public static function validatePassword($errors, $userData)
{
$password = isset($_POST['pass1']) && trim($_POST['pass1']) ? $_POST['pass1'] : false;
$user_id = isset($userData->ID) ? $userData->ID : false;
$username = isset($_POST["user_login"]) ? $_POST["user_login"] : $userData->user_login;
if ($password == false) {
return $errors;
}
if ($errors->get_error_data("pass")) {
return $errors;
}
$enforce = false;
if (wfConfig::get('loginSec_strongPasswds') == 'pubs') {
if (user_can($user_id, 'publish_posts')) {
$enforce = true;
}
} else {
if (wfConfig::get('loginSec_strongPasswds') == 'all') {
$enforce = true;
}
}
if ($enforce) {
if (!wordfence::isStrongPasswd($password, $username)) {
$errors->add('pass', "Please choose a stronger password. Try including numbers, symbols and a mix of upper and lower case letters and remove common words.");
return $errors;
}
}
$twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array());
if (preg_match(self::$passwordCodePattern, $password) && isset($twoFactorUsers) && is_array($twoFactorUsers) && sizeof($twoFactorUsers) > 0) {
$errors->add('pass', "Passwords containing a space followed by 'wf' without quotes are not allowed.");
return $errors;
}
return $errors;
}
