Changeset 1762265
- Timestamp:
- 11/09/2017 08:23:40 PM (7 years ago)
- Location:
- force-strong-passwords/trunk
- Files:
-
- 1 deleted
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
force-strong-passwords/trunk/readme.txt
r1668023 r1762265 3 3 Donate link: https://www.girldevelopit.com/donate 4 4 Tags: passwords, security, users, profile 5 Requires at least: 3. 56 Tested up to: 4. 87 Stable tag: 1. 75 Requires at least: 3. 6 Tested up to: 4. 7 Stable tag: 1. 8 8 9 9 Forces privileged users to set a strong password. … … 56 56 57 57 == Changelog == 58 59 60 61 58 62 59 63 = 1.7 = -
force-strong-passwords/trunk/slt-force-strong-passwords.php
r1468108 r1762265 1 1 <?php 2 2 /** 3 Plugin Name: Force Strong Passwords 4 Plugin URI: https://github.com/boogah/Force-Strong-Passwords/ 5 Description: Forces privileged users to set a strong password. 6 Version: 1.7 7 Author: Jason Cosper 8 Author URI: http://jasoncosper.com/ 9 License: GPLv2 10 @package force-strong-passwords 11 */ 12 13 /** 14 This program is free software; you can redistribute it and/or modify 15 it under the terms of the GNU General Public License, version 2, as 16 published by the Free Software Foundation. 17 18 This program is distributed in the hope that it will be useful, 19 but WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 GNU General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 26 */ 3 * Plugin Name: Force Strong Passwords 4 * Plugin URI: https://github.com/boogah/force-strong-passwords/ 5 * Description: Forces privileged users to set a strong password. 6 * Version: 1.8.0 7 * Author: Jason Cosper 8 * Author URI: http://jasoncosper.com/ 9 * License: GPLv3 10 * License URI: https://www.gnu.org/licenses/gpl-3.0.txt 11 * Text Domain: force-strong-passwords 12 * Domain Path: /languages 13 * 14 * @link https://jasoncosper.com/ 15 * @package WordPress 16 * @author Jason Cosper 17 * @version 1.8.0 18 */ 19 27 20 global $wp_version; 28 21 … … 30 23 // Make sure we don't expose any info if called directly. 31 24 if ( ! function_exists( 'add_action' ) ) { 32 _e( "Hi there! I'm just a plugin, not much I can do when called directly.", 'slt-force-strong-passwords' );25 _e( "Hi there! I'm just a plugin, not much I can do when called directly.", 'slt-force-strong-passwords' ); 33 26 exit; 34 27 } … … 36 29 37 30 /** 38 Initialize constants.31 Initialize constants. 39 32 */ 40 33 … … 49 42 * Use zxcvbn for versions 3.7 and above 50 43 * 51 * @since 44 * @since1.3 52 45 */ 53 46 define( 'SLT_FSP_USE_ZXCVBN', version_compare( round( $wp_version, 1 ), '3.7' ) >= 0 ); … … 57 50 * The default capabilities that will be checked for to trigger strong password enforcement 58 51 * 59 * @deprecated 60 * @since 52 * @deprecatedPlease use the slt_fsp_caps_check filter to customize the capabilities check for enforcement 53 * @since1.1 61 54 */ 62 55 define( 'SLT_FSP_CAPS_CHECK', 'publish_posts,upload_files,edit_published_posts' ); … … 86 79 } 87 80 88 89 /** 90 Enqueue force zxcvbn check script.81 /** 82 * Enqueue `force-zxcvbn` check script. 83 . 91 84 */ 92 85 function slt_fsp_enqueue_force_zxcvbn_script() { 93 wp_enqueue_script( 'slt-fsp-force-zxcvbn', plugins_url( 'force-zxcvbn.min.js', __FILE__ ), array( 'jquery' ), FSP_PLUGIN_VERSION ); 94 // Also change hint. 95 wp_enqueue_script( 'slt-fsp-admin-js', plugins_url( 'js-admin.min.js', __FILE__ ), array( 'jquery' ), FSP_PLUGIN_VERSION ); 96 } 97 86 $suffix = ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ? '' : '.min'; 87 wp_enqueue_script( 'slt-fsp-force-zxcvbn', plugin_dir_url( __FILE__ ) . 