[pmwiki-users] Password question
Dominique Faure
dominique.faure at gmail.com
Mon Jul 10 05:30:20 CDT 2006
On 7/10/06, The Editor <editor at fast.st> wrote:
> Hi all!
>
> I'm using the newuser recipe to allow members to self-register
> (available in FAST Membership), and then forward a bunch of user
> information to myself by email, including their username and password.
> In so doing, I've noticed certain passwords came in blank, something
> I believe is the result of invalid characters being entered in the
> password string.
The recipe doesn't make any attempt to change what the user filled
(same as HtpasswdForm), nor does the _crypt function defined in
scripts/authuser.php, so a blank password means only that the user
provided nothing into the password field.
> Can someone tell me what characters are acceptable and which are not?
> (These are encrypted and stored in a htpasswd file). I also want some
> kind of check to ensure entered passwords are valid. I used the
> following lines for checking usernames to make sure they were valid
> pagenames, and need something similar for the passwords. Thanks in
> advance for your help...
>
>
> if($user!=PageVar(MakePageName($pagename, $user), '$Name')) {
> $MessagesFmt[] = $MembershipFmt['invalid'];
> HandleBrowse($pagename);
> exit;
> }
>
Anything that could be typed into a browser input field can be
considered as a valid password (even nothing). It's up to you to
define your own password enforcement policies and provide a way to
plug them into your recipe.
Regards,
Dom
More information about the pmwiki-users
mailing list