(password suggestion always the same).
This commit is contained in:
Wytze van der Raay 2011-08-01 14:34:08 +00:00
parent 090a92ceec
commit f0c474f5d6
5 changed files with 27 additions and 8 deletions

View file

@ -248,8 +248,7 @@
} }
} }
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) function checkpwlight($pwd) {
{
$points = 0; $points = 0;
if(strlen($pwd) > 15) if(strlen($pwd) > 15)
@ -280,6 +279,18 @@
//echo "Points due to length and charset: $points<br/>"; //echo "Points due to length and charset: $points<br/>";
// check for historical password proposal
if ($pwd === "Fr3d Sm|7h") {
return 0;
}
return $points;
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = checkpwlight($pwd);
if(@strstr(strtolower($pwd), strtolower($email))) if(@strstr(strtolower($pwd), strtolower($email)))
$points--; $points--;

View file

@ -15,6 +15,16 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */ ?>
<?
if (intval($_REQUEST['force']) === 1)
{
?>
<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center>
<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong>
</p>
<?}?>
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr> <tr>

View file

@ -18,9 +18,7 @@
<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> <p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p> <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> <?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
<b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b> <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
</p> </p>

View file

@ -16,9 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */ ?>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> <?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
</p> </p>
<form method="post" action="index.php" autocomplete="off"> <form method="post" action="index.php" autocomplete="off">

View file

@ -332,6 +332,8 @@
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>"; $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13"; $_SESSION['_config']['oldlocation'] = "account.php?id=13";
} }
if (checkpwlight($pword) < 3)
$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
if($_SESSION['_config']['oldlocation'] != "") if($_SESSION['_config']['oldlocation'] != "")
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
else else