YAFLogo

jackiechou
  • jackiechou
  • 66.4% (Friendly)
  • YAF Camper Topic Starter
8 years ago
Hi,

A member has told me about a big problem when he registered as a newbie member but it fails. I have tested in registration many times and found that there is a big bug in comparing password and password confirm. When password and password confirm has the same letters but the retype password is not enough strong but the error "The password and retype password mismatch...." instead of the password is not enough strong. It leads to the result that the member is unable to continue registration.

There is a big bug in the javascript script with the method named "PasswordStrengthCheckerJs" in the file named YetAnotherForum.NET\Classes\Utilities\JavaScriptBlocks.cs


public static string PasswordStrengthCheckerJs(
            [NotNull] string passwordClientID,
            [NotNull] string confirmPasswordClientID,
            [NotNull] int minimumChars,
            [NotNull] string notMatchText,
            [NotNull] string passwordMinText,
            [NotNull] string passwordGoodText,
            [NotNull] string passwordStrongerText,
            [NotNull] string passwordWeakText)

[bThere is an error in lacking of checking case if password and confirm password is the same letters.

And this is the script for fixing error above:[/b]


/// <summary>
        /// Gets the Passwords strength checker Java Script.
        /// </summary>
        /// <param name="passwordClientID">The password client identifier.</param>
        /// <param name="confirmPasswordClientID">The confirm password client identifier.</param>
        /// <param name="minimumChars">The minimum chars.</param>
        /// <param name="notMatchText">The not match text.</param>
        /// <param name="passwordMinText">The password minimum text.</param>
        /// <param name="passwordGoodText">The password good text.</param>
        /// <param name="passwordStrongerText">The password stronger text.</param>
        /// <param name="passwordWeakText">The password weak text.</param>
        /// <returns>Returns the Passwords strength checker Java Script</returns>
        [NotNull]
        public static string PasswordStrengthCheckerJs(
            [NotNull] string passwordClientID,
            [NotNull] string confirmPasswordClientID,
            [NotNull] int minimumChars,
            [NotNull] string notMatchText,
            [NotNull] string passwordMinText,
            [NotNull] string passwordGoodText,
            [NotNull] string passwordStrongerText,
            [NotNull] string passwordWeakText)
        {
            return @"{0}(document).ready(function() {{

    {0}('#{2}').on('keyup', function(e) {{
        var password = {0}('#{1}').val();
        var passwordConfirm = {0}('#{2}').val();

        if(password == '' && passwordConfirm == '') {{
            {0}('#passwordStrength').removeClass().empty();
            {0}('#passwordStrength').parent().parent('.post').hide();
 
            return false;
        }}
        else 
        {{
             if(password != passwordConfirm) {{
    		    {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{4}</p>');
                {0}('#passwordStrength').parent().parent('.post').show();
        	    return false;
    	     }}
            
            var strongRegex = new RegExp(""^(?=.{{8,}})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\\W).*$"", ""g"");
 
            var mediumRegex = new RegExp(""^(?=.{{7,}})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$"", ""g"");
 
            var okRegex = new RegExp(""(?=.{{{3},}}).*"", ""g"");
 
            if (okRegex.test(password) === false) {{
                {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{5}</p>');
 
            }} else if (strongRegex.test(password)) {{
                {0}('#passwordStrength').removeClass().addClass('ui-state-default ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-check"" />{6}</p>');
            }} else if (mediumRegex.test(password)) {{
                {0}('#passwordStrength').removeClass().addClass('ui-state-highlight ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-info"" />{7}</p>');
            }} else {{
                {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{8}</p>');
            }}

            {0}('#passwordStrength').parent().parent('.post').show();
        
            return true;
         }}
    }});
 
    {0}('#{1}').on('keyup', function(e) {{

        var password = {0}('#{1}').val();
        var passwordConfirm = {0}('#{2}').val();
 
        if(password == '' && passwordConfirm == '')
        {{
            {0}('#passwordStrength').removeClass().empty();
            {0}('#passwordStrength').parent().parent('.post').hide();
 
            return false;
        }}

        var strongRegex = new RegExp(""^(?=.{{8,}})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\\W).*$"", ""g"");
 
        var mediumRegex = new RegExp(""^(?=.{{7,}})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$"", ""g"");
 
        var okRegex = new RegExp(""(?=.{{{3},}}).*"", ""g"");
 
        if (okRegex.test(password) === false) {{
            {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{5}</p>');
 
        }} else if (strongRegex.test(password)) {{
            {0}('#passwordStrength').removeClass().addClass('ui-state-default ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-check"" />{6}</p>');
        }} else if (mediumRegex.test(password)) {{
            {0}('#passwordStrength').removeClass().addClass('ui-state-highlight ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-info"" />{7}</p>');
        }} else {{
            {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{8}</p>');
        }}

        {0}('#passwordStrength').parent().parent('.post').show();
        
        return true;
    }});
}});".FormatWith(
                Config.JQueryAlias,
                passwordClientID,
                confirmPasswordClientID,
                minimumChars,
                notMatchText,
                passwordMinText,
                passwordGoodText,
                passwordStrongerText,
                passwordWeakText);
        }



It is a severe error because forum is unable to work well if member is unable to register. Please update and fix this bug as soon as possible for all version later

Thanks,

Jackie

PS: My version is YAF.NET 2.2.2

Sponsor
Zero2Cool
  • Zero2Cool
  • 100% (Exalted)
  • YAF Leader YAF Version: YAF 3.1.16
jackiechou
  • jackiechou
  • 66.4% (Friendly)
  • YAF Camper Topic Starter
8 years ago
Hi,

Your fix below for this problem is not okay because there is still error that password is not enough strong. We hide the error message if the password and retype password are the same. But we has still had an error case when password is not enough strong here.

It is easy to recognize this if we review the code below:


{0}('#{2}').on('keyup', function(e) {{
        var password = {0}('#{1}').val();
        var passwordConfirm = {0}('#{2}').val();
        if(password == '' && passwordConfirm == '') {{
            {0}('#passwordStrength').removeClass().empty();
            {0}('#passwordStrength').parent().parent('.post').hide();
 
            return false;
        }}
        else 
        {{
             if(password != passwordConfirm) {{
    		    {0}('#passwordStrength').removeClass().addClass('ui-state-error ui-corner-all').html('<p><span class=""PasswordStrengthMessageIcon ui-icon ui-icon-alert"" />{4}</p>');
                {0}('#passwordStrength').parent().parent('.post').show();
        	    return false;
    	     }}
             else {{
                {0}('#passwordStrength').removeClass().empty();
                {0}('#passwordStrength').parent().parent('.post').hide();
             }}
         }}
    }});

Thanks for your concern!

Jackie