Check password strength when resetting systemuser, subuser, or customer password (5dd618c)

@@ -240,6 +240,10 @@ function set_customer_lastlogin($customerno)
 function set_customer_password($customerno, $newpass)
 {
     $customerno = (int) $customerno;
+    $res = strong_password($newpass);
+    if ($res !== true) {
+        system_failure("Unsicheres Passwort: " . $res);
+    }
     $newpass = gen_pw_hash($newpass);
     db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", [":newpass" => $newpass, ":customerno" => $customerno]);
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
@@ -247,6 +251,10 @@ function set_customer_password($customerno, $newpass)
 
 function set_subuser_password($subuser, $newpass)
 {
+    $res = strong_password($newpass);
+    if ($res !== true) {
+        system_failure("Unsicheres Passwort: " . $res);
+    }
     $args = [":subuser" => $subuser,
                 ":uid" => (int) $_SESSION['userinfo']['uid'],
                 ":newpass" => gen_pw_hash($newpass), ];
@@ -257,7 +265,10 @@ function set_subuser_password($subuser, $newpass)
 function set_systemuser_password($uid, $newpass)
 {
     $uid = (int) $uid;
-    require_once('inc/base.php');
+    $res = strong_password($newpass);
+    if ($res !== true) {
+        system_failure("Unsicheres Passwort: " . $res);
+    }
     $newpass = gen_pw_hash($newpass);
     db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", [":newpass" => $newpass, ":uid" => $uid]);
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");


...	...	@@ -240,6 +240,10 @@ function set_customer_lastlogin($customerno)
240	240	function set_customer_password($customerno, $newpass)
241	241	{
242	242	$customerno = (int) $customerno;
	243	+ $res = strong_password($newpass);
	244	+ if ($res !== true) {
	245	+ system_failure("Unsicheres Passwort: " . $res);
	246	+ }
243	247	$newpass = gen_pw_hash($newpass);
244	248	db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", [":newpass" => $newpass, ":customerno" => $customerno]);
245	249	logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
...	...	@@ -247,6 +251,10 @@ function set_customer_password($customerno, $newpass)
247	251
248	252	function set_subuser_password($subuser, $newpass)
249	253	{
	254	+ $res = strong_password($newpass);
	255	+ if ($res !== true) {
	256	+ system_failure("Unsicheres Passwort: " . $res);
	257	+ }
250	258	$args = [":subuser" => $subuser,
251	259	":uid" => (int) $_SESSION['userinfo']['uid'],
252	260	":newpass" => gen_pw_hash($newpass), ];
...	...	@@ -257,7 +265,10 @@ function set_subuser_password($subuser, $newpass)
257	265	function set_systemuser_password($uid, $newpass)
258	266	{
259	267	$uid = (int) $uid;
260		- require_once('inc/base.php');
	268	+ $res = strong_password($newpass);
	269	+ if ($res !== true) {
	270	+ system_failure("Unsicheres Passwort: " . $res);
	271	+ }
261	272	$newpass = gen_pw_hash($newpass);
262	273	db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", [":newpass" => $newpass, ":uid" => $uid]);
263	274	logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
264	275

webinterface.git