$err = true;
}
+ if (User::checkPasswordExposed($newpass)) {
+ notice(L10n::t('The new password has been exposed in a public data dump, please choose another.') . EOL);
+ $err = true;
+ }
+
// check if the old password was supplied correctly before changing it to the new value
if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
notice(L10n::t('Wrong password.') . EOL);
*/
namespace Friendica\Model;
+use DivineOmega\PasswordExposed\PasswordStatus;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use dba;
use Exception;
use LightOpenID;
+use function password_exposed;
require_once 'boot.php';
require_once 'include/dba.php';
* @param string $password
* @return int|boolean
* @deprecated since version 3.6
- * @see Friendica\Model\User::getIdFromPasswordAuthentication()
+ * @see User::getIdFromPasswordAuthentication()
*/
public static function authenticate($user_info, $password)
{
return autoname(6) . mt_rand(100, 9999);
}
+ /**
+ * Checks if the provided plaintext password has been exposed or not
+ *
+ * @param string $password
+ * @return bool
+ */
+ public static function checkPasswordExposed($password)
+ {
+ return password_exposed($password) === PasswordStatus::EXPOSED;
+ }
+
/**
* Legacy hashing function, kept for password migration purposes
*
projects / friendica.git / commitdiff