Restrict pass char

I'm interested in restricting the password chars (to alpha-numeric, no "special" char), and maybe increase the min length to 6. Where in the class should I be looking?

[Free WordPress Themes]

Hello,

modifying a open source class is not useful because you have to add your custom modifications to later updates too.

just try to add this regex test into you php code (or write some class extension):

Code:

<?php 
if (preg_match("/[a-z0-9]{6,}/i", $password) {
  // do something
} else {
  echo "bad password";
}

I did find the place in the class, I don't know how I missed it when I first looked. It occures to me that password restrictions might be something many people might want, maybe a list of spacific char that are "bad" that could be specified as an array in the configureation. Some characters have no place in passwords, and lend themselves to SQL injection...

[Free WordPress Themes]

I did find the place in the class, I don't know how I missed it when I first looked. It occures to me that password restrictions might be something many people might want, maybe a list of spacific char that are "bad" that could be specified as an array in the configureation. Some characters have no place in passwords, and lend themselves to SQL injection...

I don't think so, I use often passwords with not alphanumerical characters because these passwords are more safe.

An injection is impossible because the password is saved in MD5 encoding, all posted values are prepared to get sql injections, check this function:

Code:

<?php
function ins_string($value) {
if (preg_match("/^(.*)(##)(int|date|eu_date)$/", $value, $parts)) {
$value = $parts[1];
$type = $parts[3];
} else {
$type = "";
}
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;
switch ($type) {
case "int":
$value = ($value != "") ? intval($value) : NULL;
break;
case "eu_date":
$date_parts = preg_split ("/[\-\/\.]/", $value); 
$time = mktime(0, 0, 0, $date_parts[1], $date_parts[0], $date_parts[2]);
$value = strftime("'%Y-%m-%d'", $time);
break;
case "date":
$value = "'".preg_replace("/[\-\/\.]/", "-", $value)."'";
break;
default:
$value = ($value != "") ? "'" . $value . "'" : "''";
}
return $value;
}

[Guest]

[35.588]

chaz, Yahoo crawler, Googlebot, Olaf