summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2011-06-22 00:21:45 +0200
committerMichael Tänzer <neo@nhng.de>2011-06-22 00:21:45 +0200
commite7368868ba88433956ad034fb7883d2dcd9566be (patch)
tree2718e822d17fe30cec13764ae61529c8901734d2
parent62f99b561a13e51e8f4d55a36092de536c531d99 (diff)
downloadcacert-devel-bug-637.tar.gz
cacert-devel-bug-637.tar.xz
cacert-devel-bug-637.zip
#637: Move a subset of password checks to a separate function and check itbug-637
on every login The subset are some very lightweight checks that contains the check for the old password suggestion Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/general.php15
-rw-r--r--www/index.php2
2 files changed, 14 insertions, 3 deletions
diff --git a/includes/general.php b/includes/general.php
index 5789875..aa74e9b 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -248,8 +248,7 @@
}
}
- function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
- {
+ function checkpwlight($pwd) {
$points = 0;
if(strlen($pwd) > 15)
@@ -279,7 +278,19 @@
$points++;
//echo "Points due to length and charset: $points<br/>";
+
+ // check for historical password proposal
+ if ($pwd === "Fr3d Sm|7h") {
+ return 0;
+ }
+
+ return $points;
+ }
+ function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
+ {
+ $points = checkpwlight($pwd);
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
diff --git a/www/index.php b/www/index.php
index 2634a47..d42a4dc 100644
--- a/www/index.php
+++ b/www/index.php
@@ -332,7 +332,7 @@
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13";
}
- if ($pword === "Fr3d Sm|7h")
+ if (checkpwlight($pword) < 3)
$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
if($_SESSION['_config']['oldlocation'] != "")
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);