/** * Check auth against list of login=>pwd. Sets user if applicable, returns bool * */ function yourls_check_username_password() { global $yourls_user_passwords; if (isset($yourls_user_passwords[$_REQUEST['username']]) && yourls_check_password_hash($_REQUEST['username'], $_REQUEST['password'])) { yourls_set_user($_REQUEST['username']); return true; } return false; }
/** * Verify submitted form meets requirements * - Current password must be correct * - New password must match confirm new password * - Minimum length met * - If set, have one digit * - If set, have one special character * - If set, have at least one uppercase and one lowercase letter * * @return string $error_message */ function vva_change_password_get_form_errors() { $error_message = NULL; if (!yourls_check_password_hash(YOURLS_USER, $_REQUEST['current_password'])) { $error_message .= 'Error: your current password is incorrect<br />'; } if ($_REQUEST['new_password'] !== $_REQUEST['confirm_new_password']) { $error_message .= 'Error: New Password and Confirm New Password do not match<br />'; } if (strlen($_REQUEST['new_password']) < VVA_CHANGE_PASSWORD_MINIMUM_LENGTH) { $error_message .= sprintf('Error: New Password must be at least %d characters<br />', VVA_CHANGE_PASSWORD_MINIMUM_LENGTH); } if (VVA_CHANGE_PASSWORD_USE_DIGITS && !preg_match('/[0-9]+/', $_REQUEST['new_password'])) { $error_message .= 'Error: New Password must contain at least one digit<br />'; } if (VVA_CHANGE_PASSWORD_USE_SPECIAL && !preg_match('/[\\W_]+/', $_REQUEST['new_password'])) { $error_message .= 'Error: New Password must contain at least one special character<br />'; } if (VVA_CHANGE_PASSWORD_USE_UPPERCASE && (!preg_match('/[a-z]+/', $_REQUEST['new_password']) || !preg_match('/[A-Z]+/', $_REQUEST['new_password']))) { $error_message .= 'Error: New Password must contain at least one lowercase and one uppercase letter<br />'; } return $error_message; }