Merge branch 'staging/fixes' into staging/sync

Kristan Kenney · Kristan Kenney · commit 5f00e27c02a3 · 2020-08-12T02:28:43.000-03:00
diff --git a/web/add/db/index.php b/web/add/db/index.php
@@ -42,7 +42,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+         if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
@@ -123,7 +123,7 @@
     
     // Check password length
     if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input
diff --git a/web/add/user/index.php b/web/add/user/index.php
@@ -45,7 +45,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input
diff --git a/web/edit/db/index.php b/web/edit/db/index.php
@@ -63,8 +63,8 @@
 
     // Change database password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+             $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{ 
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
@@ -398,8 +398,8 @@
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{         
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/edit/user/index.php b/web/edit/user/index.php
@@ -100,7 +100,9 @@
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
         // Check password length
         $pw_len = strlen($_POST['v_password']);
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
+        } 
         if (empty($_SESSION['error_msg'])) {
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -385,3 +385,11 @@ function backendtpl_with_webdomains() {
     }
     return $backend_list;
 }
+/**
+ * Check if password is valid
+ *
+ * @return int; 1 / 0
+ */
+function validate_password($password){
+    return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password);
+}
diff --git a/web/templates/reset2fa.html b/web/templates/reset2fa.html
@@ -49,11 +49,6 @@
                                                     <input tabindex="1" type="text" size="20px" style="width:240px" name="twofa" class="vst-input">
                                                 </td>
                                             </tr>
-                                            <tr>
-                                                <td style="padding: 12px 0 0 2px;">
-                                                    <?php print __('RESET_NOTICE');?>
-                                                </td>
-                                            </tr>
                                             <tr>
                                                 <td style="padding: 20px 0 12px 0;">
                                                     <input tabindex="2" type="submit" value="<?php print __('Submit');?>" class="button">&nbsp;&nbsp;
diff --git a/web/templates/reset_1.html b/web/templates/reset_1.html
@@ -35,11 +35,6 @@
                                                     <input tabindex="1" type="text" size="20px" style="width:240px" name="email" class="vst-input">
                                                 </td>
                                             </tr>
-                                            <tr>
-                                                <td style="padding: 12px 0 0 2px;">
-                                                    <?php print __('RESET_NOTICE');?>
-                                                </td>
-                                            </tr>
                                             <tr>
                                                 <td style="padding: 20px 0 12px 0;">
                                                     <input tabindex="2" type="submit" value="<?php print __('Submit');?>" class="button">&nbsp;&nbsp;

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`
`43`	`43`	`// Check password length`
`44`	`44`	`if (empty($_SESSION['error_msg'])) {`
`45`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`45`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@`
`123`	`123`
`124`	`124`	`// Check password length`
`125`	`125`	`if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {`
`126`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`126`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@`
`45`	`45`
`46`	`46`	`// Check password length`
`47`	`47`	`if (empty($_SESSION['error_msg'])) {`
`48`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`48`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -385,3 +385,11 @@ function backendtpl_with_webdomains() {`
`385`	`385`	`}`
`386`	`386`	`return $backend_list;`
`387`	`387`	`}`
	`388`	`+/**`
	`389`	`+ * Check if password is valid`
	`390`	`+ *`
	`391`	`+ * @return int; 1 / 0`
	`392`	`+ */`
	`393`	`+function validate_password($password){`
	`394`	`+ return preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)(.){8,}$/', $password);`
	`395`	`+}`