login/pass: require new password value to be confirmed

diff --git a/login/edit.php b/login/edit.php
index 2adfc5168848b2df9e941afaa734ca9e66a60cf7..4cb3f111db94ae18b350c6579ab3025d94c0db58 100644 (file)
--- a/login/edit.php
+++ b/login/edit.php
@@ -110,6 +110,7 @@ if (isset($user['pass'])) {
                <label for="newpass">Wachtwoord:</label>
                <input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
                <input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+               <input type="password" name="passconf" value="" placeholder="Nogmaals" />
 <?php
        if ($error = @$colwarn['pass']) {
                print " <span class=warn>$error</span>\n";

diff --git a/login/pass.inc.php b/login/pass.inc.php
index cbfb1db9205a10a4eff22fe3e8c6b00bc5d4a7dd..483f8bbb72aac517ea03d47f9a523a822e0aa404 100644 (file)
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -32,6 +32,10 @@ function passform($user, $input = [])
                return "De loginnaam is wel heel makkelijk raadbaar als wachtwoord.";
        }
 
+       if ($input['newpass'] != $input['passconf']) {
+               return "Zorg dat bij de bevestiging precies het zelfde wachtwoord staat.";
+       }
+
        if (!file_put_contents($pwfile, $input['newpass'])) {
                return "Het nieuwe wachtwoord kon niet worden opgeslagen. Het oude wachtwoord is behouden.";
        }

diff --git a/login/pass/index.php b/login/pass/index.php
index ec87cf5dc4c98f516260f55ee79162e69dbadc55..4724351af6f7261bcbfec6af2b484c573e60e5f4 100644 (file)
--- a/login/pass/index.php
+++ b/login/pass/index.php
@@ -39,6 +39,7 @@ if ($_POST) {
 <input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
 <?php } ?>
 <input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+<input type="password" name="passconf" value="" placeholder="Nogmaals" />
 <input type="submit" value="Wijzig" />
 </p>
 </form>