add password min length func

lang/en-US.json

@@ -295,6 +295,7 @@
                 "tls_method" : "TLS method",
                 "title_max_length" : "Documents title maximum length",
                 "title_topic_max_length" : "Discussions topic maximum length",
+                "password_min_length" : "Password minimum length",
             "_comment_2.2.3_" : "Text",
                 "register_text" : "Terms of sign-up",
                 "non_login_alert" : "Non-login alert",
@@ -463,6 +464,7 @@
             "input_email_error" : "There is a problem with the input value.",
             "error_edit_send_request" : "Entering a reason is required.",
             "error_title_length_too_long" : "Documents title or Discussion topic length is too long. Maximum number of characters : ",
+            "error_password_length_too_short" : "Password length is too short. Minimum number of characters : ",
         "_comment_3.2_" : "Warning",
             "http_warning" : "Warning: If you are not on HTTPS connection, your information can be leaked. The users themselves have responsibility to any problems that happen because of this.",
             "user_head_warning" : "User data will be deleted if you close the browser or when you sign in.",

lang/ko-KR.json

@@ -445,5 +445,7 @@
     "title_topic_max_length": "토론 제목 최대 길이",
     "error_title_length_too_long": "문서 제목이나 토론 제목의 길이가 너무 깁니다. 최대 글자 수 : ",
     "thread_acl": "스레드 ACL",
-    "not_all_acl": "전부 금지"
+    "not_all_acl": "전부 금지",
+    "password_min_length": "비밀번호 최소 길이",
+    "error_password_length_too_short": "비밀번호 길이가 너무 짧습니다. 최소 글자 수 : "
 }

route/login_register.py

@@ -24,19 +24,30 @@ def login_register_2(conn):
         else:
             captcha_post('', 0)
 
-        # 아이디 비밀번호 검증 파트
         user_id = flask.request.form.get('id', '')
         user_pw = flask.request.form.get('pw', '')
         user_repeat = flask.request.form.get('pw2', '')
+        
+        # PW 검증
         if user_id == '' or user_pw == '':
             return re_error('/error/27')
 
         if user_pw != user_repeat:
             return re_error('/error/20')
 
+        # PW 길이 제한
+        curs.execute(db_change("select data from other where name = 'password_min_length'"))
+        db_data = curs.fetchall()
+        if db_data and db_data[0][0] != '':
+            password_min_length = int(number_check(db_data[0][0]))
+            if password_min_length > len(user_pw):
+                return re_error('/error/40')
+        
+        # ID 글자 확인
         if re.search(r'(?:[^A-Za-zㄱ-힣0-9])', user_id):
             return re_error('/error/8')
 
+        # ID 필터
         curs.execute(db_change('select html from html_filter where kind = "name"'))
         set_d = curs.fetchall()
         for i in set_d:
@@ -44,9 +55,11 @@ def login_register_2(conn):
             if check_r.search(user_id):
                 return re_error('/error/8')
 
+        # ID 길이 제한 (32글자)
         if len(user_id) > 32:
             return re_error('/error/7')
 
+        # 중복 확인
         curs.execute(db_change("select id from user_set where id = ?"), [user_id])
         if curs.fetchall():
             return re_error('/error/6')
@@ -74,11 +87,20 @@ def login_register_2(conn):
         # 전부 아니면 바로 가입 후 /login으로 발송
         add_user(user_id, user_pw)
         
+        conn.commit()
+        
         return redirect('/login')
     else:
         curs.execute(db_change('select data from other where name = "contract"'))
         data = curs.fetchall()
         contract = (data[0][0] + '<hr class="main_hr">') if data and data[0][0] != '' else ''
+        
+        curs.execute(db_change("select data from other where name = 'password_min_length'"))
+        db_data = curs.fetchall()
+        if db_data and db_data[0][0] != '':
+            password_min_length = ' (' + load_lang('password_min_length') + ' : ' + db_data[0][0] + ')'
+        else:
+            password_min_length = ''
                 
         return easy_minify(flask.render_template(skin_check(),
             imp = [load_lang('register'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
@@ -89,7 +111,7 @@ def login_register_2(conn):
                     <input placeholder="''' + load_lang('id') + '''" name="id" type="text">
                     <hr class="main_hr">
                     
