summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames <james@jarofgreen.co.uk>2012-10-22 13:48:14 +0100
committerChristian Weiske <cweiske@cweiske.de>2012-10-28 10:29:40 +0100
commit6607747b3790fd003d587c949157158bff0b7b50 (patch)
treea0b64dba816ae5e901b97010a44e96f8d34b05d1
parentcb4b0469ca48d9865c8b162c1446d9011adf249b (diff)
downloadsemanticscuttle-6607747b3790fd003d587c949157158bff0b7b50.tar.gz
semanticscuttle-6607747b3790fd003d587c949157158bff0b7b50.tar.bz2
Require that user type in two passwords and check they match when registering.
-rw-r--r--data/templates/default/register.tpl.php5
-rw-r--r--www/register.php5
2 files changed, 10 insertions, 0 deletions
diff --git a/data/templates/default/register.tpl.php b/data/templates/default/register.tpl.php
index 62cebad..6cfddd7 100644
--- a/data/templates/default/register.tpl.php
+++ b/data/templates/default/register.tpl.php
@@ -23,6 +23,11 @@ window.onload = function() {
<td></td>
</tr>
<tr>
+ <th align="left"><label for="password2"><?php echo T_('Repeat Password'); ?></label></th>
+ <td><input type="password" id="password2" name="password2" size="20" class="required" /></td>
+ <td></td>
+</tr>
+<tr>
<th align="left"><label for="email"><?php echo T_('E-mail'); ?></label></th>
<td><input type="text" id="email" name="email" size="40" class="required" value="<?php echo htmlspecialchars(POST_MAIL); ?>" /></td>
<td><?php echo '←'.T_(' to send you your password if you forget it')?></td>
diff --git a/www/register.php b/www/register.php
index d78ede3..a607c17 100644
--- a/www/register.php
+++ b/www/register.php
@@ -34,6 +34,7 @@ if (!$GLOBALS['enableRegistration']) {
isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
isset($_POST['username']) ? define('POST_USERNAME', $_POST['username']): define('POST_USERNAME', '');
isset($_POST['password']) ? define('POST_PASS', $_POST['password']): define('POST_PASS', '');
+isset($_POST['password2']) ? define('POST_PASS2', $_POST['password2']): define('POST_PASS2', '');
if (isset($_POST['email'])) {
define('POST_MAIL', $_POST['email']);
} else if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
@@ -51,6 +52,10 @@ if (POST_SUBMITTED != '') {
if (!($posteduser) || POST_PASS == '' || POST_MAIL == '') {
$tplVars['error'] = T_('You <em>must</em> enter a username, password and e-mail address.');
+ // Check if passwords match
+ } elseif (POST_PASS != POST_PASS2) {
+ $tplVars['error'] = T_('Those passwords do not match.');
+
// Check if username is reserved
} elseif ($userservice->isReserved($posteduser)) {
$tplVars['error'] = T_('This username has been reserved, please make another choice.');