minimum password requirements

cowpod · Nov 10, 2024 · bf0f0b6 · bf0f0b6
1 parent 08b4a0e
commit bf0f0b6
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 20 deletions.
diff --git a/configure.php b/configure.php
@@ -316,17 +316,25 @@
                         <input id="dir" class="form-control" type="text" name="dir"
                                placeholder="Install Directory" value="/" required><br />
                     </div>
-                    <button id="save" type="submit" class="btn btn-success btn-block btn-lg">Save</button>
+                    <button id="save" type="submit" class="btn btn-success btn-block btn-lg" disabled>Save</button>
                 </form>
                 <script type="text/javascript">
-                    $(document).ready(function() {
-                        var loc = window.location.pathname;
-                        var dir = loc.substring(0, loc.lastIndexOf('/'));
-                        $("#dir").val(dir + "/");
-                        if ($("#dir").val()=="//") {
-                            $("#dir").val("/");
+                    function validatePassword(password) {
+                        const minLength = password.length >= 8;
+                        const hasNumber = /[0-9]/.test(password);
+                        const hasLowerCase = /[a-z]/.test(password);
+                        const hasUpperCase = /[A-Z]/.test(password);
+                        const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
+
+                        if (!minLength) {
+                            return false;
                         }
-                    });
+                        if (!hasNumber || !hasUpperCase || !hasLowerCase || !hasSpecialChar) {
+                            return false;
+                        }
+                        return true;
+                    }
+
                     $("#host").on("keyup", function() {
                         let hostval = $("#host").val();
                         if (hostval.startsWith("https://") || hostval.startsWith("http://")) {
@@ -335,9 +343,29 @@
                             $("#host-warning").hide();
                         }
                     });
+                    $("#pass").on("keyup", function() {
+                        if (validatePassword($("#pass").val())) {
+                            $("#pass").addClass("is-valid");
+                            $("#pass").removeClass("is-invalid");
+                        } else {
+                            $("#pass").addClass("is-invalid");
+                            $("#pass").removeClass("is-valid");
+                            $("#save").attr("disabled", true);
+                        }
+                        if ($("#pass2").val()==$("#pass").val() && validatePassword($("#pass2").val())) {
+                            $("#pass2").addClass("is-valid");
+                            $("#pass2").removeClass("is-invalid");
+                            $("#pass").addClass("is-valid");
+                            $("#pass").removeClass("is-invalid");
+                            $("#save").attr("disabled", false);
+                        } else if($("#pass2").val()!="") {
+                            $("#pass2").addClass("is-invalid");
+                            $("#pass2").removeClass("is-valid");
+                            $("#save").attr("disabled", true);
+                        }
+                    });
                     $("#pass2").on("keyup", function() {
-                        // console.log($("#pass2").val()+"=="+$("#pass").val())
-                        if ($("#pass2").val()==$("#pass").val()) {
+                        if ($("#pass2").val()==$("#pass").val() && validatePassword($("#pass2").val())) {
                             $("#pass2").addClass("is-valid");
                             $("#pass2").removeClass("is-invalid");
                             $("#save").attr("disabled", false);
@@ -390,6 +418,15 @@
                         }
                         http.send(params);
                     });
+
+                    $(document).ready(function() {
+                        var loc = window.location.pathname;
+                        var dir = loc.substring(0, loc.lastIndexOf('/'));
+                        $("#dir").val(dir + "/");
+                        if ($("#dir").val()=="//") {
+                            $("#dir").val("/");
+                        }
+                    });
                 </script>
             </div>
         </div>

diff --git a/functions/chpw.php b/functions/chpw.php
@@ -16,13 +16,37 @@
     $pass = password_hash($_POST['pass'], PASSWORD_DEFAULT);
 }
 
+function isStrongPassword($password) {
+    if (strlen($password) < 8) {
+        return false;
+    }
+    if (!preg_match('/[a-z]/', $password)) {
+        return false;
+    }
+    if (!preg_match('/[A-Z]/', $password)) {
+        return false;
+    }
+    if (!preg_match('/[0-9]/', $password)) {
+        return false;
+    }
+
+    if (!preg_match('/[\W_]/', $password)) {
+        return false;
+    }
+    return true;
+}
+
 global $db;
 require_once("db.php");
 if (!isset($db)){
     $db=new Db;
     $db->connect();
 }
 
