thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

added regex for password reset

Browse Source
This commit is contained in:
Thies Mueller 2021-01-08 20:44:05 +01:00
parent 3b6ad7ba69
commit 21ad06603c
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
resetpass.php
View File

@ -41,9 +41,18 @@ if(sha1($code) != $user['passwordcode']) {
if(isset($_GET['send'])) { if(isset($_GET['send'])) {
$password = $_POST['password']; $password = $_POST['password'];
$password_confirm = $_POST['password_confirm']; $password_confirm = $_POST['password_confirm'];
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
$REnumber = preg_match('@[0-9]@', $password);
$REspecialChars = preg_match('@[^\w]@', $password);
if($password != $password_confirm) { if($password != $password_confirm) {
echo "password or confirmed password wrong"; echo "password or confirmed password wrong";
}
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
echo '<color="red">Password needs to be more complex.</color><br />';
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i><br />';
$error = true;
} else { } else {
$passwordhash = password_hash($password, PASSWORD_DEFAULT); $passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid"); $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");