-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprevent-password-reuse.php
93 lines (73 loc) · 3.14 KB
/
prevent-password-reuse.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
/**
* Plugin Name: Prevent Password Reuse
* Plugin URI: http://www.simonbrown.com.au
* Description: A Simple plugin that securely keeps track of all your users previous passwords and prevents their reuse.
* Version: 1.1
* Author: Simon Brown
* Author URI: http://www.simonbrown.com.au
* License: GPLv2 or later
* Copyright: Simon Brown
*/
global $ppr_db_version;
$ppr_db_version = "1.1";
include( plugin_dir_path( __FILE__ ) . 'ppr-class.php');
register_activation_hook( __FILE__, 'ppr_install' );
//Lets Install the plugin
function ppr_install()
{
global $wpdb;
global $ppr_db_version;
$table_name = $wpdb->prefix . "password_log";
$sql = "CREATE TABLE $table_name (
id mediumint(9) NOT NULL AUTO_INCREMENT,
created datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,
user mediumint(9) NOT NULL,
password VARCHAR(256) NOT NULL,
UNIQUE KEY id (id)
);";
require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
dbDelta( $sql );
add_option( "ppr_db_version", $ppr_db_version );
}
//Lets check the password doesn't match the current password or any of our stored passwords on password reset
add_action( 'validate_password_reset', 'check_password_history', 10, 2 );
function check_password_history( $errors, $user )
{
if ( !empty($_POST['pass1']) && $_POST['pass1'] == $_POST['pass2'] ) {
$ppr = new ppr($user);
//Check against current password
if (! $ppr->check_current_password($_POST['pass1'])) {
$errors->add( 'duplicate_password', __( '<strong>ERROR</strong>: Your password has previously been used, you must select a unqiue password' ) );
}
//Check against all previous passwords
if (! $ppr->check_previous_passwords($_POST['pass1'])) {
$errors->add( 'duplicate_password', __( '<strong>ERROR</strong>: Your password has previously been used, you must select a unqiue password' ) );
}
}
}
//Lets check the password doesn't match the current password or any of our stored passwords on profile update
add_filter('user_profile_update_errors', 'check_fields', 10, 3);
function check_fields($errors, $update, $user) {
if ($update && isset($_POST['pass1']) && !empty($_POST['pass1']) && $_POST['pass1'] == $_POST['pass2']) {
$ppr = new ppr($user);
//Check against current password
if (! $ppr->check_current_password($_POST['pass1'])) {
$errors->add( 'duplicate_password', __( '<strong>ERROR</strong>: Your password has previously been used, you must select a unqiue password' ) );
}
//Check against all previous passwords
if (! $ppr->check_previous_passwords($_POST['pass1'])) {
$errors->add( 'duplicate_password', __( '<strong>ERROR</strong>: Your password has previously been used, you must select a unqiue password' ) );
}
if ( empty($errors->errors) ) {
$ppr->store_old_password();
}
}
}
//Lets store the users old password each time a new one is saved
add_action( 'password_reset', 'store_hashed_password', 10, 2 );
function store_hashed_password( $user, $new_pass )
{
$ppr = new ppr($user);
$ppr->store_old_password();
}