set minimal length for password for pw-change

This little modification ensures that users use passwords with at least an amount of characters you define. This length is currently set to 8 characters but can be modified ofcourse.
If you want to change that length, just look at the PHP-code and the new phrase below, the corresponding places are marked green.

Thanks to Mystics for help with the javascript


open /profile.php

find

Code:

globalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'email' => STR, 'emailconfirm' => STR));

and replace it with

Code:

globalize($_POST, array('currentpassword' => STR, 'currentpassword_md5' => STR, 'newpassword' => STR, 'newpasswordconfirm' => STR, 'newpassword_md5' => STR, 'newpasswordconfirm_md5' => STR, 'npwlength' => INT, 'email' => STR, 'emailconfirm' => STR));

find

Code:

if (!empty($newpassword) OR !empty($newpassword_md5))

above insert

Code:

 // ### Password-Security-Hack
if ($npwlength > 0 AND $npwlength <= 7) {
eval(print_standard_error('unsecurepassword'));
}
// ### End Password-Security-Hack

Now save your modified /profile.php


Edit the template modifypassword and replace all of it with the following code:

Code:

<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)
{
		npwlength.value = newpassword.value.length;
md5hash(currentpassword, currentpassword_md5);
// do various checks
if (newpassword.value != '')
{
md5hash(newpassword, newpassword_md5);
}
if (newpasswordconfirm.value != '')
{
md5hash(newpasswordconfirm, newpasswordconfirm_md5);
}
}
</script>
 
<form name="changepw" action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5, npwlength)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />
<input type="hidden" name="npwlength" />
 
<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>
 
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">
 
<if condition="$show['passwordexpired']">
<div class="smallfont">
	<strong>$vbphrase[current_password_expired]</strong>
</div>
</if>
 
<div class="fieldset">
<div>$vbphrase[enter_password_to_continue]:</div>
<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
</div>
 
<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
	<td>
	 <div>$vbphrase[new_password]:</div>
	 <div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
	</td>
</tr>
<tr>
	<td>
	 <div>$vbphrase[confirm_new_password]:</div>
	 <div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
	</td>
</tr>
</table>
</fieldset>
 
<fieldset class="fieldset">
<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
	<td>
	 <div>$vbphrase[new_email_address]:</div>
	 <div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
	</td>
</tr>
<tr>
	<td>
	 <div>$vbphrase[confirm_new_email_address]:</div>
	 <div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
	</td>
</tr>
</table>
</fieldset>
 
</div>
</div>
 
<div style="margin-top:$stylevar[cellpadding]px">
<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
</div>
</td>
</tr>
</table>
 
</form>

Save that template.



Now enter the phrase-manager, select the phrase-type Front-End Error Messages and add a new phrase:

VARNAME: unsecurepassword
TEXT:

Code:

The password you chose does not fit our standard of security, please use a password with <b>at least 8 characters.</b><br><br>Click here to <a href="profile.php?$session[sessionurl]do=editpassword">change your password</a>.

That's all, you're done :smoke:

red = green here, remember (we have a colorblind bbcode here!)

[nighteyes]

Nice hack. How about applying this to registrations too?

[akanevsky]

Err... No offsense, dude, but do you check your hacks before posting them?
You have both syntax and logic error in your hack...

Syntax error:
if ($npwlength > 0 AND $npwlength <= 7{

Don't you need a closing ')' before '{'???

Logic error:
It says:

if ($npwlength > 0 AND $npwlength <= 7{

If you want your password to be not less than 7 characters in length, then it logically follows that it will be more than 0 characters. Therefore, the first part of the condition does not make any sense.

A final, more valid, condition would be:

if ($npwlength <= 7) {

But anyway, this is a nice hack, and I am going to install it when you finish developing it

[Oblivion Knight]

The $npwlength > 0 part of his condition is probably so that the default error message is shown if no password is entered, instead of this custom one about the password length..

[akanevsky]

Oblivion Knight
In that case, it would be best to put this check into IF..ELSEIF, instead of two separate IF's. That would make it easier to understand.

[tehste]

its a hack so it is probably better putting it in a seperate if rather than to play around with vb core if,else structure... Is there a reason that you are checking if the length is less than or equal to seven? why not just use < 8?

[akanevsky]

This is a simple if..else structure you are talking about here, so I don't think it will hurt making some intergration...

[Boofo]

Please post this in a text file so others can have it on an upgrade.

[MrZeropage]

I updated the missing ) and named the color "green" ...