public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-13 01:45:59 +00:00
Code Issues Releases Wiki Activity

Fixed password complexity check for AppPasswords

Browse Source
This commit is contained in:
Patrik Kernstock
2025-09-26 02:37:02 +02:00
parent 9133b9899c
commit 5b1b49a418
1 changed files with 10 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
data/web/inc/functions.app_passwd.inc.php
View File

@@ -43,20 +43,7 @@ function app_passwd($_action, $_data = null) {
); );
return false; return false;
} }
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { if (password_check($password, $password2) !== true) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_complexity'
);
return false;
}
if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_mismatch'
);
return false; return false;
} }
$password_hashed = hash_password($password); $password_hashed = hash_password($password);
@@ -126,20 +113,7 @@ function app_passwd($_action, $_data = null) {
} }
$app_name = htmlspecialchars(trim($app_name)); $app_name = htmlspecialchars(trim($app_name));
if (!empty($password) && !empty($password2)) { if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { if (password_check($password, $password2) !== true) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => 'password_complexity'
);
continue;
}
if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => 'password_mismatch'
);
continue; continue;
} }
$password_hashed = hash_password($password); $password_hashed = hash_password($password);
@@ -223,9 +197,7 @@ function app_passwd($_action, $_data = null) {
break; break;
case 'details': case 'details':
$app_passwd_data = array(); $app_passwd_data = array();
$stmt = $pdo->prepare("SELECT * $stmt = $pdo->prepare("SELECT * FROM `app_passwd` WHERE `id` = :id");
FROM `app_passwd`
WHERE `id` = :id");
$stmt->execute(array(':id' => $_data)); $stmt->execute(array(':id' => $_data));
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC); $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($app_passwd_data)) { if (empty($app_passwd_data)) {