Fix hestiacp#1062 passwords not accepting special chars

Author: jaapmarcus

web/add/db/index.php

@@ -42,7 +42,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+         if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input

web/add/mail/index.php

@@ -123,7 +123,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input

web/add/user/index.php

@@ -45,7 +45,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input

web/edit/db/index.php

@@ -63,8 +63,8 @@
 
     // Change database password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+             $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{ 
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");

web/edit/mail/index.php

@@ -398,8 +398,8 @@
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{         
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");

web/edit/user/index.php

@@ -100,7 +100,9 @@
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
         // Check password length
         $pw_len = strlen($_POST['v_password']);
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
+        } 
         if (empty($_SESSION['error_msg'])) {
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");

web/inc/main.php

@@ -385,3 +385,11 @@ function backendtpl_with_webdomains() {
     }
     return $backend_list;
 }
+/**
+ * Check if password is valid
+ *
+ * @return int; 1 / 0
+ */
+function validate_password($password){
+    return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password);
+}