using config variable for minimum password length

git-svn-id: http://code.elgg.org/elgg/trunk@7047 36083f99-b078-4883-b0ff-0f9b5a30f544

4 files changed, 27 insertions, 3 deletions

diff --git a/engine/lib/users.php b/engine/lib/users.php
index c9add2541..45499b27d 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -953,7 +953,9 @@ function validate_username($username) {
  * @throws RegistrationException on invalid
  */
 function validate_password($password) {
-	if (strlen($password) < 6) {
+	global $CONFIG;
+
+	if (strlen($password) < $CONFIG->min_password_length) {
 		throw new RegistrationException(elgg_echo('registration:passwordtooshort'));
 	}
 
diff --git a/engine/settings.example.php b/engine/settings.example.php
index e6857e4c4..c503f0162 100644
--- a/engine/settings.example.php
+++ b/engine/settings.example.php
@@ -110,4 +110,13 @@ $CONFIG->broken_mta = FALSE;
  *
  * @global bool $CONFIG->db_disable_query_cache
  */
-$CONFIG->db_disable_query_cache = FALSE;
\ No newline at end of file
+$CONFIG->db_disable_query_cache = FALSE;
+
+/**
+ * Minimum password length
+ *
+ * This value is used when validating a user's password during registration.
+ *
+ * @global int $CONFIG->min_password_length
+ */
+$CONFIG->min_password_length = 6;
\ No newline at end of file
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 192139084..7d2e2355c 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -382,6 +382,12 @@ class ElggInstaller {
 			} while (FALSE);  // PHP doesn't support breaking out of if statements
 		}
 
+		// bit of a hack to get the password help to show right number of characters
+		global $CONFIG;
+		$lang = get_current_language();
+		$CONFIG->translations[$lang]['install:admin:help:password1'] =
+				sprintf($CONFIG->translations[$lang]['install:admin:help:password1'], $CONFIG->min_password_length);
+
 		$formVars = $this->makeFormSticky($formVars, $submissionVars);
 
 		$this->render('admin', array('variables' => $formVars));
@@ -1287,6 +1293,12 @@ class ElggInstaller {
 			return FALSE;
 		}
 
+		$minLength = get_config('min_password_length');
+		if (strlen($submissionVars['password1']) < $minLength) {
+			register_error(elgg_echo('install:admin:password:tooshort'));
+			return FALSE;
+		}
+
 		// check that email address is email address
 		if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) {
 			$msg = sprintf(elgg_echo('install:error:emailaddress'), $submissionVars['email']);
diff --git a/install/languages/en.php b/install/languages/en.php
index f474a8c7b..d1c9d4a02 100644
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -102,11 +102,12 @@ If you are ready to proceed, click the Next button.",
 	'install:admin:help:displayname' => 'The name that is displayed on the site for this account',
 	'install:admin:help:email' => '',
 	'install:admin:help:username' => 'Account username used for logging in',
-	'install:admin:help:password1' => 'Account password must be at least x characters long',
+	'install:admin:help:password1' => "Account password must be at least %u characters long",
 	'install:admin:help:password2' => 'Retype password to confirm',
 
 	'install:admin:password:mismatch' => 'Password must match.',
 	'install:admin:password:empty' => 'Password cannot be empty.',
+	'install:admin:password:tooshort' => 'Your password was too short',
 	'install:admin:cannot_create' => 'Unable to create an admin account.',
 
 	'install:complete:instructions' => 'Your Elgg site is now ready to be used. Click the button below to be taken to your site.',