From 888b8d471f3ac3501144ab7ed3b9adbbf213037b Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 21 Nov 2014 11:08:42 +0100 Subject: Check password length on the password reset form We already check for a minimum password length on the account edit page. Add the same check to the password reset form (which is also used to set an initial password). Signed-off-by: Lukas Fleischer --- web/html/passreset.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'web/html') diff --git a/web/html/passreset.php b/web/html/passreset.php index 9d8e1ae..fecefe4 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -25,6 +25,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); + } elseif (!good_passwd($password)) { + $length_min = config_get_int('options', 'passwd_min_len'); + $error = __("Your password must be at least %s characters.", + $length_min); } elseif ($uid == null) { $error = __('Invalid e-mail.'); } -- cgit v1.2.3-70-g09d2