Permalink
Browse files

Password validation for subscriptions added

  • Loading branch information...
0bitus committed Aug 1, 2017
1 parent fe4323d commit d86b7b1571633a271cbfc73b075a70664a974928
Showing with 6 additions and 0 deletions.
  1. +1 −0 config/mainconf.php
  2. +1 −0 l10n/EN.php
  3. +4 −0 process/subscription.php
View
@@ -26,6 +26,7 @@
$CONF["user"]["expire"] = 24; // Time (h) after the user will be deleted if not confirmed
$CONF["notification"] = ["twoMonth" => "2 months", "twoWeeks" => "2 weeks"]; // Notification settings
$CONF["tc_required"] = TRUE; // terms and conditions have to be accepted
$CONF["pass_filter"] = "A-Za-z0-9\-\._~"; // regular expression for subscription password filtering
$PATH_htpasswd = "HTPASSWD"; // absolute filepath to .htpasswd which contains username and password
View
@@ -309,6 +309,7 @@
$LOCAL["msg"]["error"]["empty_password"] = "Enter Password";
$LOCAL["msg"]["error"]["email_auth"] = "Corresponding User not found.";
$LOCAL["msg"]["error"]["invalid_password_confirm"] = "Enter Password (confirm) same as Password";
$LOCAL["msg"]["error"]["invalid_password"] = "Allowed characters: A-Z, a-z, 0-9, -._~";
$LOCAL["msg"]["error"]["empty_subscription_list"] = "Please select some subscriptions first";
$LOCAL["msg"]["error"]["empty_termsconditions"] = "Please confirm the terms and conditions";
$LOCAL["msg"]["error"]["user_register"] = "<b>User '###EMAIL###' could not be created:</b><br/>###ERRORMSG###";
View
@@ -59,13 +59,17 @@
break;
case "setpass":
$passExpression = "/^[".$CONF["pass_filter"]."]+$/";
if (empty($_POST["target"]) || !is_numeric($_POST["target"])) {
echo Helper::jsonResponse(FALSE, "error", $LOCAL["msg"]["error"]["no_subscription_id"]);
exit();
}
if (empty($_POST["password"])) {
echo Helper::jsonResponse(FALSE, "error", $LOCAL["msg"]["error"]["empty_password"]);
exit();
} elseif (!preg_match($passExpression, $_POST["password"])) {
echo Helper::jsonResponse(FALSE, "error", $LOCAL["msg"]["error"]["invalid_password"]);
exit();
} elseif (empty($_POST["password_confirm"]) || $_POST["password_confirm"] != $_POST["password"]) {
echo Helper::jsonResponse(FALSE, "error", $LOCAL["msg"]["error"]["invalid_password_confirm"]);
exit();

0 comments on commit d86b7b1

Please sign in to comment.