MrZeropage
04-07-2005, 10:00 PM
This little modification ensures that users use passwords with at least an amount of characters you define. This length is currently set to 8 characters but can be modified ofcourse.
If you want to change that length, just look at the PHP-code and the new phrase below, the corresponding places are marked green.
Thanks to Mystics for help with the javascript :)
open /profile.php
findglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'email' => STR, 'emailconfirm' => STR));and replace it withglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'npwlength' => INT, 'email' => STR, 'emailconfirm' => STR));
findif (!empty($newpassword) OR !empty($newpassword_md5))above insert // ### Password-Security-Hack
if ($npwlength > 0 AND $npwlength <= 7) {
eval(print_standard_error('unsecurepassword'));
}
// ### End Password-Security-Hack
Now save your modified /profile.php
Edit the template modifypassword and replace all of it with the following code:<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)
{
npwlength.value = newpassword.value.length;
md5hash(currentpassword, currentpassword_md5);
// do various checks
if (newpassword.value != '')
{
md5hash(newpassword, newpassword_md5);
}
if (newpasswordconfirm.value != '')
{
md5hash(newpasswordconfirm, newpasswordconfirm_md5);
}
}
</script>
<form name="changepw" action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />
<input type="hidden" name="npwlength" />
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">
<if condition="$show['passwordexpired']">
<div class="smallfont">
<strong>$vbphrase[current_password_expired]</strong>
</div>
</if>
<div class="fieldset">
<div>$vbphrase[enter_password_to_continue]:</div>
<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
</div>
<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_password]:</div>
<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_password]:</div>
<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>
<fieldset class="fieldset">
<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_email_address]:</div>
<div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_email_address]:</div>
<div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>
</div>
</div>
<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
</div>
</td>
</tr>
</table>
</form>
Save that template.
Now enter the phrase-manager, select the phrase-type Front-End Error Messages and add a new phrase:
VARNAME: unsecurepassword
TEXT: The password you chose does not fit our standard of security, please use a password with <b>at least 8 characters.</b><br><br>Click here to <a href="profile.php?$session[sessionurl]do=editpassword">change your password</a>.
That's all, you're done :smoke:
If you want to change that length, just look at the PHP-code and the new phrase below, the corresponding places are marked green.
Thanks to Mystics for help with the javascript :)
open /profile.php
findglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'email' => STR, 'emailconfirm' => STR));and replace it withglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'npwlength' => INT, 'email' => STR, 'emailconfirm' => STR));
findif (!empty($newpassword) OR !empty($newpassword_md5))above insert // ### Password-Security-Hack
if ($npwlength > 0 AND $npwlength <= 7) {
eval(print_standard_error('unsecurepassword'));
}
// ### End Password-Security-Hack
Now save your modified /profile.php
Edit the template modifypassword and replace all of it with the following code:<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)
{
npwlength.value = newpassword.value.length;
md5hash(currentpassword, currentpassword_md5);
// do various checks
if (newpassword.value != '')
{
md5hash(newpassword, newpassword_md5);
}
if (newpasswordconfirm.value != '')
{
md5hash(newpasswordconfirm, newpasswordconfirm_md5);
}
}
</script>
<form name="changepw" action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />
<input type="hidden" name="npwlength" />
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">
<if condition="$show['passwordexpired']">
<div class="smallfont">
<strong>$vbphrase[current_password_expired]</strong>
</div>
</if>
<div class="fieldset">
<div>$vbphrase[enter_password_to_continue]:</div>
<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
</div>
<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_password]:</div>
<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_password]:</div>
<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>
<fieldset class="fieldset">
<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_email_address]:</div>
<div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_email_address]:</div>
<div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>
</div>
</div>
<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
</div>
</td>
</tr>
</table>
</form>
Save that template.
Now enter the phrase-manager, select the phrase-type Front-End Error Messages and add a new phrase:
VARNAME: unsecurepassword
TEXT: The password you chose does not fit our standard of security, please use a password with <b>at least 8 characters.</b><br><br>Click here to <a href="profile.php?$session[sessionurl]do=editpassword">change your password</a>.
That's all, you're done :smoke: