Browse code

add password strength check for mysql users

Bernd Wurst authored on10/04/2019 09:15:05
Showing1 changed files
... ...
@@ -50,6 +50,10 @@ if (isset($_GET['action']) && $_GET['action'] == 'newuser') {
50 50
     $username = $_POST['newuser'];
51 51
     $desc = $_POST['description'];
52 52
     $password = $_POST['newpass'];
53
+    $check = strong_password($password);
54
+    if ($check !== true) {
55
+        system_failure('Das Passwort ist nicht sicher genug.');
56
+    }
53 57
     create_mysql_account($username, $desc);
54 58
     set_mysql_password($username, $password);
55 59
     if (isset($_POST['access'])) {
... ...
@@ -108,6 +112,10 @@ if (isset($_GET['action'])) {
108 112
       break;
109 113
     case 'change_pw':
110 114
       check_form_token('mysql_databases');
115
+      $check = strong_password($_POST['newpass']);
116
+      if ($check !== true) {
117
+          system_failure('Das Passwort ist nicht sicher genug.');
118
+      }
111 119
       set_mysql_password($_POST['mysql_username'], $_POST['newpass']);
112 120
       redirect('overview');
113 121
       break;