From dca957af7210156af72555bb8544fde47e756376 Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Thu, 11 Sep 2008 19:14:06 -0700 Subject: BUGFIX: new password needs to be at least 4 characters long added a check for the length of the new password, so that empty passwords are not allowed. Signed-off-by: Arun Persaud --- include/preferences.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/preferences.php b/include/preferences.php index 0382193..613d965 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -103,10 +103,14 @@ if(myisset("password0") && $_REQUEST["password0"]!="" ) if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) $changed_password = -1; - /* check if new passwords are types the same twice */ + /* check if new password has been typed in correctly */ if($_REQUEST["password1"] != $_REQUEST["password2"] ) $changed_password = -2; + /* check if new password is long enough */ + if(strlen($_REQUEST["password1"])<4) + $changed_password = -3; + if($changed_password==1) { DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). @@ -182,6 +186,9 @@ echo " Password(old): ", ""; switch($changed_password) { + case '-3': + echo "The new passwords is not long enough (you need at least 4 characters)."; + break; case '-2': echo "The new passwords don't match."; break; -- cgit v1.2.3-18-g5258