Add exposed password check to manual password change

2025-06-16 20:05:14 +02:00 · 2018-03-21 01:33:35 -04:00 · 2018-03-21 01:33:35 -04:00 · ca13570251
commit ca13570251
parent d34a92ab2b
2 changed files with 19 additions and 1 deletions
--- a/mod/settings.php
+++ b/mod/settings.php
@ -390,6 +390,11 @@ function settings_post(App $a)
 			$err = true;
        }

+		if (User::checkPasswordExposed($newpass)) {
+			notice(L10n::t('The new password has been exposed in a public data dump, please choose another.') . EOL);
+			$err = true;
+		}
+
        //  check if the old password was supplied correctly before changing it to the new value
        if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
            notice(L10n::t('Wrong password.') . EOL);