Author: jclarke
Date: 2010-07-19 12:10:04 +0200 (Mon, 19 Jul 2010)
New Revision: 92
Modified:
self-service-password/trunk/config.inc.php
self-service-password/trunk/functions.inc.php
self-service-password/trunk/lang/en.inc.php
self-service-password/trunk/pages/change.php
Log:
Check that user doesn't reuse the same password in password policy. Fixes #259.
Modified: self-service-password/trunk/config.inc.php
===================================================================
--- self-service-password/trunk/config.inc.php 2010-07-17 13:59:47 UTC (rev 91)
+++ self-service-password/trunk/config.inc.php 2010-07-19 10:10:04 UTC (rev 92)
@@ -68,6 +68,8 @@
$pwd_special_chars = "^a-zA-Z0-9";
# Forbidden characters
#$pwd_forbidden_chars = "@%";
+# Don't reuse the same password as currently
+$pwd_no_reuse = true;
# Show policy constraints message:
# always
# never
Modified: self-service-password/trunk/functions.inc.php
===================================================================
--- self-service-password/trunk/functions.inc.php 2010-07-17 13:59:47 UTC
(rev 91)
+++ self-service-password/trunk/functions.inc.php 2010-07-19 10:10:04 UTC
(rev 92)
@@ -99,12 +99,12 @@
# Display policy bloc
# @return HTML code
-function show_policy( $messages, $pwd_min_length, $pwd_max_length,
$pwd_min_lower, $pwd_min_upper, $pwd_min_digit, $pwd_min_special,
$pwd_forbidden_chars, $pwd_show_policy, $result ) {
+function show_policy( $messages, $pwd_min_length, $pwd_max_length,
$pwd_min_lower, $pwd_min_upper, $pwd_min_digit, $pwd_min_special,
$pwd_forbidden_chars, $pwd_no_reuse, $pwd_show_policy, $result ) {
# Should we display it?
if ( !$pwd_show_policy or $pwd_show_policy === "never" ) { return; }
if ( $pwd_show_policy === "onerror" ) {
- if ( !preg_match(
"/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars/" ,
$result) ) { return; }
+ if ( !preg_match(
"/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars|sameasold/"
, $result) ) { return; }
}
# Display bloc
@@ -118,13 +118,14 @@
if ( $pwd_min_digit ) { echo "<li>".$messages["policymindigit"]
." $pwd_min_digit</li>\n"; }
if ( $pwd_min_special ) { echo "<li>".$messages["policyminspecial"]
." $pwd_min_special</li>\n"; }
if ( $pwd_forbidden_chars ) { echo
"<li>".$messages["policyforbiddenchars"] ." $pwd_forbidden_chars</li>\n"; }
+ if ( $pwd_no_reuse ) { echo "<li>".$messages["policynoreuse"]
."\n"; }
echo "</ul>\n";
echo "</div>\n";
}
# Check password strength
# @return result code
-function check_password_strength( $password, $pwd_special_chars,
$pwd_forbidden_chars, $pwd_min_length, $pwd_max_length, $pwd_min_lower,
$pwd_min_upper, $pwd_min_digit, $pwd_min_special ) {
+function check_password_strength( $password, $oldpassword, $pwd_special_chars,
$pwd_forbidden_chars, $pwd_min_length, $pwd_max_length, $pwd_min_lower,
$pwd_min_upper, $pwd_min_digit, $pwd_min_special, $pwd_no_reuse ) {
$result = "";
@@ -161,6 +162,9 @@
# Forbidden chars
if ( $forbidden > 0 ) { $result="forbiddenchars"; }
+ # Same as old password?
+ if ( $pwd_no_reuse and $password === $oldpassword ) { $result="sameasold";
}
+
return $result;
}
Modified: self-service-password/trunk/lang/en.inc.php
===================================================================
--- self-service-password/trunk/lang/en.inc.php 2010-07-17 13:59:47 UTC (rev 91)
+++ self-service-password/trunk/lang/en.inc.php 2010-07-19 10:10:04 UTC (rev 92)
@@ -45,6 +45,7 @@
$messages['minupper'] = "Your password has not enough upper characters";
$messages['mindigit'] = "Your password has not enough digits";
$messages['minspecial'] = "Your password has not enough special characters";
+$messages['sameasold'] = "Your new password is identical to your old password";
$messages['policy'] = "Your password should respect the following
constraints:";
$messages['policyminlength'] = "Minimal length:";
$messages['policymaxlength'] = "Maximal length:";
@@ -54,6 +55,7 @@
$messages['policyminspecial'] = "Minimal special characters:";
$messages['forbiddenchars'] = "You password contains forbidden characters";
$messages['policyforbiddenchars'] = "Forbidden characters:";
+$messages['policynoreuse'] = "Your new password may not be the same as your
old password";
$messages['questions']['birthday'] = "What is your birthday?";
$messages['questions']['color'] = "What is your favorite color?";
$messages['password'] = "Password";
Modified: self-service-password/trunk/pages/change.php
===================================================================
--- self-service-password/trunk/pages/change.php 2010-07-17 13:59:47 UTC
(rev 91)
+++ self-service-password/trunk/pages/change.php 2010-07-19 10:10:04 UTC
(rev 92)
@@ -116,7 +116,7 @@
# Check password strength
#==============================================================================
if ( $result === "" ) {
- $result = check_password_strength( $newpassword, $pwd_special_chars,
$pwd_forbidden_chars, $pwd_min_length, $pwd_max_length, $pwd_min_lower,
$pwd_min_upper, $pwd_min_digit, $pwd_min_special );
+ $result = check_password_strength( $newpassword, $oldpassword,
$pwd_special_chars, $pwd_forbidden_chars, $pwd_min_length, $pwd_max_length,
$pwd_min_lower, $pwd_min_upper, $pwd_min_digit, $pwd_min_special, $pwd_no_reuse
);
}
@@ -152,6 +152,7 @@
$pwd_min_lower, $pwd_min_upper,
$pwd_min_digit, $pwd_min_special,
$pwd_forbidden_chars,
+ $pwd_no_reuse,
$pwd_show_policy, $result
);
?>
_______________________________________________
ltb-changes mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-changes
