Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/16/2021 06:16:38 PM (4 years ago)
Author:
imath
Message:

Introduce a new constant/filter to enforce strong password in BP areas

You can now use the BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH constant or alternatively the 'bp_members_user_pass_required_strength' filter to force members to use password satisfying a strength score from 4 (strong) to 1 (weak). For instance use define ( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH', 4 ); to enforce strong passwords.

This setting will only be applied to these 2 BuddyPress specific areas:

  • the registration form,
  • the General User's front-end profile settings tab.

PS: this commit also removes completely the password-verify script from the BP Nouveau Template Pack which was deprecated since BuddyPress 5.0.

Props niftythree, dcavins

Fixes #8589

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-members/bp-members-functions.php

    r13170 r13189  
    37643764    return is_multisite() && in_array( bp_core_get_root_option( 'registration' ), $matches, true );
    37653765}
     3766
     3767/**
     3768 * Returns the strength score a password needs to have to be used by a member.
     3769 *
     3770 * Score => Allowed Strength.
     3771 * 0     => any passwords.
     3772 * 1     => at least short passwords.
     3773 * 2     => at least weak passwords.
     3774 * 3     => at least good passwords.
     3775 * 4     => at least strong passwords.
     3776 *
     3777 * @since 10.0.0
     3778 *
     3779 * @return int the strength score a password needs to have to be used by a member.
     3780 */
     3781function bp_members_user_pass_required_strength() {
     3782    $default_strength = 0;
     3783    if ( defined( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH' ) && BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH ) {
     3784        $default_strength = (int) BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH;
     3785    }
     3786
     3787    /**
     3788     * Filter here to raise the strength score user passwords need to reach to be allowed.
     3789     *
     3790     * @since 10.0.0
     3791     *
     3792     * @param int $default_strength The strength score user passwords need to reach to be allowed.
     3793     */
     3794    return (int) apply_filters( 'bp_members_user_pass_required_strength', $default_strength );
     3795}
Note: See TracChangeset for help on using the changeset viewer.