FrontEndUsers v 1.6.4 - Change user settings - check for password length

[vilkis]

I have realized that in FrontEndUsers 1.6.4 module there is no check for password length in Change user settings.
So, a frontend user can change his password to that consisting of one character.

My approach:

in file action.do_userchangesettings.php I added the following code:

Code: Select all

//Vilkis BEGIN

	elseif( !$this->IsValidPassword($password ) && $password != '')
    {
		$params['error'] = 1;
		$minlen = $this->GetPreference('min_passwordlength', 6 );
		$maxlen = $this->GetPreference('max_passwordlength', 20 );
		$params['message'] = $this->Lang('error_invalidpassword',$minlen,$maxlen);
		$this->Redirect($id, 'changesettings', $returnid, $params );
    }

//Vilkis END

after lines

Code: Select all

    if( $password != $repeat && $password != '')
      {
	$params['error'] = 1;
	$params['message'] = $this->Lang('error_passwordmismatch');
	$this->Redirect($id, 'changesettings', $returnid, $params );
      }

Also I changed line in en_US.php

Code: Select all

$lang['error_invalidpassword'] = 'Invalid the length of password: it should be between %s and %s symbols';

It informs Frontenduser more clearly.

Vilkis

[tyman00]

Please post this in the Feature Request section of the FEU Module in the Forge. Thanks

[vilkis]

I treat it as a bug. I posted it in the bug tracker of forge on  Apr 01, 2009. I  posted my approach here just hoping it will help for somebody until it is corrected in FEU module.
Regards,

Vilkis

[tyman00]

That works too. The more I think of it, it probably is a bug. Thanks for posting though.