fix: check for at least 8 characters for a password

thorsten · thorsten · commit d7a87d264628 · 2022-10-21T12:48:47.000+02:00
diff --git a/phpmyfaq/admin/pwd.change.php b/phpmyfaq/admin/pwd.change.php
@@ -53,22 +53,29 @@
         $newPassword = Filter::filterInput(INPUT_POST, 'npass', FILTER_UNSAFE_RAW);
         $retypedPassword = Filter::filterInput(INPUT_POST, 'bpass', FILTER_UNSAFE_RAW);
 
-        if (($authSource->checkCredentials($user->getLogin(), $oldPassword)) && ($newPassword == $retypedPassword)) {
-            if (!$user->changePassword($newPassword)) {
+        if (strlen($newPassword) <= 7 || strlen($retypedPassword) <= 7) {
+            printf(
+                '<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
+                $PMF_LANG['ad_passwd_fail']
+            );
+        } else {
+            if (($authSource->checkCredentials($user->getLogin(), $oldPassword)) && ($newPassword == $retypedPassword)) {
+                if (!$user->changePassword($newPassword)) {
+                    printf(
+                        '<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
+                        $PMF_LANG['ad_passwd_fail']
+                    );
+                }
+                printf(
+                    '<p class="alert alert-success"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
+                    $PMF_LANG['ad_passwdsuc']
+                );
+            } else {
                 printf(
                     '<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
                     $PMF_LANG['ad_passwd_fail']
                 );
             }
-            printf(
-                '<p class="alert alert-success"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
-                $PMF_LANG['ad_passwdsuc']
-            );
-        } else {
-            printf(
-                '<p class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">&times;</button>%s</p>',
-                $PMF_LANG['ad_passwd_fail']
-            );
         }
     }
     ?>
diff --git a/phpmyfaq/src/phpMyFAQ/Installer.php b/phpmyfaq/src/phpMyFAQ/Installer.php
@@ -845,14 +845,14 @@ public function startInstall(array $setup = null): void
             $esSetup = [];
         }
 
-        // check loginname
+        // check login name
         if (!isset($setup['loginname'])) {
             $loginName = Filter::filterInput(INPUT_POST, 'loginname', FILTER_UNSAFE_RAW);
         } else {
             $loginName = $setup['loginname'];
         }
         if (is_null($loginName)) {
-            echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a loginname for your account.</p>';
+            echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a login name for your account.</p>';
             System::renderFooter(true);
         }
 
@@ -863,8 +863,7 @@ public function startInstall(array $setup = null): void
             $password = $setup['password'];
         }
         if (is_null($password)) {
-            echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for the your ' .
-                'account.</p>';
+            echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for your account.</p>';
             System::renderFooter(true);
         }
 
@@ -873,16 +872,18 @@ public function startInstall(array $setup = null): void
         } else {
             $passwordRetyped = $setup['password_retyped'];
         }
+
         if (is_null($passwordRetyped)) {
             echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a retyped password.</p>';
             System::renderFooter(true);
         }
 
-        if (strlen($password) <= 5 || strlen($passwordRetyped) <= 5) {
+        if (strlen($password) <= 7 || strlen($passwordRetyped) <= 7) {
             echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are too ' .
                 'short. Please set your password and your retyped password with a minimum of 6 characters.</p>';
             System::renderFooter(true);
         }
+
         if ($password != $passwordRetyped) {
             echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are not ' .
                 'equal. Please check your password and your retyped password.</p>';

Original file line number	Diff line number	Diff line change
`@@ -845,14 +845,14 @@ public function startInstall(array $setup = null): void`
`845`	`845`	`$esSetup = [];`
`846`	`846`	`}`
`847`	`847`
`848`		`- // check loginname`
	`848`	`+ // check login name`
`849`	`849`	`if (!isset($setup['loginname'])) {`
`850`	`850`	`$loginName = Filter::filterInput(INPUT_POST, 'loginname', FILTER_UNSAFE_RAW);`
`851`	`851`	`} else {`
`852`	`852`	`$loginName = $setup['loginname'];`
`853`	`853`	`}`
`854`	`854`	`if (is_null($loginName)) {`
`855`		`- echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a loginname for your account.</p>';`
	`855`	`+ echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a login name for your account.</p>';`
`856`	`856`	`System::renderFooter(true);`
`857`	`857`	`}`
`858`	`858`
`@@ -863,8 +863,7 @@ public function startInstall(array $setup = null): void`
`863`	`863`	`$password = $setup['password'];`
`864`	`864`	`}`
`865`	`865`	`if (is_null($password)) {`
`866`		`- echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for the your ' .`
`867`		`- 'account.</p>';`
	`866`	`+ echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for your account.</p>';`
`868`	`867`	`System::renderFooter(true);`
`869`	`868`	`}`
`870`	`869`
`@@ -873,16 +872,18 @@ public function startInstall(array $setup = null): void`
`873`	`872`	`} else {`
`874`	`873`	`$passwordRetyped = $setup['password_retyped'];`
`875`	`874`	`}`
	`875`	`+`
`876`	`876`	`if (is_null($passwordRetyped)) {`
`877`	`877`	`echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a retyped password.</p>';`
`878`	`878`	`System::renderFooter(true);`
`879`	`879`	`}`
`880`	`880`
`881`		`- if (strlen($password) <= 5 \|\| strlen($passwordRetyped) <= 5) {`
	`881`	`+ if (strlen($password) <= 7 \|\| strlen($passwordRetyped) <= 7) {`
`882`	`882`	`echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are too ' .`
`883`	`883`	`'short. Please set your password and your retyped password with a minimum of 6 characters.</p>';`
`884`	`884`	`System::renderFooter(true);`
`885`	`885`	`}`
	`886`	`+`
`886`	`887`	`if ($password != $passwordRetyped) {`
`887`	`888`	`echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are not ' .`
`888`	`889`	`'equal. Please check your password and your retyped password.</p>';`