Should Piwik check that the login & password have minimum length and valid characters?
| public static isUserCredentialsSanityCheckEnabled ( ) : boolean | ||
| return | boolean | True if checks enabled; false otherwise |
/**
* Returns true if the password is complex enough (at least 6 characters and max 26 characters)
*
* @param $input string
* @return bool
*/
public static function isValidPasswordString($input)
{
if (!SettingsPiwik::isUserCredentialsSanityCheckEnabled() && !empty($input)) {
return true;
}
$l = strlen($input);
return $l >= self::PASSWORD_MIN_LENGTH;
}
/**
* Returns `true` if the login is valid.
*
* _Warning: does not check if the login already exists! You must use UsersManager_API->userExists as well._
*
* @param string $userLogin
* @throws Exception
* @return bool
*/
public static function checkValidLoginString($userLogin)
{
if (!SettingsPiwik::isUserCredentialsSanityCheckEnabled() && !empty($userLogin)) {
return;
}
$loginMinimumLength = 2;
$loginMaximumLength = 100;
$l = strlen($userLogin);
if (!($l >= $loginMinimumLength && $l <= $loginMaximumLength && preg_match('/^[A-Za-z0-9_.@+-]*$/D', $userLogin) > 0)) {
throw new Exception(Piwik::translate('UsersManager_ExceptionInvalidLoginFormat', array($loginMinimumLength, $loginMaximumLength)));
}
}
