Modified password validation to reject spaces in passwords. refs #1256

Marty Penner
Showing 1 changed file with 8 additions and 3 deletions
com/Auth/Auth.php
--- a/com/Auth/Auth.php
View file @3ab177a
+++ b/com/Auth/Auth.php
View file @3ab177a
@@ -27,7 +27,7 @@ const OPTION_NAME = 'tz_auth'; // Database lookup key (`wp_options`.`option_name
        if (empty($wpdb->signups)) {
            $wpdb->signups = $wpdb->prefix . 'signups';
        }
-
+//die(var_dump(wp_hash_password('a ')));
        Vars::$options = new Tools\WP_Option(OPTION_NAME);

        if (is_admin()) {
@@ -137,7 +137,7 @@ function register($username, $email, $password, $meta = Array()) {
     * for whatever reason.
     */
    $wpdb->query("DELETE FROM {$wpdb->signups} WHERE user_email='$email' AND active=0");
-    
+
    $user_data = Array(
        'username' => $username
      , 'password' => $password
@@ -255,12 +255,17 @@ class Validation extends Common\Validation {

    /**
     * @rule Not blank
-     * @returns Boolean 
+     * @rule No spaces
+     * @returns Boolean
     */
    protected function password($val) {
        if (empty($val)) {
            throw new Exception('<li>Password can not be blank</li>');
        }
+
+        if (false !== strpos($val, ' ')) {
+            throw new Exception('<li>Password can not contain spaces</li>');
+        }
    }

    /**