hestiacp#1032 Min password length missing

Closes hestiacp#1032, hestiacp#1031 and hestiacp#1027
Enforces minumum password length of 8 char and specific format
Added "visiual indicator for requirements password"

Enforces minum length of name same as /add/user/

Added checkbox to block copie email to notify box

Css files in header Synced cache method with .js files

Author: jaapmarcus

web/add/user/index.php

@@ -45,8 +45,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input

web/css/src/styles.css

@@ -3973,3 +3973,29 @@ form#vstobjects.suspended {
     display: none;
   }
 }
+
+meter {
+  /* Reset the default appearance */
+  -webkit-appearance: none;
+     -moz-appearance: none;
+          appearance: none;
+  margin: 0 auto 1em;
+  width: 380px;
+  background-color: grey;
+}
+meter[value="1"] { background: red; }
+meter[value="2"] { background: orange; }
+meter[value="3"] { background: yellow; }
+meter[value="4"] { background: green; }
+
+/* Webkit based browsers */
+meter[value="1"]::-webkit-meter-optimum-value { background: red; }
+meter[value="2"]::-webkit-meter-optimum-value { background: orange; }
+meter[value="3"]::-webkit-meter-optimum-value { background: yellow; }
+meter[value="4"]::-webkit-meter-optimum-value { background: green; }
+
+/* Gecko based browsers */
+meter[value="1"]::-moz-meter-bar { background: red; }
+meter[value="2"]::-moz-meter-bar { background: orange; }
+meter[value="3"]::-moz-meter-bar { background: yellow; }
+meter[value="4"]::-moz-meter-bar { background: green; }

web/css/styles.min.css

@@ -98,15 +98,20 @@
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        // Check password length
+        $pw_len = strlen($_POST['v_password']);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (empty($_SESSION['error_msg'])) {
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Enable twofa
@@ -184,11 +189,15 @@
 
     // Change full name
     if ($v_name != $_POST['v_name']){
-        $v_name = escapeshellarg($_POST['v_name']);
-        exec (HESTIA_CMD."v-change-user-name ".escapeshellarg($v_username). " ". "$v_name", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_name = $_POST['v_name'];
+            if (empty($_POST['v_name'])) {
+                 $_SESSION['error_msg'] = __('Please enter a valid name');
+            }else{
+                $v_name = escapeshellarg($_POST['v_name']);
+                exec (HESTIA_CMD."v-change-user-name ".escapeshellarg($v_username). " ".$v_name, $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output);
+                $v_name = $_POST['v_name'];
+            }
     }
 
     // Change NameServers

web/edit/user/index.php

@@ -1,17 +1,60 @@
 $(function() {
     $('#v_email').change(function() {
-        document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        if($('#v_email_notify').attr('checked')){
+            document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        }
     });
+    $('#v_email_notify').change(function() {
+        if($('#v_email_notify').attr('checked')){
+            document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        }else{
+            document.getElementById('v_notify').value = '';
+        }
+    });    
 });
 
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_user.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.WEB.update_v_password();
+    }    
 }
+
+App.Actions.WEB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.WEB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.WEB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.WEB.keypress_v_password();

web/js/pages/add_user.js

@@ -1,14 +1,46 @@
-function randomString() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_user.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+    }    
 }
 
+App.Actions.WEB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.WEB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.WEB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+App.Listeners.WEB.keypress_v_password();
+
+
 $(document).ready(function(){
     $('.add-ns-button').click(function(){
         var n = $('input[name^=v_ns]').length;

web/js/pages/edit_user.js

@@ -68,7 +68,18 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>" tabindex="2" >
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>" tabindex="2" /><br />
+                                    <meter max="4" id="meter"></meter>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <p><?php print('Your password must have at least');?></p>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
                                 </td>
                             </tr>
                             <tr>
@@ -90,6 +101,11 @@
                                 <td>
                                     <input type="text" size="20" class="vst-input" name="v_email" id='v_email' value="<?=htmlentities(trim($v_email, "'"))?>" tabindex="5" >
                                 </td>
+                            </tr>
+                             <tr>
+                                <td>
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_email_notice" id='v_email_notify' value="" tabindex="5" /> <?php print __('Send welcome email');?></label>
+                                </td>
                             </tr>
                             <tr>
                                 <td class="vst-text input-label" name="v_package">

web/templates/admin/add_user.html

@@ -73,9 +73,21 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>
                                 </td>
                             </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <p id="password-strength-text"></p>
+                                    <p><?php print('Your password must have at least');?></p>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>                            
                             <tr>
                                 <td>
                                     <label><input type="checkbox" class="vst-checkbox password-option" name="v_twofa" <?php if(!empty($v_twofa)) echo "checked=yes" ?>> <?php print __('Enable 2FA');?></label>

web/templates/admin/edit_user.html

@@ -4,11 +4,11 @@
   <meta charset="utf-8">
   <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
   <title><?php echo $_SERVER['HTTP_HOST']; ?> - <?=__($TAB)?> - <?=__('Hestia Control Panel');?></title>
-  <link type="text/css" rel="stylesheet" href="/css/styles.min.css?1446554106" />
+  <link type="text/css" rel="stylesheet" href="/css/styles.min.css?<?php echo JS_LATEST_UPDATE; ?>" />
   <link type="text/css" rel="stylesheet" href="/css/active-theme.css?<?php echo rand(); ?>" />
-  <link type="text/css" href="/css/animate.min.css?1446554103" rel="stylesheet" />
-  <link type="text/css" href="/css/jquery-custom-dialogs.css?1446554103" rel="stylesheet" />
-  <link type="text/css" href="/css/all.min.css?1446554103" rel="stylesheet" />
+  <link type="text/css" href="/css/animate.min.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
+  <link type="text/css" href="/css/jquery-custom-dialogs.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
+  <link type="text/css" href="/css/all.min.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
   <script src="/inc/jquery/jquery-3.4.1.min.js"></script>
   <script>
     //

web/templates/header.html

@@ -73,9 +73,20 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>       
                                 </td>
                             </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <p><?php print('Your password must have at least');?></p>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>                            
                             <tr>
                                 <td>
                                     <label><input type="checkbox" class="vst-checkbox password-option" name="v_twofa" <?php if(!empty($v_twofa)) echo "checked=yes" ?>> <?php print __('Enable 2FA');?></label>