'force-zxcvbn' . $suffix . '.js', array( 'jquery' ), FSP_PLUGIN_VERSION ); 88 wp_enqueue_script( 'slt-fsp-admin-js', plugin_dir_url( __FILE__ ) . 'js-admin' . $suffix . '.js', array( 'jquery' ), FSP_PLUGIN_VERSION ); 89 } 98 90 99 91 /** … … 105 97 106 98 /** 107 Check password reset form and throw an error if the password isn't strong.99 Check password reset form and throw an error if the password isn't strong. 108 100 */ 109 101 function slt_fsp_validate_resetpass_form( $user_data ) { … … 113 105 114 106 /** 115 Functionality used by both user profile and reset password validation.107 Functionality used by both user profile and reset password validation. 116 108 */ 117 109 function slt_fsp_validate_strong_password( $errors, $user_data ) { 118 110 $password_ok = true; 119 $enforce = true;120 $password = ( isset( $_POST['pass1'] ) && trim( $_POST['pass1'] ) ) ? sanitize_text_field( $_POST['pass1'] ) : false;121 $role = isset( $_POST['role'] ) ? sanitize_text_field( $_POST['role'] ) : false;122 $user_id = isset( $user_data->ID ) ? sanitize_text_field( $user_data->ID ) : false;123 $username = isset( $_POST['user_login'] ) ? sanitize_text_field( $_POST['user_login'] ) : $user_data->user_login;111 $enforce = true; 112 $password = ( isset( $_POST['pass1'] ) && trim( $_POST['pass1'] ) ) ? sanitize_text_field( $_POST['pass1'] ) : false; 113 $role = isset( $_POST['role'] ) ? sanitize_text_field( $_POST['role'] ) : false; 114 $user_id = isset( $user_data->ID ) ? sanitize_text_field( $user_data->ID ) : false; 115 $username ; 124 116 125 117 // No password set? … … 150 142 151 143 // Check the strength passed from the zxcvbn meter. 152 $compare_strong = html_entity_decode( __( 'strong' ), ENT_QUOTES, 'UTF-8' );144 $compare_strong = html_entity_decode( __( 'strong' ), ENT_QUOTES, 'UTF-8' ); 153 145 $compare_strong_reset = html_entity_decode( __( 'hide-if-no-js strong' ), ENT_QUOTES, 'UTF-8' ); 154 if ( ! in_array( $_POST['slt-fsp-pass-strength-result'] , array( null, $compare_strong, $compare_strong_reset )) ) {146 if ( ! in_array( $_POST['slt-fsp-pass-strength-result'] ) ) { 155 147 $password_ok = false; 156 148 } … … 179 171 * It's assumed the someone who can't publish_posts won't be able to update_core! 180 172 * 181 * @since 182 * @uses 183 * @uses 184 * @uses 185 * @param 186 * @return 173 * @since1.1 174 * @usesSLT_FSP_CAPS_CHECK 175 * @usesapply_filters() 176 * @usesuser_can() 177 * @paramint $user_id A user ID. 178 * @returnboolean 187 179 */ 188 180 function slt_fsp_enforce_for_user( $user_id ) { … … 213 205 * Check for password strength - based on JS function in pre-3.7 WP core: /wp-admin/js/password-strength-meter.js 214 206 * 215 * @since 216 * @param string $iThe password.217 * @param string $fThe user's username.218 * @return integer1 = very weak; 2 = weak; 3 = medium; 4 = strong207 * @since1.0 208 * @paramThe password. 209 * @paramThe user's username. 210 * @return1 = very weak; 2 = weak; 3 = medium; 4 = strong 219 211 */ 220 212 function slt_fsp_password_strength( $i, $f ) {
Note: See TracChangeset
for help on using the changeset viewer.