diff --git src/bp-members/bp-members-functions.php src/bp-members/bp-members-functions.php index 93fd7cafd..f6ae3421a 100644 --- src/bp-members/bp-members-functions.php +++ src/bp-members/bp-members-functions.php @@ -3694,3 +3694,56 @@ function bp_get_members_invitation_from_request() { */ return apply_filters( 'bp_get_members_invitation_from_request', $invite ); } + +/** + * Returns the strength score a password needs to have to be used by a member. + * + * Score => Allowed Strength. + * 0 => any passwords. + * 1 => at least short passwords. + * 2 => at least weak passwords. + * 3 => at least good passwords. + * 4 => at least strong passwords. + * + * @since 10.0.0 + * + * @return int the strength score a password needs to have to be used by a member. + */ +function bp_members_user_pass_required_strength() { + $default_strength = 0; + if ( defined( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH' ) && BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH ) { + $default_strength = (int) BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH; + } + + /** + * Filter here to raise the strength score user passwords need to reach to be allowed. + * + * @since 10.0.0 + * + * @param int $default_strength The strength score user passwords need to reach to be allowed. + */ + return (int) apply_filters( 'bp_members_user_pass_required_strength', $default_strength ); +} + +/** + * Returns the description for the password required strength score. + * + * @since 10.0.0 + * + * @param int the strength score to get the required description for. + * @return string|array The score description of the list of descriptions. + */ +function bp_members_user_pass_required_strength_description( $score = 0 ) { + $score_descriptions = array( + '1' => __( 'Your password must be short/very weak at least to be allowed on this site.', 'buddypress' ), + '2' => __( 'Your password must be weak at least to be allowed on this site.', 'buddypress' ), + '3' => __( 'Your password must be good/medium at least to be allowed on this site.', 'buddypress' ), + '4' => __( 'Your password must be strong to be allowed on this site.', 'buddypress' ), + ); + + if ( $score && isset( $score_descriptions[ $score ] ) ) { + return $score_descriptions[ $score ]; + } + + return $score_descriptions; +} diff --git src/bp-members/screens/register.php src/bp-members/screens/register.php index 77929c442..eca25583b 100644 --- src/bp-members/screens/register.php +++ src/bp-members/screens/register.php @@ -15,8 +15,9 @@ function bp_core_screen_signup() { $bp = buddypress(); - if ( ! bp_is_current_component( 'register' ) || bp_current_action() ) + if ( ! bp_is_current_component( 'register' ) || bp_current_action() ) { return; + } // Not a directory. bp_update_is_directory( false, 'register' ); @@ -85,19 +86,34 @@ function bp_core_screen_signup() { $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0]; } - $signup_pass = ''; - if ( isset( $_POST['signup_password'] ) ) { - $signup_pass = wp_unslash( $_POST['signup_password'] ); + // Password strength check. + $required_password_strength = bp_members_user_pass_required_strength(); + $current_password_strength = null; + if ( isset( $_POST['_password_strength_score'] ) ) { + $current_password_strength = (int) $_POST['_password_strength_score']; } - $signup_pass_confirm = ''; - if ( isset( $_POST['signup_password_confirm'] ) ) { - $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] ); + if ( $required_password_strength && ! is_null( $current_password_strength ) && $required_password_strength > $current_password_strength ) { + $account_password = new WP_Error( + 'not_strong_enough_password', + __( 'Your password is not strong enougth to be allowed on this site. Please use a stronger password.', 'buddypress' ) + ); + } else { + $signup_pass = ''; + if ( isset( $_POST['signup_password'] ) ) { + $signup_pass = wp_unslash( $_POST['signup_password'] ); + } + + $signup_pass_confirm = ''; + if ( isset( $_POST['signup_password_confirm'] ) ) { + $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] ); + } + + // Check the account password for problems. + $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm ); } - // Check the account password for problems. - $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm ); - $password_error = $account_password->get_error_message(); + $password_error = $account_password->get_error_message(); if ( $password_error ) { $bp->signup->errors['signup_password'] = $password_error; diff --git src/bp-settings/actions/general.php src/bp-settings/actions/general.php index 43e2be5d7..5de59e80c 100644 --- src/bp-settings/actions/general.php +++ src/bp-settings/actions/general.php @@ -73,7 +73,6 @@ function bp_settings_action_general() { // User is changing email address. if ( $old_user_email !