add password strength check for ftp users
Bernd Wurst commited on 2019-04-10 09:20:21
Zeige 1 geänderte Dateien mit 5 Einfügungen und 1 Löschungen.
- modules/ftpusers/include/ftpusers.php 99f591d..900b66c
| ... | ... |
@@ -15,6 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once('inc/base.php');
|
| 18 |
+require_once('inc/security.php');
|
|
| 18 | 19 |
|
| 19 | 20 |
function list_ftpusers() |
| 20 | 21 |
{
|
| ... | ... |
@@ -74,6 +75,10 @@ function save_ftpuser($data) |
| 74 | 75 |
$set_password = false; |
| 75 | 76 |
$password_hash = ''; |
| 76 | 77 |
if ($data['password'] != '') {
|
| 78 |
+ $result = strong_password($data['password']); |
|
| 79 |
+ if ($result !== true) {
|
|
| 80 |
+ system_failure("Unsicheres Passwort: ".$result);
|
|
| 81 |
+ } |
|
| 77 | 82 |
if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
|
| 78 | 83 |
$rounds = rand(1000, 5000); |
| 79 | 84 |
$salt = "rounds=".$rounds."$".random_string(8); |
| ... | ... |
@@ -83,7 +88,6 @@ function save_ftpuser($data) |
| 83 | 88 |
$password_hash = crypt($data['password'], "\$1\${$salt}\$");
|
| 84 | 89 |
} |
| 85 | 90 |
$set_password = true; |
| 86 |
- $password_query = "password='{$password_hash}', ";
|
|
| 87 | 91 |
} elseif (! $data['id']) {
|
| 88 | 92 |
system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
|
| 89 | 93 |
} |
| 90 | 94 |