Password Policy does not apply on page "profile.php"

  • Resolved zempachi

    (@zempachi)


    10 years, 5 months ago

    Hello,

    i am working on a WordPress where your plugin is installed.

    I have notice that the rules set by the pulgin are not applied on the page profile.php, for example when a user wants to reset his password.

    Is there something we have missed ?

    I try to log the processus called on profile.php and i notice that the method “user_profile_update_errors” is called on this page.
    So should i modify this method to apply the rules like it is done on the method “wp_authenticate_user” ?

    Thank you for your help

    Best regards

    https://www.ads-software.com/plugins/wp-password-policy-manager/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter zempachi

    (@zempachi)

    Hello,

    i try to adapt the existing code by adding, at the beginning of the method “user_profile_update_errors”, the following lines:

    $newpassword= $user->user_pass;
if($newpassword == $user->user_login)
	$errors->add( 'pass', __( '<strong>ERROR</strong>: New password cannot be the same as the username.' ), array( 'form-field' => 'pass1' ) );
if($newpassword == $user->user_email)
	$errors->add( 'pass', __( '<strong>ERROR</strong>: New password cannot be the same as the email.' ), array( 'form-field' => 'pass1' ) );
if(($c = $this->GetPasswordLen()) != 0)
	if(strlen($newpassword) < $c)
		$errors->add( 'pass', sprintf(__('<strong>ERROR</strong>: New password must contain at least %d characters.'), $c), array( 'form-field' => 'pass1' ) );
if($this->IsPolicyEnabled(self::POLICY_MIXCASE))
	if(strtolower($newpassword) == $newpassword)
		$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain both uppercase and lowercase characters.' ), array( 'form-field' => 'pass1' ) );
if($this->IsPolicyEnabled(self::POLICY_NUMBERS))
	if(!preg_match('/[0-9]/', $newpassword))
		$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain numbers.' ), array( 'form-field' => 'pass1' ) );
if($this->IsPolicyEnabled(self::POLICY_SPECIAL))
	if(!preg_match('/[_\W]/', $newpassword))
		$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain special characters.' ), array( 'form-field' => 'pass1' ) );

    which gives :

    public function user_profile_update_errors($errors, $update, $user){
	//Tests adapted from the method wp_authenticate_user()
	$newpassword= $user->user_pass;
	if($newpassword == $user->user_login)
		$errors->add( 'pass', __( '<strong>ERROR</strong>: New password cannot be the same as the username.' ), array( 'form-field' => 'pass1' ) );
	if($newpassword == $user->user_email)
		$errors->add( 'pass', __( '<strong>ERROR</strong>: New password cannot be the same as the email.' ), array( 'form-field' => 'pass1' ) );
	if(($c = $this->GetPasswordLen()) != 0)
		if(strlen($newpassword) < $c)
			$errors->add( 'pass', sprintf(__('<strong>ERROR</strong>: New password must contain at least %d characters.'), $c), array( 'form-field' => 'pass1' ) );
	if($this->IsPolicyEnabled(self::POLICY_MIXCASE))
		if(strtolower($newpassword) == $newpassword)
			$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain both uppercase and lowercase characters.' ), array( 'form-field' => 'pass1' ) );
	if($this->IsPolicyEnabled(self::POLICY_NUMBERS))
		if(!preg_match('/[0-9]/', $newpassword))
			$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain numbers.' ), array( 'form-field' => 'pass1' ) );
	if($this->IsPolicyEnabled(self::POLICY_SPECIAL))
		if(!preg_match('/[_\W]/', $newpassword))
			$errors->add( 'pass', __( '<strong>ERROR</strong>: New password must contain special characters.' ), array( 'form-field' => 'pass1' ) );

	$update = $update; // stops IDE from complaining -_-
	if (!$errors->get_error_data('pass') && !$errors->get_error_data('expired_password'))
		update_user_option($user->ID, self::OPT_NAME_UPM, time());
}

    EDIT: thoses modifications should be added in the file wp-password-policy-manager.php.
    And the version of the pulgin is “0.2”

    Plugin Author WPWhiteSecurity

    (@wpwhitesecurity)

    HI zempachi,

    We kind of neglegted this plugin a bit because we were focusing on our other plugin WP Security Audit Log, though now we are finally focusing on this plugin again.

    We will be releasing a new much more improved version of this plugin within a few weeks so stay tuned. The new plugin will contain some cool features and addresses this problem you are mentioning here.

    Should you wish to be updated on the progress of this plugin, I would recommend you to subscribe to our plugins newsletter.

    Sorry for the delay in replying but as I said, stay tuned!

    Plugin Author WPWhiteSecurity

    (@wpwhitesecurity)

    Hi Zempachi,

    This feature is included in the latest version (0.3) which we released today ?? Check it out and let us know what do you think.

    Have a great day.

    Hi I am using Dokan Plguin and There is registraion page. So I installed Password policy manager Plugin, But It is not applying.

    Please help me.

    Thanks
    Sanjeev

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Password Policy does not apply on page "profile.php"’ is closed to new replies.