Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/16/2021 06:16:38 PM (3 years ago)
Author:
imath
Message:

Introduce a new constant/filter to enforce strong password in BP areas

You can now use the BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH constant or alternatively the 'bp_members_user_pass_required_strength' filter to force members to use password satisfying a strength score from 4 (strong) to 1 (weak). For instance use define ( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH', 4 ); to enforce strong passwords.

This setting will only be applied to these 2 BuddyPress specific areas:

  • the registration form,
  • the General User's front-end profile settings tab.

PS: this commit also removes completely the password-verify script from the BP Nouveau Template Pack which was deprecated since BuddyPress 5.0.

Props niftythree, dcavins

Fixes #8589

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/screens/register.php

    r13170 r13189  
    1616    $bp = buddypress();
    1717
    18     if ( ! bp_is_current_component( 'register' ) || bp_current_action() )
     18    if ( ! bp_is_current_component( 'register' ) || bp_current_action() ) {
    1919        return;
     20    }
    2021
    2122    // Not a directory.
     
    8889        }
    8990
    90         $signup_pass = '';
    91         if ( isset( $_POST['signup_password'] ) ) {
    92             $signup_pass = wp_unslash( $_POST['signup_password'] );
    93         }
    94 
    95         $signup_pass_confirm = '';
    96         if ( isset( $_POST['signup_password_confirm'] ) ) {
    97             $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] );
    98         }
    99 
    100         // Check the account password for problems.
    101         $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm );
    102         $password_error   = $account_password->get_error_message();
     91        // Password strength check.
     92        $required_password_strength = bp_members_user_pass_required_strength();
     93        $current_password_strength  = null;
     94        if ( isset( $_POST['_password_strength_score'] ) ) {
     95            $current_password_strength = (int) $_POST['_password_strength_score'];
     96        }
     97
     98        if ( $required_password_strength && ! is_null( $current_password_strength ) && $required_password_strength > $current_password_strength ) {
     99            $account_password = new WP_Error(
     100                'not_strong_enough_password',
     101                __( 'Your password is not strong enougth to be allowed on this site. Please use a stronger password.', 'buddypress' )
     102            );
     103        } else {
     104            $signup_pass = '';
     105            if ( isset( $_POST['signup_password'] ) ) {
     106                $signup_pass = wp_unslash( $_POST['signup_password'] );
     107            }
     108
     109            $signup_pass_confirm = '';
     110            if ( isset( $_POST['signup_password_confirm'] ) ) {
     111                $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] );
     112            }
     113
     114            // Check the account password for problems.
     115            $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm );
     116        }
     117
     118        $password_error = $account_password->get_error_message();
    103119
    104120        if ( $password_error ) {
Note: See TracChangeset for help on using the changeset viewer.