GetSimple Support Forum GetSimple Feature Requests v
Password security (REQ)

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Password security (REQ)
mrmut Offline
Member
***
Posts: 63
Threads: 26
Joined: Oct 2011
#1
2012-02-11, 22:21:20
Hello all,

anyone using password security checkup mod in settings.php?
It would be nice to have GS check not only for null password, but also for six 8 char length and numbers.


Thanks!
Find
Reply
Connie Offline
Posting Freak
*****
Posts: 2,906
Threads: 193
Joined: Feb 2011
#2
2012-02-11, 22:53:23
I moved this to the Feature Request section ;=)
|--

Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forums/forumdisplay.php?fid=18
Find
Reply
mrmut Offline
Member
***
Posts: 63
Threads: 26
Joined: Oct 2011
#3
2012-02-11, 22:54:50
Connie Wrote:I moved this to the Feature Request section ;=)

Thanks Connie!
Find
Reply
Carlos Offline
Posting Freak
*****
Posts: 3,491
Threads: 106
Joined: Mar 2010
#4
2012-02-11, 22:57:36
This request had been accepted, but for a future release (GS 3.2 maybe):
http://code.google.com/p/get-simple-cms/...ail?id=295

Could this be done with a plugin...?
Website Find
Reply
mrmut Offline
Member
***
Posts: 63
Threads: 26
Joined: Oct 2011
#5
2012-02-11, 23:04:27
Carlos Wrote:This request had been accepted, but for a future release (GS 3.2 maybe):
http://code.google.com/p/get-simple-cms/...ail?id=295

Could this be done with a plugin...?

Yeah, I know it was accepted I've suggested it Smile

I don't know can it be done through plugin, and don't think that would be necessary. Why create overhead code, when the change is simple? (I am not a programmer, would do it otherwise.)

The problem is that 3.1 is not out yet, and 3.2 is planned in the future, while I use 3.0 for deployment.

The code for password checking on 3.1 is:


Code:
# check to see if passwords are changing
    if(isset($_POST['sitepwd'])) { $pwd1 = $_POST['sitepwd']; }
    if(isset($_POST['sitepwd_confirm'])) { $pwd2 = $_POST['sitepwd_confirm']; }
    if ($pwd1 != $pwd2)    {
        #passwords do not match
        $error = i18n_r('PASSWORD_NO_MATCH');
    } else {
        # password cannot be null
        if ( $pwd1 != '' ) {
            $PASSWD = passhash($pwd1);
        }    
        # check password complexity
        if ( $pwd1 = preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$#") ) {
        $error = i18n_r('PASSWORD_NO_MATCH');
        }



And somethink like this should go in, with a simple error call like: "The password should contain 8 characters and numbers."

http://www.cafewebmaster.com/check-passw...-and-regex


Code:
<?php
$pwd = $_POST['pwd'];

if (preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$#", $pwd)){
    echo "Your password is good.";
} else {
    echo "Your password is bad.";
}
Find
Reply




Users browsing this thread: 1 Guest(s)