+if (!isStrongPassword($_POST['pass'])) {
+    die("Bad password.");
+}
+
 $sql = $db->execute("UPDATE `users` SET `pass` = '".$pass."' WHERE `name` = '".$_SESSION['user']."'"
 );
 echo $db->error();

diff --git a/index.php b/index.php
@@ -2394,7 +2394,7 @@ class="btn btn-primary">Edit</button>
                      <h2>Change Password</h2>
                      <form method="POST" action="./functions/chpw.php">
                         <input id="pass1" placeholder="Password" class="form-control" type="password" name="pass"><br />
-                        <input id="pass2" placeholder="Password" class="form-control" type="password"><br />
+                        <input id="pass2" placeholder="Confirm Password" class="form-control" type="password"><br />
                         <input class="btn btn-success" type="submit" name="save" id="save-button" value="Save" disabled>
                      </form>
                 </div>
@@ -2530,7 +2530,7 @@ class="btn btn-primary">Edit</button>
                             <input id="email" placeholder="Email" class="form-control" type="email"> <br />
                             <input id="name" placeholder="Username" class="form-control" type="text"><br />
                             <input id="pass1" placeholder="Password" class="form-control" type="password"><br />
-                            <input id="pass2" placeholder="Password" class="form-control" type="password">
+                            <input id="pass2" placeholder="Confirm Password" class="form-control" type="password">
                         </form>
                       </div>
                       <div class="modal-footer">

diff --git a/resources/js/page_account.js b/resources/js/page_account.js
@@ -1,5 +1,21 @@
+function validatePassword(password) {
+    const minLength = password.length >= 8;
+    const hasNumber = /[0-9]/.test(password);
+    const hasLowerCase = /[a-z]/.test(password);
+    const hasUpperCase = /[A-Z]/.test(password);
+    const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
+
+    if (!minLength) {
+        return false;
+    }
+    if (!hasNumber || !hasUpperCase || !hasLowerCase || !hasSpecialChar) {
+        return false;
+    }
+    return true;
+}
+
 $("#pass1").on("keyup", function() {
-    if ($("#pass1").val()!=="") {
+    if ($("#pass1").val()!=="" && validatePassword($("#pass1").val())) {
         $("#pass1").addClass("is-valid");
         $("#pass1").removeClass("is-invalid");
         if ($("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {
@@ -12,7 +28,7 @@ $("#pass1").on("keyup", function() {
     }
 });
 $("#pass2").on("keyup", function() {
-    if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val()) {
+    if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val() && validatePassword($("#pass2").val())) {
         $("#pass2").addClass("is-valid");
         $("#pass2").removeClass("is-invalid");
         if ($("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {

diff --git a/resources/js/page_admin.js b/resources/js/page_admin.js
@@ -1,3 +1,20 @@
+function validatePassword(password) {
+    const minLength = password.length >= 8;
+    const hasNumber = /[0-9]/.test(password);
+    const hasLowerCase = /[a-z]/.test(password);
+    const hasUpperCase = /[A-Z]/.test(password);
+    const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
+
+    if (!minLength) {
+        return false;
+    }
+    if (!hasNumber || !hasUpperCase || !hasLowerCase || !hasSpecialChar) {
+        return false;
+    }
+    return true;
+}
+
+
 function remove(id) {
     var request = new XMLHttpRequest();
     request.open('POST', './functions/remove_user.php');
@@ -229,7 +246,7 @@ $("#email").on("keyup", function() {
     if ($("#email").val()!=="") {
         $("#email").addClass("is-valid");
         $("#email").removeClass("is-invalid");
-        if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) {
+        if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {
             $("#save-button").attr("disabled", false);
         }
     } else {
@@ -242,7 +259,7 @@ $("#name").on("keyup", function() {
     if ($("#name").val()!=="") {
         $("#name").addClass("is-valid");
         $("#name").removeClass("is-invalid");
-        if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) {
+        if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {
             $("#save-button").attr("disabled", false);
         }
     } else {
@@ -252,10 +269,10 @@ $("#name").on("keyup", function() {
     }
 });
 $("#pass1").on("keyup", function() {
-    if ($("#pass1").val()!=="") {
+    if ($("#pass1").val()!=="" && validatePassword($("#pass1").val())) {
         $("#pass1").addClass("is-valid");
         $("#pass1").removeClass("is-invalid");
-        if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) {
+        if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {
             $("#save-button").attr("disabled", false);
         }
     } else {
@@ -265,10 +282,10 @@ $("#pass1").on("keyup", function() {
     }
 });
 $("#pass2").on("keyup", function() {
-    if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val()) {
+    if ($("#pass2").val()!==""&&$("#pass2").val()==$("#pass1").val() && validatePassword($("#pass2").val())) {
         $("#pass2").addClass("is-valid");
         $("#pass2").removeClass("is-invalid");
-        if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) {
+        if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) {
             $("#save-button").attr("disabled", false);
         }
     } else {