
    '#rows' => 10,
    '#default_value' => variable_get('attempts_mail_text',  t('There have been %attempts_count failed attempts to access your user account on %site. As a result your account has been suspended for the next %attempts_block_time minutes. If you have forgotten your password please visit %url.\n\nSincerely, The %site Team'))
   );

  return system_settings_form($form);
}

/**
 * Validate function for admin settings form
 */
function user_disable_admin_settings_validate($form_id, $form_values) {
  if (!is_numeric($form_values['attempts_count']))
    form_set_error('attempts_count', t('Attempts count should be numeric!'));
  if (!is_numeric($form_values['attempts_block_time']))
    form_set_error('attempts_count', t('Attempts block time should be numeric!'));
}


/**
 * Implementation of hook_user_operations()
 */
function user_disable_user_operations() {
  $operations = array(
    'enable' => array(
      'label' => t('Enable logging in for the selected users'),
      'callback' => 'user_disable_user_operations_enable',
    )
  );
  return $operations;
}

/**
 * 'Enable' hook_user_operations callback
 */
function user_disable_user_operations_enable($accounts) {
  $attempts = variable_get('attempts', array());
  foreach ($accounts as $uid) {
    $account = user_load(array('uid' => (int)$uid));
    unset($attempts[$account->name]);
  }
  $attempts = variable_set('attempts', $attempts);
}
1	<?php
2	// $Id
3	/**
4	* Implementation of hook_menu()
5	*/
6	function user_disable_form_alter($form_id, &$form) {
7	if ($form_id == 'user_login_block' \|\| $form_id == 'user_login') {
8	$form['#validate'] = array('user_disable_login_validate' => array());
9	}
10	}
11
12	/**
13	* Custom login verification. Disables standart user verification.
14	*/
15	function user_disable_login_validate($form_id, $form_values) {
16	global $user;
17	if ($form_values['name']) {
18	$attempts = variable_get('attempts', array()); // array with all users and their login attempts data
19	$attempts_allowed_count = variable_get('attempts_allowed_count', 5);
20	$attempts_block_time = variable_get('attempts_block_time', 60); // User blocking time in minutes
21	$attempts_block_time_sec = $attempts_block_time * 60; // User blocking time in seconds
22	$name = $form_values['name'];
23	if (user_is_blocked($form_values['name'])) {
24	// blocked in user administration
25	form_set_error('name', t('The username %name has not been activated or is blocked.', array('%name' => $form_values['name'])));
26	}
27	else if (drupal_is_denied('user', $form_values['name'])) {
28	// denied by access controls
29	form_set_error('name', t('The name %name is a reserved username.', array('%name' => $form_values['name'])));
30	}
31	else if ($form_values['pass']) {
32	$user = user_authenticate($form_values['name'], trim($form_values['pass']));
33	if (!$user->uid) {
34	form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
35	$account = user_load(array('name' => $name));
36	// Check if user with such name exists in database.
37	if (!$account) {
38	return;
39	}
40	$attempts[$name]['attempts']++;
41	watchdog('user', t('Login attempt failed for %user.', array('%user' => $form_values['name'])));
42	// If user login count > then allowed access count then block this user from login and send e-mail to account owner.
43	if ($attempts[$name]['attempts'] >= $attempts_allowed_count) {
44	$attempts[$name]['blocked'] = time();
45	$mail_text = t(variable_get('attempts_mail_text', t("There have been %attempts_count failed attempts to access your user account on %site. As a result your account has been suspended for the next %attempts_block_time minutes. If you have forgotten your password please visit %url.\n\n.\n\nSincerely, %site team")), array('%attempts_count' => $attempts_allowed_count, '%attempts_block_time' => $attempts_block_time, '%url' => url('user/password', NULL, NULL, TRUE), '%site' => url(NULL, NULL, NULL, TRUE)));
46	drupal_mail('account_suspended', $u->mail, variable_get('attempts_mail_subject', t('Your account has been suspended')), $mail_text);
47	form_set_error('pass', t('This account has been suspended after wrong %count login attempts! User is blocked for %time minutes', array('%count' => $attempts[$name]['attempts'], '%time' => $attempts_block_time)));
48	variable_set('attempts', $attempts);
49	return FALSE;
50	}
