summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArun Persaud <arun@nubati.net>2008-09-11 19:14:06 -0700
committerArun Persaud <arun@nubati.net>2008-09-11 19:14:06 -0700
commitdca957af7210156af72555bb8544fde47e756376 (patch)
treea38c30ea14574227b15f63abaf0432feb717f507
parent272e8bf819a02bb72b68afb6cb3b00eb843cdfda (diff)
downloade-DoKo-dca957af7210156af72555bb8544fde47e756376.tar.gz
e-DoKo-dca957af7210156af72555bb8544fde47e756376.tar.bz2
e-DoKo-dca957af7210156af72555bb8544fde47e756376.zip
BUGFIX: new password needs to be at least 4 characters long
added a check for the length of the new password, so that empty passwords are not allowed. Signed-off-by: Arun Persaud <arun@nubati.net>
-rw-r--r--include/preferences.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/include/preferences.php b/include/preferences.php
index 0382193..613d965 100644
--- a/include/preferences.php
+++ b/include/preferences.php
@@ -103,10 +103,14 @@ if(myisset("password0") && $_REQUEST["password0"]!="" )
if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
$changed_password = -1;
- /* check if new passwords are types the same twice */
+ /* check if new password has been typed in correctly */
if($_REQUEST["password1"] != $_REQUEST["password2"] )
$changed_password = -2;
+ /* check if new password is long enough */
+ if(strlen($_REQUEST["password1"])<4)
+ $changed_password = -3;
+
if($changed_password==1)
{
DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
@@ -182,6 +186,9 @@ echo " <tr><td>Password(old): </td><td>",
"<input type=\"password\" id=\"password0\" name=\"password0\" size=\"20\" maxlength=\"30\" />";
switch($changed_password)
{
+ case '-3':
+ echo "The new passwords is not long enough (you need at least 4 characters).";
+ break;
case '-2':
echo "The new passwords don't match.";
break;