Commit 888b8d47 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Check password length on the password reset form

We already check for a minimum password length on the account edit page.
Add the same check to the password reset form (which is also used to set
an initial password).

Signed-off-by: default avatarLukas Fleischer <>
parent 571b74b9
......@@ -25,6 +25,10 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
} elseif (!good_passwd($password)) {
$length_min = config_get_int('options', 'passwd_min_len');
$error = __("Your password must be at least %s characters.",
} elseif ($uid == null) {
$error = __('Invalid e-mail.');
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment