Enforce min password rules + show hint

Also fixes #1017

web/add/db/index.php

@@ -42,8 +42,7 @@ if (!empty($_POST['ok'])) {
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input

web/add/mail/index.php

@@ -96,6 +96,8 @@ if (!empty($_POST['ok_acc'])) {
         header('location: /login/');
         exit();
     }
+    
+    
 
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
@@ -118,6 +120,11 @@ if (!empty($_POST['ok_acc'])) {
             $_SESSION['error_msg'] = __('Please enter valid email address.');
         }
     }
+    
+    // Check password length
+    if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+    }
 
     // Protect input
     $v_domain = escapeshellarg($_POST['v_domain']);

web/edit/db/index.php

@@ -63,15 +63,19 @@ if (!empty($_POST['save'])) {
 
     // Change database password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-database-password ".$v_username." ".escapeshellarg($v_database)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        }else{ 
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-database-password ".$v_username." ".escapeshellarg($v_database)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Set success message

web/edit/mail/index.php

@@ -398,15 +398,19 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);;
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        }else{         
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Change quota

web/js/pages/add_db.js

@@ -63,19 +63,53 @@ App.Listeners.DB.keypress_db_databasename = function() {
     });
 }
 
+App.Actions.DB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.DB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.DB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.DB.keypress_v_password();
+
 //
 // Page entry point
 // Trigger listeners
 App.Listeners.DB.keypress_db_username();
 App.Listeners.DB.keypress_db_databasename();
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_db.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.DB.update_v_password();
+    }    
 }

web/js/pages/add_mail_acc.js

@@ -75,22 +75,56 @@ $('form[name="v_quota"]').on('submit', function(evt) {
     });
 });
 
+App.Actions.MAIL_ACC.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.MAIL_ACC.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password();
+
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_mail_acc.v_password.value = randomstring;
-
-    if($('input[name=v_password]').attr('type') == 'text')
-        $('#v_password').text(randomstring);
-    else
-        $('#v_password').text(Array(randomstring.length+1).join('*'));
-    generate_mail_credentials();
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        if($('input[name=v_password]').attr('type') == 'text')
+            $('#v_password').text(randomstring);
+        else
+            $('#v_password').text(Array(randomstring.length+1).join('*'));
+        
+        App.Actions.MAIL_ACC.update_v_password();
+        generate_mail_credentials();
+    }    
 }
 
 generate_mail_credentials = function() {

web/js/pages/edit_db.js

@@ -63,20 +63,55 @@ App.Listeners.DB.keypress_db_databasename = function() {
     });
 }
 
+App.Actions.DB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.DB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.DB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.DB.keypress_v_password();
+
 //
 // Page entry point
 // Trigger listeners
 App.Listeners.DB.keypress_db_username();
 App.Listeners.DB.keypress_db_databasename();
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_db.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.DB.update_v_password();
+    }    
 }
+
      

web/js/pages/edit_mail_acc.js

@@ -53,47 +53,57 @@ App.Listeners.MAIL_ACC.init = function() {
     });
 }
 
-App.Helpers.isUnlimitedValue = function(value) {
-    var value = value.trim();
-    if (value == App.Constants.UNLIM_VALUE || value == App.Constants.UNLIM_TRANSLATED_VALUE) {
-        return true;
-    }
-
-    return false;
+App.Actions.MAIL_ACC.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
 }
 
-//
-// Page entry point
-// Trigger listeners
-App.Listeners.MAIL_ACC.init();
-App.Listeners.MAIL_ACC.checkbox_unlimited_feature();
-$('form[name="v_quota"]').on('submit', function(evt) {
-    $('input:disabled').each(function(i, elm) {
-        $(elm).attr('disabled', false);
-        if (App.Helpers.isUnlimitedValue($(elm).val())) {
-            $(elm).val(App.Constants.UNLIM_VALUE);
-        }
+App.Listeners.MAIL_ACC.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.MAIL_ACC.update_v_password(elm, $(elm).val());
+        }, 100);
     });
-});
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password();
 
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_mail_acc.v_password.value = randomstring;
-
-    if($('input[name=v_password]').attr('type') == 'text')
-        $('#v_password').text(randomstring);
-    else
-        $('#v_password').text(Array(randomstring.length+1).join('*'));
-    generate_mail_credentials();
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        if($('input[name=v_password]').attr('type') == 'text')
+            $('#v_password').text(randomstring);
+        else
+            $('#v_password').text(Array(randomstring.length+1).join('*'));
+        
+        App.Actions.MAIL_ACC.update_v_password();
+        generate_mail_credentials();
+    }    
 }
-
 generate_mail_credentials = function() {
     var div = $('.mail-infoblock').clone();
     div.find('#mail_configuration').remove();

web/js/pages/setup_webapp.js

@@ -1,14 +1,16 @@
-function randomString(target) {
+randomString = function(target, min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.getElementById(target).value = randomstring;
-}
-
-$(document).ready(function() {
-
-});
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        elm = document.getElementById(target);
+        $(elm).val(randomstring);
+    }    
+}

web/templates/admin/add_db.html

@@ -88,11 +88,22 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password">
+                                    <input type="text" size="20" class="vst-input password" name="v_password"><br />
+                                    <meter max="4" id="meter"></meter>
                                 </td>
                             </tr>
                             <tr>
-                                <td class="vst-text input-label">
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text">
                                     <?php print __('Type');?>
                                 </td>
                             </tr>

web/templates/admin/add_mail_acc.html

@@ -72,11 +72,22 @@
                         </tr>
                         <tr>
                             <td>
-                                <input type="text" size="20" class="vst-input password" name="v_password">
+                                <input type="text" size="20" class="vst-input password" name="v_password"><br />
+                                <meter max="4" id="meter"></meter>
                             </td>
                         </tr>
                         <tr>
-                            <td class="vst-text input-label">
+                            <td class="vst-text">
+                                <?php print('Your password must have at least');?>
+                                <ul>
+                                    <li><?php print('8 characters long');?></li>
+                                    <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                    <li><?php print('1 number');?></li>
+                                </ul>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td class="vst-text">
                                 <a href="javascript:elementHideShow('advtable');" class="vst-advanced"> <?php print __('Advanced options');?>&nbsp;<i class="fas fa-arrow-circle-right"></i></a>
                             </td>
                         </tr>

web/templates/admin/edit_db.html

@@ -83,7 +83,18 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
                                 </td>
                             </tr>
                             <tr>

web/templates/admin/edit_mail_acc.html

@@ -73,9 +73,20 @@
                         </tr>
                         <tr>
                             <td>
-                                <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                <meter max="4" id="meter"></meter>
                             </td>
-                         </tr>
+                        </tr>
+                        <tr>
+                            <td class="vst-text">
+                                <?php print('Your password must have at least');?>
+                                <ul>
+                                    <li><?php print('8 characters long');?></li>
+                                    <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                    <li><?php print('1 number');?></li>
+                                    </ul>
+                            </td>
+                        </tr>
                         <tr>
                             <td class="vst-text input-type input-label">
                                 <?php print __('Quota');?> <span class="optional">(<?=__('in megabytes')?>)</span>
@@ -84,7 +95,7 @@
                         <tr>
                           <td>
                                 <input type="text" size="20" class="vst-input" name="v_quota" value="<? if (!empty($v_quota)) {echo htmlentities(trim($v_quota, "'"));} else { echo "0"; } ?>">
-                                <img class="fas fa-infinity unlim-trigger" id="unlim-quota"/>
+                                <i class="unlim-trigger fas fa-infinity" id="unlim-quota"></i>
                             </td>
                         </tr>
                         <tr>