-                    <input placeholder="''' + load_lang('password') + '''" name="pw" type="password">
+                    <input placeholder="''' + load_lang('password') + password_min_length + '''" name="pw" type="password">
                     <hr class="main_hr">
                     
                     <input placeholder="''' + load_lang('password_confirm') + '''" name="pw2" type="password">

route/main_func_setting_acl.py

@@ -66,30 +66,37 @@ def main_func_setting_acl():
                     <form method="post">
                         <a href="/acl/TEST#exp">(''' + load_lang('reference') + ''')</a>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('document_acl') + '''</span> 
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="edit">''' + acl_div[0] + '''</select>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('discussion_acl') + '''</span>
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="discussion">''' + acl_div[1] + '''</select>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('upload_acl') + '''</span>
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="upload_acl">''' + acl_div[2] + '''</select>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('view_acl') + '''</span>
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="all_view_acl">''' + acl_div[3] + '''</select>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('many_upload_acl') + '''</span>
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="many_upload_acl">''' + acl_div[4] + '''</select>
                         <hr class="main_hr">
+                        
                         <span>''' + load_lang('vote_acl') + '''</span>
                         <hr class="main_hr">
                         <select ''' + disable + ''' name="vote_acl">''' + acl_div[5] + '''</select>
                         <hr class="main_hr">
+                        
                         <button id="save" type="submit">''' + load_lang('save') + '''</button>
                     </form>
                 ''',

route/main_func_setting_main.py

@@ -30,7 +30,8 @@ def main_func_setting_main(db_set):
             26 : ['edit_bottom_compulsion', ''],
             27 : ['http_select', 'http'],
             28 : ['title_max_length', ''],
-            29 : ['title_topic_max_length', '']
+            29 : ['title_topic_max_length', ''],
+            30 : ['password_min_length', '']
         }
 
         if flask.request.method == 'POST':
@@ -173,7 +174,12 @@ def main_func_setting_main(db_set):
                         <hr class="main_hr">
 
                         <input type="checkbox" name="ua_get" ''' + check_box_div[4] + '''> ''' + load_lang('ua_get_off') + '''
-
+                        <hr class="main_hr">
+                        
+                        <span>''' + load_lang('password_min_length') + ''' (''' + load_lang('beta') + ''') (''' + load_lang('off') + ''' : ''' + load_lang('empty') + ''')</span>
+                        <hr class="main_hr">
+                        <input name="password_min_length" value="''' + html.escape(d_list[30]) + '''">
+                        
                         <h2>4. ''' + load_lang('server_set') + '''</h2>
                         <span>''' + load_lang('max_file_size') + ''' (MB)</span>
                         <hr class="main_hr">
@@ -224,7 +230,6 @@ def main_func_setting_main(db_set):
                         <input name="title_topic_max_length" value="''' + html.escape(d_list[29]) + '''">
                         <hr class="main_hr">
 
-                        <hr class="main_hr">
                         <button id="save" type="submit">''' + load_lang('save') + '''</button>
                     </form>
                     <script>simple_render('main_set_data');</script>

route/tool/func.py

@@ -2175,6 +2175,15 @@ def re_error(data):
             db_data = curs.fetchall()
             db_data = '' if not db_data else db_data[0][0]
             data = load_lang('error_title_length_too_long') + db_data
+        elif num == 40:
+            curs.execute(db_change("select data from other where name = 'password_min_length'"))
+            db_data = curs.fetchall()
+            if db_data and db_data[0][0] != '':
+                password_min_length = int(number_check(db_data[0][0]))
+            else:
+                password_min_length = ''
+                
+            data = load_lang('error_password_length_too_short') + password_min_length
         else:
             data = '???'
 

