Added validation to disallow password to be the same as username, email, etc

app/Http/Controllers/ProfileController.php

@@ -156,6 +156,16 @@ class ProfileController extends Controller
             if (!Hash::check($request->input('current_password'), $user->password)) {
                 $validator->errors()->add('current_password', trans('validation.hashed_pass'));
             }
+
+            if (($request->input('password') == $user->username) ||
+                ($request->input('password') == $user->email) ||
+                ($request->input('password') == $user->first_name) ||
+                ($request->input('password') == $user->last_name))
+            {
+                $validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
+            }
+
+
             
         });
 

app/Providers/ValidationServiceProvider.php

@@ -91,6 +91,48 @@ class ValidationServiceProvider extends ServiceProvider
         });
 
 
+        // This ONLY works for create/update user forms, since the Update Profile Password form doesn't
+        // include any of these additional validator fields
+        Validator::extend('disallow_same_pwd_as_user_fields', function ($attribute, $value, $parameters, $validator) {
+
+
+            $data = $validator->getData();
+            \Log::debug('Attribute: '.$attribute);
+            \Log::debug('Value: '. $value);
+            \Log::debug('Parameters: '.print_r($parameters, true));
+            \Log::debug('Data: '.print_r($data, true));
+
+
+            if (array_key_exists("username", $data)) {
+                if ($data['username'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("email", $data)) {
+                if ($data['email'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("first_name", $data)) {
+                if ($data['first_name'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("last_name", $data)) {
+                if ($data['last_name'] == $data['password']) {
+                    return false;
+                }
+            }
+
+
+           return true;
+
+
+        });
+
         Validator::extend('letters', function ($attribute, $value, $parameters) {
             return preg_match('/\pL/', $value);
         });

resources/lang/en/validation.php

@@ -99,7 +99,7 @@ return array(
     'url'                  => 'The :attribute format is invalid.',
     "unique_undeleted"     => "The :attribute must be unique.",
     "import_field_empty"   => "The value of the Import Field shouldn't be empty",
-    "same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
+    "disallow_same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
 
     /*
     |--------------------------------------------------------------------------

resources/views/settings/security.blade.php

@@ -99,7 +99,7 @@
                             </div>
                             <div class="col-md-9">
 
-                                {{ Form::checkbox("pwd_secure_complexity['same_pwd_as_user_fields']", 'same_pwd_as_user_fields', old('same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
+                                {{ Form::checkbox("pwd_secure_complexity['disallow_same_pwd_as_user_fields']", 'disallow_same_pwd_as_user_fields', old('disallow_same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'disallow_same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
                                 Password cannot be the same as first name, last name, email, or username<br>