Vaughan
-
2007-06-05
A small patch which prevents a user from setting his password as username & also prevents password being uname in reverse
simple hack really.
register.php
added: (line 151)
if ( (isset($pass)) && (isset($uname)) ) {
if ($pass == $uname) {
$stop .= _US_BADPWD.'
';
} elseif ($pass == strrev($uname)) {
$stop .= _US_BADPWD.'
';
}
}
edituser.php
added: (line 71)
$username = xoops_getLinkedUnameFromId($uid);
added: (line 91)
if ($password == $username || $password == strrev($username)) {
$errors[] = _US_BADPWD;
}
language/english/user.php
added:
define('_US_BADPWD','Bad Password, Username should not be used for password');