== $user_email ) { - // Run some tests on the email address. $email_checks = bp_core_validate_email_address( $user_email ); @@ -134,18 +133,33 @@ function bp_settings_action_general() { if ( ! empty( $_POST['pass1'] ) && ! empty( $_POST['pass2'] ) ) { $pass = wp_unslash( $_POST['pass1'] ); $pass_confirm = wp_unslash( $_POST['pass2'] ); - $pass_error = bp_members_validate_user_password( $pass, $pass_confirm, $update_user ); - - if ( ! $pass_error->get_error_message() ) { - // Password change attempt is successful. - if ( ( ! empty( $_POST['pwd'] ) && wp_unslash( $_POST['pwd'] ) !== $pass ) || is_super_admin() ) { - $update_user['user_pass'] = $_POST['pass1']; - $pass_error = false; - $pass_changed = true; - - // The new password is the same as the current password. - } else { - $pass_error->add( 'same_user_password', __( 'The new password must be different from the current password.', 'buddypress' ) ); + + // Password strength check. + $required_password_strength = bp_members_user_pass_required_strength(); + $current_password_strength = null; + if ( isset( $_POST['_password_strength_score'] ) ) { + $current_password_strength = (int) $_POST['_password_strength_score']; + } + + if ( $required_password_strength && ! is_null( $current_password_strength ) && $required_password_strength > $current_password_strength ) { + $pass_error = new WP_Error( + 'not_strong_enough_password', + __( 'Your password is not strong enougth to be allowed on this site. Please use a stronger password.', 'buddypress' ) + ); + } else { + $pass_error = bp_members_validate_user_password( $pass, $pass_confirm, $update_user ); + + if ( ! $pass_error->get_error_message() ) { + // Password change attempt is successful. + if ( ( ! empty( $_POST['pwd'] ) && wp_unslash( $_POST['pwd'] ) !== $pass ) || is_super_admin() ) { + $update_user['user_pass'] = $_POST['pass1']; + $pass_error = false; + $pass_changed = true; + + // The new password is the same as the current password. + } else { + $pass_error->add( 'same_user_password', __( 'The new password must be different from the current password.', 'buddypress' ) ); + } } } diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php index b9855f13a..df764d938 100644 --- src/bp-templates/bp-legacy/buddypress-functions.php +++ src/bp-templates/bp-legacy/buddypress-functions.php @@ -337,7 +337,14 @@ class BP_Legacy extends BP_Theme_Compat { ) ); // Enqueue script. - wp_enqueue_script( $asset['handle'] . '-password-verify', $asset['location'], $dependencies, $this->version); + wp_enqueue_script( $asset['handle'] . '-password-verify', $asset['location'], $dependencies, $this->version ); + wp_localize_script( + $asset['handle'] . '-password-verify', + 'bpPasswordVerify', + bp_members_user_pass_required_strength_description() + array( + 'requiredPassStrength' => bp_members_user_pass_required_strength(), + ) + ); } // Star private messages. diff --git src/bp-templates/bp-legacy/js/password-verify.js src/bp-templates/bp-legacy/js/password-verify.js index 58d73c7bd..48df522fa 100644 --- src/bp-templates/bp-legacy/js/password-verify.js +++ src/bp-templates/bp-legacy/js/password-verify.js @@ -6,7 +6,12 @@ function check_pass_strength() { var pass1 = $( '.password-entry' ).val(), pass2 = $( '.password-entry-confirm' ).val(), - strength; + currentForm = $( '.password-entry' ).closest( 'form' ), + strength, requiredStrength; + + if ( 'undefined' !== typeof window.bpPasswordVerify && window.bpPasswordVerify.requiredPassStrength ) { + requiredStrength = parseInt( window.bpPasswordVerify.requiredPassStrength, 10 ); + } // Reset classes and result text $( '#pass-strength-result' ).removeClass( 'short bad good strong' ); @@ -39,6 +44,28 @@ $( '#pass-strength-result' ).addClass( 'short' ).html( pwsL10n['short'] ); break; } + + if ( requiredStrength && 4 >= requiredStrength ) { + if ( ! $( currentForm ).find( '#password-information' ).length ) { + $( '.password-entry' ).before( + $( '