route/user_setting_pw.py

@@ -12,55 +12,74 @@ def user_setting_pw():
             return redirect('/login')
 
         if flask.request.method == 'POST':
-            now_pw = flask.request.form.get('pw4', None)
-            new_pw = flask.request.form.get('pw2', None)
-            re_pw = flask.request.form.get('pw3', None)
-            if now_pw and new_pw and re_pw:
-                if new_pw != re_pw:
-                    return re_error('/error/20')
+            user_pw = flask.request.form.get('password_new', '')
+            user_pw_now = flask.request.form.get('password_now', '')
+            user_repeat = flask.request.form.get('password_new_repeat', '')
+        
+            # PW 검증
+            if user_pw == '':
+                return re_error('/error/27')
 
-                curs.execute(db_change("" + \
-                    "select name, data from user_set " + \
-                    "where id = ? and (name = 'encode' or name = 'pw')" + \
-                ""), [
-                    flask.session['id']
-                ])
-                sql_data = curs.fetchall()
-                if not sql_data:
-                    return re_error('/error/2')
-                else:
-                    user = {}
-                    for i in sql_data:
-                        user[i[0]] = i[1]
+            if user_pw != user_repeat:
+                return re_error('/error/20')
+    
+            # PW 길이 제한
+            curs.execute(db_change("select data from other where name = 'password_min_length'"))
+            db_data = curs.fetchall()
+            if db_data and db_data[0][0] != '':
+                password_min_length = int(number_check(db_data[0][0]))
+                if password_min_length > len(user_pw):
+                    return re_error('/error/40')
 
-                if pw_check(
-                    now_pw,
-                    user['pw'], 
-                    user['encode'], 
-                    ip
-                ) != 1:
-                    return re_error('/error/10')
+            curs.execute(db_change("select data from user_set where id = ? and name = 'pw'"), [ip])
+            db_data = curs.fetchall()
+            if not db_data:
+                return re_error('/error/2')
+            else:
+                db_user_pw = db_data[0][0]
+                
+            curs.execute(db_change("select data from user_set where id = ? and name = 'encode'"), [ip])
+            db_data = curs.fetchall()
+            if not db_data:
+                return re_error('/error/2')
+            else:
+                db_user_encode = db_data[0][0]
+                
+            if pw_check(user_pw_now, db_user_pw, db_user_encode, ip) != 1:
+                return re_error('/error/10')
 
-                curs.execute(db_change(
-                    "update user_set set data = ? where id = ? and name = 'pw'"
-                ), [
-                    pw_encode(new_pw), 
-                    ip
-                ])
+            curs.execute(db_change("update user_set set data = ? where id = ? and name = 'pw'"), [
+                pw_encode(new_pw), 
+                ip
+            ])
+            
+            conn.commit()
 
             return redirect('/user')
         else:
+            curs.execute(db_change("select data from other where name = 'password_min_length'"))
+            db_data = curs.fetchall()
+            if db_data and db_data[0][0] != '':
+                password_min_length = ' (' + load_lang('password_min_length') + ' : ' + db_data[0][0] + ')'
+            else:
+                password_min_length = ''
+            
             return easy_minify(flask.render_template(skin_check(),
                 imp = [load_lang('password_change'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
                 data = '''
                     <form method="post">
-                        <input placeholder="''' + load_lang('now_password') + '''" name="pw4" type="password">
+                        <input placeholder="''' + load_lang('now_password') + '''" name="password_now" type="password">
                         <hr class="main_hr">
-                        <input placeholder="''' + load_lang('new_password') + '''" name="pw2" type="password">
+                        
+                        <input placeholder="''' + load_lang('new_password') + password_min_length + '''" name="password_new" type="password">
                         <hr class="main_hr">
-                        <input placeholder="''' + load_lang('password_confirm') + '''" name="pw3" type="password">
+                        
+                        <input placeholder="''' + load_lang('password_confirm') + '''" name="password_new_repeat" type="password">
                         <hr class="main_hr">
+                        
                         <button type="submit">''' + load_lang('save') + '''</button>
+                        
+                        ''' + http_warning() + '''
                     </form>
                 ''',
                 menu = [['change', load_lang('return')]]

version.json

@@ -1,6 +1,6 @@
 {
     "beta" : {
-        "r_ver" : "v3.4.5 (stable2) (beta3) (dev17)",
+        "r_ver" : "v3.4.5 (stable2) (beta3) (dev18)",
         "c_ver" : "3500108",
         "s_ver" : "3500110"
     }