Merge pull request #6780 from patschi/fix-pwcomplexity-apppasswds

Fixed password complexity check for AppPasswords creation/edit
2025-10-04 00:02:07 -04:00 · 2025-09-29 11:53:26 +02:00 · 2025-09-29 11:53:26 +02:00 · 2e7eb7c0fd
commit 2e7eb7c0fd
parent 4c83147d01 5b1b49a418
1 changed files with 10 additions and 38 deletions
--- a/data/web/inc/functions.app_passwd.inc.php
+++ b/data/web/inc/functions.app_passwd.inc.php
@ -43,20 +43,7 @@ function app_passwd($_action, $_data = null) {
        );
        return false;
      }
-      if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'password_complexity'
-        );
-        return false;
-      }
-      if ($password != $password2) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'password_mismatch'
-        );
+      if (password_check($password, $password2) !== true) {
        return false;
      }
      $password_hashed = hash_password($password);
@ -126,20 +113,7 @@ function app_passwd($_action, $_data = null) {
        }
        $app_name = htmlspecialchars(trim($app_name));
        if (!empty($password) && !empty($password2)) {
-          if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'password_complexity'
-            );
-            continue;
-          }
-          if ($password != $password2) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'password_mismatch'
-            );
+          if (password_check($password, $password2) !== true) {
            continue;
          }
          $password_hashed = hash_password($password);
@ -223,9 +197,7 @@ function app_passwd($_action, $_data = null) {
      break;
    case 'details':
      $app_passwd_data = array();
-      $stmt = $pdo->prepare("SELECT *
-          FROM `app_passwd`
-            WHERE `id` = :id");
+      $stmt = $pdo->prepare("SELECT * FROM `app_passwd` WHERE `id` = :id");
      $stmt->execute(array(':id' => $_data));
      $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
      if (empty($app_passwd_data)) {