[pmwiki-users] Password question

Dominique Faure dominique.faure at gmail.com
Mon Jul 10 05:30:20 CDT 2006


On 7/10/06, The Editor <editor at fast.st> wrote:
> Hi all!
>
> I'm using the newuser recipe to allow members to self-register
> (available in FAST Membership), and then forward a bunch of user
> information to myself by email, including their username and password.
>  In so doing, I've noticed certain passwords came in blank, something
> I believe is the result of invalid characters being entered in the
> password string.

The recipe doesn't make any attempt to change what the user filled
(same as HtpasswdForm), nor does the _crypt function defined in
scripts/authuser.php, so a blank password means only that the user
provided nothing into the password field.

> Can someone tell me what characters are acceptable and which are not?
> (These are encrypted and stored in a htpasswd file). I also want some
> kind of check to ensure entered passwords are valid. I used the
> following lines for checking usernames to make sure they were valid
> pagenames, and need something similar for the passwords. Thanks in
> advance for your help...
>
>
> if($user!=PageVar(MakePageName($pagename, $user), '$Name')) {
>     $MessagesFmt[] = $MembershipFmt['invalid'];
>     HandleBrowse($pagename);
>     exit;
>   }
>

Anything that could be typed into a browser input field can be
considered as a valid password (even nothing). It's up to you to
define your own password enforcement policies and provide a way to
plug them into your recipe.

Regards,
Dom




More information about the pmwiki-users mailing list