From 888b8d471f3ac3501144ab7ed3b9adbbf213037b Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 21 Nov 2014 11:08:42 +0100
Subject: Check password length on the password reset form

We already check for a minimum password length on the account edit page.
Add the same check to the password reset form (which is also used to set
an initial password).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/passreset.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'web')

diff --git a/web/html/passreset.php b/web/html/passreset.php
index 9d8e1ae..fecefe4 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -25,6 +25,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
 		$error = __('Missing a required field.');
 	} elseif ($password != $confirm) {
 		$error = __('Password fields do not match.');
+	} elseif (!good_passwd($password)) {
+		$length_min = config_get_int('options', 'passwd_min_len');
+		$error = __("Your password must be at least %s characters.",
+			$length_min);
 	} elseif ($uid == null) {
 		$error = __('Invalid e-mail.');
 	}
-- 
cgit v1.2.3-54-g00ecf