' ).prop( 'id', 'password-information' ) + .addClass( 'description' ) + .html( bpPasswordVerify[ requiredStrength ] ) + ); + } + + if ( ! $( currentForm ).find( '#password-strength-score' ).length ) { + $( currentForm ).prepend( + $('').prop( { + id: 'password-strength-score', + type: 'hidden', + 'name': '_password_strength_score' + } ) + ); + } + + $( '#password-strength-score' ).val( strength ); + } } // Bind check_pass_strength to keyup events in the password fields diff --git src/bp-templates/bp-nouveau/buddypress-functions.php src/bp-templates/bp-nouveau/buddypress-functions.php index bff080da0..cc8dedee5 100644 --- src/bp-templates/bp-nouveau/buddypress-functions.php +++ src/bp-templates/bp-nouveau/buddypress-functions.php @@ -532,6 +532,13 @@ class BP_Nouveau extends BP_Theme_Compat { $params['customizer_settings'] = bp_nouveau_get_temporary_setting( 'any' ); } + $required_password_strength = bp_members_user_pass_required_strength(); + if ( $required_password_strength ) { + $params['bpPasswordVerify'] = bp_members_user_pass_required_strength_description() + array( + 'requiredPassStrength' => bp_members_user_pass_required_strength(), + ); + } + /** * Filters core JavaScript strings for internationalization before AJAX usage. * diff --git src/bp-templates/bp-nouveau/includes/template-tags.php src/bp-templates/bp-nouveau/includes/template-tags.php index 7b804a082..2004d2229 100644 --- src/bp-templates/bp-nouveau/includes/template-tags.php +++ src/bp-templates/bp-nouveau/includes/template-tags.php @@ -2370,6 +2370,10 @@ function bp_nouveau_signup_form( $section = 'account_details' ) { if ( 'signup_password' === $name ) { ?> + signup->errors['signup_password'] ) ) : + nouveau_error_template( buddypress()->signup->errors['signup_password'] ); + endif; ?> +
diff --git src/bp-templates/bp-nouveau/js/buddypress-nouveau.js src/bp-templates/bp-nouveau/js/buddypress-nouveau.js index 8d12b914b..695891669 100644 --- src/bp-templates/bp-nouveau/js/buddypress-nouveau.js +++ src/bp-templates/bp-nouveau/js/buddypress-nouveau.js @@ -2,7 +2,7 @@ /* jshint devel: true */ /* jshint browser: true */ /* @since 3.0.0 */ -/* @version 8.0.0 */ +/* @version 10.0.0 */ window.wp = window.wp || {}; window.bp = window.bp || {}; @@ -468,6 +468,11 @@ window.bp = window.bp || {}; // Pagination. $( '#buddypress [data-bp-list]' ).on( 'click', '[data-bp-pagination] a', this, this.paginateAction ); + + // Password updates. + if ( BP_Nouveau.bpPasswordVerify && BP_Nouveau.bpPasswordVerify.requiredPassStrength ) { + $( '#pass1' ).on( 'input pwupdate', this.checkPassStrength ); + } }, /** Event Callbacks ***********************************************************/ @@ -823,6 +828,47 @@ window.bp = window.bp || {}; // Request the page. self.objectRequest( queryData ); + }, + + checkPassStrength: function( event ) { + var bpPasswordVerify = BP_Nouveau.bpPasswordVerify, strength, + requiredStrength = parseInt( bpPasswordVerify.requiredPassStrength, 10 ), + pass1 = $( event.currentTarget ).val(), pass2 = $( '#pass2' ).val(), + currentForm = $( event.currentTarget ).closest( 'form' ); + + + // wp.passwordStrength.userInputBlacklist() has been deprecated in WP 5.5.0. + if ( 'function' === typeof wp.passwordStrength.userInputDisallowedList ) { + strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass2 ); + } else { + strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass2 ); + } + + if ( requiredStrength && 4 >= requiredStrength ) { + if ( ! $( currentForm ).find( '#password-information' ).length ) { + $( event.currentTarget ).before( + $( '

' ).prop( 'id', 'password-information' ) + .addClass( 'description' ) + .html( bpPasswordVerify[ requiredStrength ] ) + ); + } + + if ( ! $( currentForm ).find( '#password-strength-score' ).length ) { + $( currentForm ).prepend( + $('').prop( { + id: 'password-strength-score', + type: 'hidden', + 'name': '_password_strength_score' + } ) + ); + } + + $( '#password-strength-score' ).val( strength ); + + if ( requiredStrength > strength ) { + $( '.pw-weak' ).remove(); + } + } } };