Skip to content

Commit

Permalink
fix: check for at least 8 characters for a password
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Oct 21, 2022
1 parent 3e5c473 commit d7a87d2
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 16 deletions.
29 changes: 18 additions & 11 deletions phpmyfaq/admin/pwd.change.php
View file
Expand Up @@ -53,22 +53,29 @@
$newPassword = Filter::filterInput(INPUT_POST, 'npass', FILTER_UNSAFE_RAW);
$retypedPassword = Filter::filterInput(INPUT_POST, 'bpass', FILTER_UNSAFE_RAW);

if (($authSource->checkCredentials($user->getLogin(), $oldPassword)) && ($newPassword == $retypedPassword)) {
if (!$user->changePassword($newPassword)) {
if (strlen($newPassword) <= 7 || strlen($retypedPassword) <= 7) {
printf(
'<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwd_fail']
);
} else {
if (($authSource->checkCredentials($user->getLogin(), $oldPassword)) && ($newPassword == $retypedPassword)) {
if (!$user->changePassword($newPassword)) {
printf(
'<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwd_fail']
);
}
printf(
'<p class="alert alert-success"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwdsuc']
);
} else {
printf(
'<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwd_fail']
);
}
printf(
'<p class="alert alert-success"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwdsuc']
);
} else {
printf(
'<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
$PMF_LANG['ad_passwd_fail']
);
}
}
?>
Expand Down
11 changes: 6 additions & 5 deletions phpmyfaq/src/phpMyFAQ/Installer.php
View file
Expand Up @@ -845,14 +845,14 @@ public function startInstall(array $setup = null): void
$esSetup = [];
}

// check loginname
// check login name
if (!isset($setup['loginname'])) {
$loginName = Filter::filterInput(INPUT_POST, 'loginname', FILTER_UNSAFE_RAW);
} else {
$loginName = $setup['loginname'];
}
if (is_null($loginName)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a loginname for your account.</p>';
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a login name for your account.</p>';
System::renderFooter(true);
}

Expand All @@ -863,8 +863,7 @@ public function startInstall(array $setup = null): void
$password = $setup['password'];
}
if (is_null($password)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for the your ' .
'account.</p>';
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for your account.</p>';
System::renderFooter(true);
}

Expand All @@ -873,16 +872,18 @@ public function startInstall(array $setup = null): void
} else {
$passwordRetyped = $setup['password_retyped'];
}

if (is_null($passwordRetyped)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a retyped password.</p>';
System::renderFooter(true);
}

if (strlen($password) <= 5 || strlen($passwordRetyped) <= 5) {
if (strlen($password) <= 7 || strlen($passwordRetyped) <= 7) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are too ' .
'short. Please set your password and your retyped password with a minimum of 6 characters.</p>';
System::renderFooter(true);
}

if ($password != $passwordRetyped) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are not ' .
'equal. Please check your password and your retyped password.</p>';
Expand Down

0 comments on commit d7a87d2

Please sign in to comment.