Skip to content

Commit 117b68c

Browse files
carlbennettcarlbennett
committed
Add missing password restrictions
1 parent aaa2820 commit 117b68c

File tree

2 files changed

+35
-0
lines changed

2 files changed

+35
-0
lines changed

src/controllers/User/ChangePassword.php

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,28 @@ protected function tryChangePassword(
6464
$model->error = "PASSWORD_INCORRECT";
6565
return;
6666
}
67+
$pwlen = strlen($pw2);
68+
$req = &Common::$config->bnetdocs->user_register_requirements;
69+
$email = Authentication::$user->getEmail();
70+
$username = Authentication::$user->getUsername();
71+
if (!$req->password_allow_email && stripos($pw2, $email)) {
72+
$model->error = "PASSWORD_CONTAINS_EMAIL";
73+
return;
74+
}
75+
if (!$req->password_allow_username && stripos($pw2, $username)) {
76+
$model->error = "PASSWORD_CONTAINS_USERNAME";
77+
return;
78+
}
79+
if (is_numeric($req->password_length_max)
80+
&& $pwlen > $req->password_length_max) {
81+
$model->error = "PASSWORD_TOO_LONG";
82+
return;
83+
}
84+
if (is_numeric($req->password_length_min)
85+
&& $pwlen < $req->password_length_min) {
86+
$model->error = "PASSWORD_TOO_SHORT";
87+
return;
88+
}
6789
$blacklist = Common::$config->bnetdocs->user_password_blacklist;
6890
foreach ($blacklist as $blacklist_pw) {
6991
if (strtolower($blacklist_pw->password) == strtolower($pw2)) {

src/templates/User/ChangePassword.phtml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,22 @@ switch ($this->getContext()->error) {
2020
case "NONMATCHING_PASSWORD":
2121
$message = "The new password does not match its confirmation.";
2222
break;
23+
case "PASSWORD_CONTAINS_EMAIL":
24+
$message = "The password contains the email address, "
25+
. "use a better password.";
26+
break;
27+
case "PASSWORD_CONTAINS_USERNAME":
28+
$message = "The password contains the username, use a better password.";
29+
break;
2330
case "PASSWORD_INCORRECT":
2431
$message = "You did not enter your correct current password.";
2532
break;
33+
case "PASSWORD_TOO_LONG":
34+
$message = "The password is too long, shorten it.";
35+
break;
36+
case "PASSWORD_TOO_SHORT":
37+
$message = "The password is too short, use a better password.";
38+
break;
2639
case "PASSWORD_BLACKLIST":
2740
$message = $this->getContext()->error_extra;
2841
if (empty($message)) $message = "The new password is blacklisted.";

0 commit comments

Comments
 (0)