summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-11-21 11:08:42 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2014-11-21 11:43:31 +0100
commit888b8d471f3ac3501144ab7ed3b9adbbf213037b (patch)
tree8db5df0c9eb703558009a227ad9080d9a1a3a67b /web
parent571b74b9017169ed6181a57d637ad737fd15f6b3 (diff)
downloadaurweb-888b8d471f3ac3501144ab7ed3b9adbbf213037b.tar.xz
Check password length on the password reset form
We already check for a minimum password length on the account edit page. Add the same check to the password reset form (which is also used to set an initial password). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/html/passreset.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 9d8e1ae..fecefe4 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -25,6 +25,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
+ } elseif (!good_passwd($password)) {
+ $length_min = config_get_int('options', 'passwd_min_len');
+ $error = __("Your password must be at least %s characters.",
+ $length_min);
} elseif ($uid == null) {
$error = __('Invalid e-mail.');
}