@@ -3637,71 +3637,6 @@ public static function delete(int|array $users, bool $check_not_admin = false, b
36373637 Logging::logActions ($ log_changes );
36383638 }
36393639
3640- /**
3641- * Checks whether a password meets the current forum rules.
3642- *
3643- * Called when registering and when choosing a new password in the profile.
3644- *
3645- * If password checking is enabled, will check that none of the words in
3646- * $restrict_in appear in the password.
3647- *
3648- * Returns an error identifier if the password is invalid, or null if valid.
3649- *
3650- * @param string $password The desired password.
3651- * @param string $username The username.
3652- * @param array $restrict_in An array of restricted strings that cannot be
3653- * part of the password (email address, username, etc.)
3654- * @return null|string Null if valid or a string indicating the problem.
3655- */
3656- public static function validatePassword (string $ password , string $ username , array $ restrict_in = []): ?string
3657- {
3658- // Perform basic requirements first.
3659- if (Utils::entityStrlen ($ password ) < (empty (Config::$ modSettings ['password_strength ' ]) ? 4 : 8 )) {
3660- return 'short ' ;
3661- }
3662-
3663- // Maybe we need some more fancy password checks.
3664- $ pass_error = '' ;
3665-
3666- IntegrationHook::call ('integrate_validatePassword ' , [$ password , $ username , $ restrict_in , &$ pass_error ]);
3667-
3668- if (!empty ($ pass_error )) {
3669- return $ pass_error ;
3670- }
3671-
3672- // Is this enough?
3673- if (empty (Config::$ modSettings ['password_strength ' ])) {
3674- return null ;
3675- }
3676-
3677- // Otherwise, perform the medium strength test - checking if password appears in the restricted string.
3678- if (preg_match ('~\b ' . preg_quote ($ password , '~ ' ) . '\b~ ' , implode (' ' , $ restrict_in ))) {
3679- return 'restricted_words ' ;
3680- }
3681-
3682- if (Utils::entityStrpos ($ password , $ username ) !== false ) {
3683- return 'restricted_words ' ;
3684- }
3685-
3686- // If just medium, we're done.
3687- if (Config::$ modSettings ['password_strength ' ] == 1 ) {
3688- return null ;
3689- }
3690-
3691- // Check for both numbers and letters.
3692- $ good = preg_match ('~\p{N}~u ' , $ password ) && preg_match ('~\p{L}~u ' , $ password );
3693-
3694- // If there are any letters from bicameral scripts (Latin, Greek, etc.),
3695- // check that there are both lowercase and uppercase letters present.
3696- // Note: If the password only contains letters from a unicameral script
3697- // (Arabic, Thai, etc.), this requirement is not applicable.
3698- if (Utils::strtoupper ($ password ) !== ($ lower_password = Utils::strtolower ($ password ))) {
3699- $ good &= $ password !== $ lower_password ;
3700- }
3701-
3702- return $ good ? null : 'chars ' ;
3703- }
3704-
37053640 /**
37063641 * Checks whether a username obeys a load of rules.
37073642 *
0 commit comments