vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=34)
-   -   set minimal length for password for pw-change (https://vborg.vbsupport.ru/showthread.php?t=79624)

MrZeropage 04-07-2005 10:00 PM
set minimal length for password for pw-change
 
This little modification ensures that users use passwords with at least an amount of characters you define. This length is currently set to 8 characters but can be modified ofcourse.
If you want to change that length, just look at the PHP-code and the new phrase below, the corresponding places are marked green.

Thanks to Mystics for help with the javascript :)


open /profile.php

find
Code:
globalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'email' => STR, 'emailconfirm' => STR));
and replace it with
Code:
globalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'npwlength' => INT, 'email' => STR, 'emailconfirm' => STR));
find
Code:
if (!empty($newpassword) OR !empty($newpassword_md5))
above insert
Code:
// ### Password-Security-Hack
if ($npwlength > 0 AND $npwlength <= 7) {
eval(print_standard_error('unsecurepassword'));
}
// ### End Password-Security-Hack
Now save your modified /profile.php


Edit the template modifypassword and replace all of it with the following code:
Code:
<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)
{
                npwlength.value = newpassword.value.length;
md5hash(currentpassword, currentpassword_md5);
// do various checks
if (newpassword.value != '')
{
md5hash(newpassword, newpassword_md5);
}
if (newpasswordconfirm.value != '')
{
md5hash(newpasswordconfirm, newpasswordconfirm_md5);
}
}
</script>
 
<form name="changepw" action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />
<input type="hidden" name="npwlength" />
 
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>
 
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">
 
<if condition="$show['passwordexpired']">
<div class="smallfont">
        <strong>$vbphrase[current_password_expired]</strong>
</div>
</if>
 
<div class="fieldset">
<div>$vbphrase[enter_password_to_continue]:</div>
<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
</div>
 
<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
        <td>
        <div>$vbphrase[new_password]:</div>
        <div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
        </td>
</tr>
<tr>
        <td>
        <div>$vbphrase[confirm_new_password]:</div>
        <div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
        </td>
</tr>
</table>
</fieldset>
 
<fieldset class="fieldset">
<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
        <td>
        <div>$vbphrase[new_email_address]:</div>
        <div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
        </td>
</tr>
<tr>
        <td>
        <div>$vbphrase[confirm_new_email_address]:</div>
        <div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
        </td>
</tr>
</table>
</fieldset>
 
</div>
</div>
 
<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
</div>
</td>
</tr>
</table>
 
</form>
Save that template.



Now enter the phrase-manager, select the phrase-type Front-End Error Messages and add a new phrase:

VARNAME: unsecurepassword
TEXT:
Code:
The password you chose does not fit our standard of security, please use a password with <b>at least 8 characters.</b><br><br>Click here to <a href="profile.php?$session[sessionurl]do=editpassword">change your password</a>.

That's all, you're done :smoke:

nexialys 04-08-2005 06:44 PM
red = green here, remember (we have a colorblind bbcode here!)

nighteyes 04-08-2005 07:27 PM
Nice hack. How about applying this to registrations too?

akanevsky 04-08-2005 08:17 PM
Err... No offsense, dude, but do you check your hacks before posting them?
You have both syntax and logic error in your hack...

Syntax error:
if ($npwlength > 0 AND $npwlength <= 7{

Don't you need a closing ')' before '{'???

Logic error:
It says:

if ($npwlength > 0 AND $npwlength <= 7{

If you want your password to be not less than 7 characters in length, then it logically follows that it will be more than 0 characters. Therefore, the first part of the condition does not make any sense.

A final, more valid, condition would be:

if ($npwlength <= 7) {

:) But anyway, this is a nice hack, and I am going to install it when you finish developing it :)

Oblivion Knight 04-09-2005 07:13 AM
The $npwlength > 0 part of his condition is probably so that the default error message is shown if no password is entered, instead of this custom one about the password length.. ;)

akanevsky 04-09-2005 12:18 PM
Oblivion Knight
In that case, it would be best to put this check into IF..ELSEIF, instead of two separate IF's. That would make it easier to understand.

tehste 04-09-2005 01:46 PM
its a hack so it is probably better putting it in a seperate if rather than to play around with vb core if,else structure... Is there a reason that you are checking if the length is less than or equal to seven? why not just use < 8?

akanevsky 04-09-2005 01:53 PM
This is a simple if..else structure you are talking about here, so I don't think it will hurt making some intergration...

Boofo 04-09-2005 10:00 PM
Please post this in a text file so others can have it on an upgrade. ;)

MrZeropage 04-23-2005 05:01 PM
I updated the missing ) and named the color "green" ...


All times are GMT. The time now is 12:27 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01112 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete