Commit 2a6b052b authored by Francois Marier's avatar Francois Marier Committed by Gerrit Code Review
Browse files

Merge changes I9f9b7825,I72b76c5c,Ifb9f4a24

* changes:
  Raise the password maximum length to 255 (bug #844488)
  Add help text to encourage good security (bug #844508)
  Change password restrictions for young users (bug #547469)
parents 9d47f91e 032f22e0
......@@ -34,8 +34,10 @@ $string['description'] = 'Authenticate against Mahara\'s database';
$string['completeregistration'] = 'Complete Registration';
$string['emailalreadytaken'] = 'This e-mail address has already registered here';
$string['iagreetothetermsandconditions'] = 'I agree to the Terms and Conditions';
$string['passwordformdescription'] = 'Your password must be at least six characters long and contain at least one digit and two letters';
$string['passwordinvalidform'] = 'Your password must be at least six characters long and contain at least one digit and two letters';
$string['passwordformdescription'] = 'Your password must be at least six characters long. Passwords are case sensitive and must be different to your username.<br/>
For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.';
$string['passwordinvalidform'] = 'Your password must be at least six characters long. Passwords are case sensitive and must be different to your username.<br/>
For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.';
$string['registeredemailsubject'] = 'You have registered at %s';
$string['registeredemailmessagetext'] = 'Hi %s,
......
......@@ -82,15 +82,6 @@ class AuthInternal extends Auth {
if (!preg_match('/^[a-zA-Z0-9 ~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{6,}$/', $password)) {
return false;
}
// The password must have at least one digit and two letters in it
if (!preg_match('/[0-9]/', $password)) {
return false;
}
$password = preg_replace('/[a-zA-Z]/', "\0", $password);
if (substr_count($password, "\0") < 2) {
return false;
}
return true;
}
......
......@@ -432,7 +432,8 @@ $string['uploadcsverrorunspecifiedproblem'] = 'The records in your CSV file coul
$string['uploadcsverrorwrongnumberoffields'] = 'Error on line %s of your file: Incorrect number of fields';
$string['uploadcsverrorinvalidemail'] = 'Error on line %s of your file: The e-mail address for this user is not in correct form';
$string['uploadcsverrorincorrectnumberoffields'] = 'Error on line %s of your file: This line does not have the correct number of fields';
$string['uploadcsverrorinvalidpassword'] = 'Error on line %s of your file: Passwords must be at least six characters long and contain at least one digit and two letters';
$string['uploadcsverrorinvalidpassword'] = 'Error on line %s of your file: Passwords must be at least six characters long. Passwords are case sensitive and must be different to your username.<br/>
For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.';
$string['uploadcsverrorinvalidusername'] = 'Error on line %s of your file: The username for this user is not in correct form';
$string['uploadcsverrormandatoryfieldnotspecified'] = 'Line %s of the file does not have the required "%s" field';
$string['uploadcsverroruseralreadyexists'] = 'Line %s of the file specifies the username "%s" that already exists';
......
<h3>Passwords</h3>
<p>To change your login password, first enter your current password here, then enter your preferred new password in both the other boxes.</p>
<p>Your password must total at least six characters. It must contain at least one number, and at least two letters. Passwords are case sensitive, and must be different from your username.</p>
<p>Your password must be at least six characters long. Passwords are case sensitive, and must be different from your username.</p>
<p>For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.</p>
\ No newline at end of file
<h3>Passwords</h3>
<p>To change your login password, first enter your current password here, then enter your preferred new password in both the other boxes.</p>
<p>Your password must total at least six characters. It must contain at least one number, and at least two letters. Passwords are case sensitive, and must be different from your username.</p>
<p>Your password must be at least six characters long. Passwords are case sensitive, and must be different from your username.</p>
<p>For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.</p>
\ No newline at end of file
<h3>Password</h3>
<p>Your password must total at least six characters. It must contain at least one number, and at least two letters. Passwords are case sensitive, and must be different from your username.</p>
<p>Your password must be at least six characters long. Passwords are case sensitive, and must be different from your username.</p>
<p><strong>Warning:</strong> For security reasons, please do not disclose your password to any user, including the site administrator.</p>
<p>For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.</p>
<h3>Passwords</h3>
<p>To change your login password, first enter your current password here, then enter your preferred new password in both the other boxes.</p>
<p>Your password must total at least six characters. It must contain at least one number, and at least two letters. Passwords are case sensitive, and must be different from your username.</p>
<p>Your password must be at least six characters long. Passwords are case sensitive, and must be different from your username.</p>
<p>For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.</p>
\ No newline at end of file
......@@ -336,7 +336,8 @@ $string['preferredname'] = 'Display Name';
$string['usernamedescription'] = ' ';
$string['usernamehelp'] = 'The username you have been given to access this system.';
$string['youaremasqueradingas'] = 'You are masquerading as %s.';
$string['yournewpassword'] = 'Your new password. Passwords must be at least six characters long and contain at least one digit and two letters';
$string['yournewpassword'] = 'Your new password. Passwords must be at least six characters long. Passwords are case sensitive and must be different to your username.<br/>
For good security, consider using a passphrase. A passphrase is a sentence rather than a single word. Consider using a favourite quote or listing two (or more!) of your favourite things separated by spaces.';
$string['yournewpasswordagain'] = 'Your new password again';
$string['invalidsesskey'] = 'Invalid session key';
$string['cannotremovedefaultemail'] = 'You cannot remove your primary email address';
......
......@@ -109,7 +109,7 @@
<FIELDS>
<FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true"/>
<FIELD NAME="username" TYPE="char" LENGTH="255" NOTNULL="true"/>
<FIELD NAME="password" TYPE="char" LENGTH="40" NOTNULL="true"/>
<FIELD NAME="password" TYPE="char" LENGTH="255" NOTNULL="true"/>
<FIELD NAME="salt" TYPE="char" LENGTH="8" NOTNULL="false"/>
<FIELD NAME="passwordchange" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0"/>
<FIELD NAME="active" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="1"/>
......
......@@ -2695,5 +2695,12 @@ function xmldb_core_upgrade($oldversion=0) {
drop_field($table, $field);
}
if ($oldversion < 2011090900) {
$table = new XMLDBTable('usr');
$field = new XMLDBField('password');
$field->setAttributes(XMLDB_TYPE_CHAR, 255, null, XMLDB_NOTNULL);
change_field_type($table, $field, true, true);
}
return $status;
}
......@@ -28,7 +28,7 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2011083000;
$config->version = 2011090900;
$config->release = '1.5.0dev';
$config->minupgradefrom = 2008040200;
$config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment