PDA

View Full Version : set minimal length for password for pw-change


MrZeropage
04-07-2005, 10:00 PM
This little modification ensures that users use passwords with at least an amount of characters you define. This length is currently set to 8 characters but can be modified ofcourse.
If you want to change that length, just look at the PHP-code and the new phrase below, the corresponding places are marked green.

Thanks to Mystics for help with the javascript :)


open /profile.php

findglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'email' => STR, 'emailconfirm' => STR));and replace it withglobalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'npwlength' => INT, 'email' => STR, 'emailconfirm' => STR));

findif (!empty($newpassword) OR !empty($newpassword_md5))above insert // ### Password-Security-Hack
if ($npwlength > 0 AND $npwlength <= 7) {
eval(print_standard_error('unsecurepassword'));
}
// ### End Password-Security-Hack
Now save your modified /profile.php


Edit the template modifypassword and replace all of it with the following code:<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)
{
npwlength.value = newpassword.value.length;
md5hash(currentpassword, currentpassword_md5);
// do various checks
if (newpassword.value != '')
{
md5hash(newpassword, newpassword_md5);
}
if (newpasswordconfirm.value != '')
{
md5hash(newpasswordconfirm, newpasswordconfirm_md5);
}
}
</script>

<form name="changepw" action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />
<input type="hidden" name="npwlength" />

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>

<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">

<if condition="$show['passwordexpired']">
<div class="smallfont">
<strong>$vbphrase[current_password_expired]</strong>
</div>
</if>

<div class="fieldset">
<div>$vbphrase[enter_password_to_continue]:</div>
<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
</div>

<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_password]:</div>
<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_password]:</div>
<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>

<fieldset class="fieldset">
<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_email_address]:</div>
<div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_email_address]:</div>
<div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>

</div>
</div>

<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
</div>
</td>
</tr>
</table>

</form>
Save that template.



Now enter the phrase-manager, select the phrase-type Front-End Error Messages and add a new phrase:

VARNAME: unsecurepassword
TEXT: The password you chose does not fit our standard of security, please use a password with <b>at least 8 characters.</b><br><br>Click here to <a href="profile.php?$session[sessionurl]do=editpassword">change your password</a>.


That's all, you're done :smoke:

nexialys
04-08-2005, 06:44 PM
red = green here, remember (we have a colorblind bbcode here!)

nighteyes
04-08-2005, 07:27 PM
Nice hack. How about applying this to registrations too?

akanevsky
04-08-2005, 08:17 PM
Err... No offsense, dude, but do you check your hacks before posting them?
You have both syntax and logic error in your hack...

Syntax error:
if ($npwlength > 0 AND $npwlength <= 7{

Don't you need a closing ')' before '{'???

Logic error:
It says:

if ($npwlength > 0 AND $npwlength <= 7{

If you want your password to be not less than 7 characters in length, then it logically follows that it will be more than 0 characters. Therefore, the first part of the condition does not make any sense.

A final, more valid, condition would be:

if ($npwlength <= 7) {

:) But anyway, this is a nice hack, and I am going to install it when you finish developing it :)

Oblivion Knight
04-09-2005, 07:13 AM
The $npwlength > 0 part of his condition is probably so that the default error message is shown if no password is entered, instead of this custom one about the password length.. ;)

akanevsky
04-09-2005, 12:18 PM
Oblivion Knight
In that case, it would be best to put this check into IF..ELSEIF, instead of two separate IF's. That would make it easier to understand.

tehste
04-09-2005, 01:46 PM
its a hack so it is probably better putting it in a seperate if rather than to play around with vb core if,else structure... Is there a reason that you are checking if the length is less than or equal to seven? why not just use < 8?

akanevsky
04-09-2005, 01:53 PM
This is a simple if..else structure you are talking about here, so I don't think it will hurt making some intergration...

Boofo
04-09-2005, 10:00 PM
Please post this in a text file so others can have it on an upgrade. ;)

MrZeropage
04-23-2005, 05:01 PM
I updated the missing ) and named the color "green" ...