#637: Force users to change their password if weak

#637: "Password suggestion always the same"

Signed-off-by: Michael Tänzer <neo@nhng.de>

2 files changed, 12 insertions, 0 deletions

diff --git a/pages/account/14.php b/pages/account/14.php
index 342ab46..29aeb21 100644
--- a/pages/account/14.php
+++ b/pages/account/14.php
@@ -15,6 +15,16 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<?
+	if (intval($_REQUEST['force']) === 1)
+{
+?>
+
+<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center>
+<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong>
+</p>
+<?}?>
+
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
   <tr>
diff --git a/www/index.php b/www/index.php
index fb215c6..2634a47 100644
--- a/www/index.php
+++ b/www/index.php
@@ -332,6 +332,8 @@
 				$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
 				$_SESSION['_config']['oldlocation'] = "account.php?id=13";
 			}
+			if ($pword === "Fr3d Sm|7h")
+				$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
 			if($_SESSION['_config']['oldlocation'] != "")
 				header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
 			else