Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#167 Prevent username = password

open
nobody
5
2012-09-25
2007-06-05
Vaughan
No

A small patch which prevents a user from setting his password as username & also prevents password being uname in reverse

simple hack really.

register.php

added: (line 151)

if ( (isset($pass)) && (isset($uname)) ) {
if ($pass == $uname) {
$stop .= _US_BADPWD.'
';
} elseif ($pass == strrev($uname)) {
$stop .= _US_BADPWD.'
';
}
}

edituser.php

added: (line 71)

$username = xoops_getLinkedUnameFromId($uid);

added: (line 91)

if ($password == $username || $password == strrev($username)) {
$errors[] = _US_BADPWD;
}

language/english/user.php

added:

define('_US_BADPWD','Bad Password, Username should not be used for password');

Discussion

  • Vaughan
    Vaughan
    2007-06-05

     
    Attachments