diff -u b/core/modules/user/lib/Drupal/user/ProfileFormController.php b/core/modules/user/lib/Drupal/user/ProfileFormController.php
--- b/core/modules/user/lib/Drupal/user/ProfileFormController.php
+++ b/core/modules/user/lib/Drupal/user/ProfileFormController.php
@@ -55,7 +55,7 @@
 
     // Clear the flood table. Since we don't know the IP address for this user
     // we can't use flood_clear_event because we need to use the LIKE operator.
-    $identifier = $account->uid .'-%';
+    $identifier = $account->uid . '-%';
     db_delete('flood')
       ->condition('event', 'failed_login_attempt_user')
       ->condition('identifier', $identifier, 'LIKE')
diff -u b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
--- b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
@@ -132,30 +132,30 @@
    /**
     * Test that flood events are removed after password reset.
     */
-   function testResetPasswordFloodControl() {
-     // Set a high global limit out so that it is not relevant in the test.
-     variable_set('user_failed_login_ip_limit', 4000);
-     // Set the per-user login limit.
-     variable_set('user_failed_login_user_limit', 3);
+  function testResetPasswordFloodControl() {
+    // Set a high global limit out so that it is not relevant in the test.
+    variable_set('user_failed_login_ip_limit', 4000);
+    // Set the per-user login limit.
+    variable_set('user_failed_login_user_limit', 3);
 
-     $user1 = $this->drupalCreateUser();
-     $correct = $user1->pass_raw;
-     $user1->pass_raw .= 'incorrect';
+    $user1 = $this->drupalCreateUser();
+    $correct = $user1->pass_raw;
+    $user1->pass_raw .= 'incorrect';
 
-     // Try 3 failed logins.
-     for ($i = 0; $i < 3; $i++) {
-       $this->assertFailedLogin($user1);
-     }
+    // Try 3 failed logins.
+    for ($i = 0; $i < 3; $i++) {
+      $this->assertFailedLogin($user1);
+    }
 
-     // The next login trial should result in an user-based flood error message.
-     $this->assertFailedLogin($user1, 'user');
+    // The next login trial should result in an user-based flood error message.
+    $this->assertFailedLogin($user1, 'user');
 
-     // Request new password, logout and login.
-     $this->drupalPost(user_pass_reset_url($user1), array(), t('Log in'));
-     $this->drupalLogout();
-     $user1->pass_raw = $correct;
-     $this->drupalLogin($user1);
-   }
+    // Request new password, logout and login.
+    $this->drupalPost(user_pass_reset_url($user1), array(), t('Log in'));
+    $this->drupalLogout();
+    $user1->pass_raw = $correct;
+    $this->drupalLogin($user1);
+  }
 
   /**
    * Test that user password is re-hashed upon login after changing $count_log2.
diff -u b/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
--- b/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -143,7 +143,7 @@
           // Let the user's password be changed without the current password check.
           $token = drupal_hash_base64(drupal_random_bytes(55));
           $_SESSION['pass_reset_' . $user->uid] = $token;
-          //clear out flood event for user trying to log in too many times
+          // Clear out flood event for user trying to log in too many times.
           if (variable_get('user_failed_login_identifier_uid_only', FALSE)) {
             $identifier = $account->uid;
           }