#167 Prevent username = password

[Vaughan]

A small patch which prevents a user from setting his password as username & also prevents password being uname in reverse

simple hack really.

register.php

added: (line 151)

if ( (isset($pass)) && (isset($uname)) ) {
if ($pass == $uname) {
$stop .= _US_BADPWD.'
';
} elseif ($pass == strrev($uname)) {
$stop .= _US_BADPWD.'
';
}
}

edituser.php

added: (line 71)

$username = xoops_getLinkedUnameFromId($uid);

added: (line 91)

if ($password == $username || $password == strrev($username)) {
$errors[] = _US_BADPWD;
}

language/english/user.php

added:

define('_US_BADPWD','Bad Password, Username should not be used for password');

[Vaughan]