thies/loginpagefoo
Template
1
0
Fork 0
Code Issues4 Pull Requests Actions Packages Projects Releases Wiki Activity

added regex for password reset

Browse Source
This commit is contained in:
Thies Mueller 2021-01-08 20:44:05 +01:00
parent 3b6ad7ba69
commit 21ad06603c
1 changed files with 11 additions and 2 deletions

13
resetpass.php

@ -41,10 +41,19 @@ if(sha1($code) != $user['passwordcode']) {
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
$REnumber = preg_match('@[0-9]@', $password);
$REspecialChars = preg_match('@[^\w]@', $password);
if($password != $password_confirm) {
echo "password or confirmed password wrong";
} else {
}
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
echo '<color="red">Password needs to be more complex.</color><br />';
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i><br />';
$error = true;
} else {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));