From bf0f0b6afe5dd9cd89c8ab02ad7a2365502a3c86 Mon Sep 17 00:00:00 2001 From: Henry Gross-Hellsen <6283258+cowpod@users.noreply.github.com> Date: Sun, 10 Nov 2024 03:17:16 -0800 Subject: [PATCH] minimum password requirements --- configure.php | 57 +++++++++++++++++++++++++++++------- functions/chpw.php | 24 +++++++++++++++ index.php | 4 +-- resources/js/page_account.js | 20 +++++++++++-- resources/js/page_admin.js | 29 ++++++++++++++---- 5 files changed, 114 insertions(+), 20 deletions(-) diff --git a/configure.php b/configure.php index 83ba21a..9bd3176 100644 --- a/configure.php +++ b/configure.php @@ -316,17 +316,25 @@
- + diff --git a/functions/chpw.php b/functions/chpw.php index e68f719..18a8264 100644 --- a/functions/chpw.php +++ b/functions/chpw.php @@ -16,6 +16,26 @@ $pass = password_hash($_POST['pass'], PASSWORD_DEFAULT); } +function isStrongPassword($password) { + if (strlen($password) < 8) { + return false; + } + if (!preg_match('/[a-z]/', $password)) { + return false; + } + if (!preg_match('/[A-Z]/', $password)) { + return false; + } + if (!preg_match('/[0-9]/', $password)) { + return false; + } + + if (!preg_match('/[\W_]/', $password)) { + return false; + } + return true; +} + global $db; require_once("db.php"); if (!isset($db)){ @@ -23,6 +43,10 @@ $db->connect(); } +if (!isStrongPassword($_POST['pass'])) { + die("Bad password."); +} + $sql = $db->execute("UPDATE `users` SET `pass` = '".$pass."' WHERE `name` = '".$_SESSION['user']."'" ); echo $db->error(); diff --git a/index.php b/index.php index c74f2d7..5c1e2dc 100644 --- a/index.php +++ b/index.php @@ -2394,7 +2394,7 @@ class="btn btn-primary">Edit

Change Password


-
+
@@ -2530,7 +2530,7 @@ class="btn btn-primary">Edit


- +
diff --git a/resources/js/page_account.js b/resources/js/page_account.js index 8e0a029..627f282 100644 --- a/resources/js/page_account.js +++ b/resources/js/page_account.js @@ -1,5 +1,21 @@ +function validatePassword(password) { + const minLength = password.length >= 8; + const hasNumber = /[0-9]/.test(password); + const hasLowerCase = /[a-z]/.test(password); + const hasUpperCase = /[A-Z]/.test(password); + const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password); + + if (!minLength) { + return false; + } + if (!hasNumber || !hasUpperCase || !hasLowerCase || !hasSpecialChar) { + return false; + } + return true; +} + $("#pass1").on("keyup", function() { - if ($("#pass1").val()!=="") { + if ($("#pass1").val()!=="" && validatePassword($("#pass1").val())) { $("#pass1").addClass("is-valid"); $("#pass1").removeClass("is-invalid"); if ($("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { @@ -12,7 +28,7 @@ $("#pass1").on("keyup", function() { } }); $("#pass2").on("keyup", function() { - if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val()) { + if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val() && validatePassword($("#pass2").val())) { $("#pass2").addClass("is-valid"); $("#pass2").removeClass("is-invalid"); if ($("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { diff --git a/resources/js/page_admin.js b/resources/js/page_admin.js index 24d5e62..7b4fab1 100644 --- a/resources/js/page_admin.js +++ b/resources/js/page_admin.js @@ -1,3 +1,20 @@ +function validatePassword(password) { + const minLength = password.length >= 8; + const hasNumber = /[0-9]/.test(password); + const hasLowerCase = /[a-z]/.test(password); + const hasUpperCase = /[A-Z]/.test(password); + const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password); + + if (!minLength) { + return false; + } + if (!hasNumber || !hasUpperCase || !hasLowerCase || !hasSpecialChar) { + return false; + } + return true; +} + + function remove(id) { var request = new XMLHttpRequest(); request.open('POST', './functions/remove_user.php'); @@ -229,7 +246,7 @@ $("#email").on("keyup", function() { if ($("#email").val()!=="") { $("#email").addClass("is-valid"); $("#email").removeClass("is-invalid"); - if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) { + if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { $("#save-button").attr("disabled", false); } } else { @@ -242,7 +259,7 @@ $("#name").on("keyup", function() { if ($("#name").val()!=="") { $("#name").addClass("is-valid"); $("#name").removeClass("is-invalid"); - if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) { + if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { $("#save-button").attr("disabled", false); } } else { @@ -252,10 +269,10 @@ $("#name").on("keyup", function() { } }); $("#pass1").on("keyup", function() { - if ($("#pass1").val()!=="") { + if ($("#pass1").val()!=="" && validatePassword($("#pass1").val())) { $("#pass1").addClass("is-valid"); $("#pass1").removeClass("is-invalid"); - if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) { + if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { $("#save-button").attr("disabled", false); } } else { @@ -265,10 +282,10 @@ $("#pass1").on("keyup", function() { } }); $("#pass2").on("keyup", function() { - if ($("#pass2").val()!==""&$("#pass2").val()==$("#pass1").val()) { + if ($("#pass2").val()!==""&&$("#pass2").val()==$("#pass1").val() && validatePassword($("#pass2").val())) { $("#pass2").addClass("is-valid"); $("#pass2").removeClass("is-invalid"); - if ($("#email").val()!==""&$("#name").val()!==""&$("#pass1").val()!==""&$("#pass2").val()!==""&$("#pass1").val()==$("#pass2").val()) { + if ($("#email").val()!==""&&$("#name").val()!==""&&$("#pass1").val()!==""&&$("#pass2").val()!==""&&$("#pass1").val()==$("#pass2").val()) { $("#save-button").attr("disabled", false); } } else {