From 595ee7d37ad52329b336aef14432ff55d941f871 Mon Sep 17 00:00:00 2001 From: David Goodwin Date: Mon, 17 Dec 2007 07:01:50 +0000 Subject: [PATCH] users/password.php: add password length checking (thought I had already committed this!) (cboltz: what is the right string to use in the error message?) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@270 a1433add-5e2c-0410-b055-b7f2511e0802 --- users/password.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/users/password.php b/users/password.php index d550fbbe..5c979540 100644 --- a/users/password.php +++ b/users/password.php @@ -46,13 +46,17 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $fPassword = escape_string ($_POST['fPassword']); $fPassword2 = escape_string ($_POST['fPassword2']); + if(strlen($fPassword) < $CONF['min_password_length']) { + $error = 1; + flash_error($PALANG['pPassword_password_too_short_error']; + } $username = $USERID_USERNAME; $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username'"); if ($result['rows'] == 1) { $row = db_array ($result['result']); - $checked_password = pacrypt ($fPassword_current, $row['password']); + $checked_password = pacrypt($fPassword_current, $row['password']); $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username' AND password='$checked_password'"); if ($result['rows'] != 1)