51	form_set_error('pass', t('There are %count of login attempts remained.', array('%count' => $attempts_allowed_count - $attempts[$name]['attempts'])));
52	}
53	else { // User enters his password right
54	// Check to see if blocking time has gone
55	if ((time() - $attempts[$name]['blocked']) > $attempts_block_time_sec) {
56	unset($attempts[$name]);
57	}
58	else { // Block user again
59	form_set_error('pass', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
60	form_set_error('name', t('This account has been suspended after wrong %count login attempts! User is blocked for %time minutes', array('%count' => $attempts[$name]['attempts'] + 1, '%time' => $attempts_block_time)));
61	$user = drupal_anonymous_user();
62	$attempts[$name]['attempts']++;
63	$attempts[$name]['blocked'] = time();
64	variable_set('attempts', $attempts);
65	return FALSE;
66	}
67	}
68	}
69	}
70	variable_set('attempts', $attempts);
71	}
72
73	/**
74	* Implementation of hook_menu()
75	*/
76	function user_disable_menu($may_cache) {
77	if ($may_cache) {
78	$items[] = array(
79	'path' => 'admin/settings/user_disable',
80	'title' => t('User disable settings'),
81	'description' => t('User disable module configuration. Blocks user after configured count of wrong login tries on configured time.'),
82	'callback' => 'drupal_get_form',
83	'callback arguments' => array('user_disable_admin_settings'),
84	'access' => user_access('administer site configuration')
85	);
86	}
87	return $items;
88	}
89
90	/**
91	* Menu callback for admin settings form
92	*/
93	function user_disable_admin_settings () {
94	$form = array();
95	$attempts_count = variable_get('attempts_count', 10);
96	$attempts_block_time = variable_get('attempts_block_time', 60);
97	$attempts_block_time = $attempts_block_time * 60;
98
99	$form['attempts_allowed_count'] = array(
100	'#type' => 'textfield',
101	'#title' => t('Login allowed attempts count'),
102	'#description' => t('Number of login attempts before user blocking'),
103	'#maxlength' => 3,
104	'#default_value' => variable_get('attempts_allowed_count', 5)
105	);
106	$form['attempts_block_time'] = array(
107	'#type' => 'textfield',
108	'#title' => t('User blocking time'),
109	'#description' => t('User blocking time (in minutes)'),
110	'#maxlength' => 4,
111	'#default_value' => variable_get('attempts_block_time', 60)
112	);
113	$form['attempts_mail_subject'] = array(
114	'#type' => 'textfield',
115	'#title' => t('E-mail subject'),
116	'#default_value' => variable_get('attempts_mail_subject', t('Your account has been suspended.'))
117	);
118	$form['attempts_mail_text'] = array(
119	'#type' => 'textarea',
120	'#title' => t('E-mail text'),
121	'#description' => t('Available variables are: %attempts_count - number of allowed attempts, %attempts_block_time - time when user will be unblocked, %url - recover password url, %site - site url'),
122	'#rows' => 10,
123	'#default_value' => variable_get('attempts_mail_text', t('There have been %attempts_count failed attempts to access your user account on %site. As a result your account has been suspended for the next %attempts_block_time minutes. If you have forgotten your password please visit %url.\n\nSincerely, The %site Team'))
124	);
125
126	return system_settings_form($form);
127	}
128
129	/**
130	* Validate function for admin settings form
131	*/
132	function user_disable_admin_settings_validate($form_id, $form_values) {
133	if (!is_numeric($form_values['attempts_count']))
134	form_set_error('attempts_count', t('Attempts count should be numeric!'));
135	if (!is_numeric($form_values['attempts_block_time']))
136	form_set_error('attempts_count', t('Attempts block time should be numeric!'));
137	}
138
139
140	/**
141	* Implementation of hook_user_operations()
142	*/
143	function user_disable_user_operations() {
144	$operations = array(
145	'enable' => array(
146	'label' => t('Enable logging in for the selected users'),
147	'callback' => 'user_disable_user_operations_enable',
148	)
149	);
150	return $operations;
151	}
152
153	/**
154	* 'Enable' hook_user_operations callback
155	*/
156	function user_disable_user_operations_enable($accounts) {
157	$attempts = variable_get('attempts', array());
158	foreach ($accounts as $uid) {
159	$account = user_load(array('uid' => (int)$uid));
160	unset($attempts[$account->name]);
161	}
162	$attempts = variable_set('attempts', $attempts);
163	}