diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 787037cfb1..d1a6306b69 100755 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -156,6 +156,16 @@ class ProfileController extends Controller if (!Hash::check($request->input('current_password'), $user->password)) { $validator->errors()->add('current_password', trans('validation.hashed_pass')); } + + if (($request->input('password') == $user->username) || + ($request->input('password') == $user->email) || + ($request->input('password') == $user->first_name) || + ($request->input('password') == $user->last_name)) + { + $validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields')); + } + + }); diff --git a/app/Providers/ValidationServiceProvider.php b/app/Providers/ValidationServiceProvider.php index b8e028226e..97d0d779f9 100644 --- a/app/Providers/ValidationServiceProvider.php +++ b/app/Providers/ValidationServiceProvider.php @@ -91,6 +91,48 @@ class ValidationServiceProvider extends ServiceProvider }); + // This ONLY works for create/update user forms, since the Update Profile Password form doesn't + // include any of these additional validator fields + Validator::extend('disallow_same_pwd_as_user_fields', function ($attribute, $value, $parameters, $validator) { + + + $data = $validator->getData(); + \Log::debug('Attribute: '.$attribute); + \Log::debug('Value: '. $value); + \Log::debug('Parameters: '.print_r($parameters, true)); + \Log::debug('Data: '.print_r($data, true)); + + + if (array_key_exists("username", $data)) { + if ($data['username'] == $data['password']) { + return false; + } + } + + if (array_key_exists("email", $data)) { + if ($data['email'] == $data['password']) { + return false; + } + } + + if (array_key_exists("first_name", $data)) { + if ($data['first_name'] == $data['password']) { + return false; + } + } + + if (array_key_exists("last_name", $data)) { + if ($data['last_name'] == $data['password']) { + return false; + } + } + + + return true; + + + }); + Validator::extend('letters', function ($attribute, $value, $parameters) { return preg_match('/\pL/', $value); }); diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php index d7ddb8c0d1..7e584d67ea 100644 --- a/resources/lang/en/validation.php +++ b/resources/lang/en/validation.php @@ -99,7 +99,7 @@ return array( 'url' => 'The :attribute format is invalid.', "unique_undeleted" => "The :attribute must be unique.", "import_field_empty" => "The value of the Import Field shouldn't be empty", - "same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.', + "disallow_same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.', /* |-------------------------------------------------------------------------- diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php index 9f5d9bf1ec..ad05725c28 100644 --- a/resources/views/settings/security.blade.php +++ b/resources/views/settings/security.blade.php @@ -99,7 +99,7 @@
- {{ Form::checkbox("pwd_secure_complexity['same_pwd_as_user_fields']", 'same_pwd_as_user_fields', old('same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }} + {{ Form::checkbox("pwd_secure_complexity['disallow_same_pwd_as_user_fields']", 'disallow_same_pwd_as_user_fields', old('disallow_same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'disallow_same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }} Password cannot be the same as first name, last name, email, or username