From caa10555c669be99d02669ee25bdd4a95b05ce56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Sedl=C3=A1k?= <michalsedlak35@gmail.com>
Date: Fri, 16 May 2025 11:48:28 +0200
Subject: [PATCH] Added password verify

Min 8 chars long
Min 1 upper letter
min 1 number
---
 Web/betatest/content/adminpanel.php     | 16 ++++++++++++++++
 Web/betatest/content/changepassword.php | 18 +++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/Web/betatest/content/adminpanel.php b/Web/betatest/content/adminpanel.php
index 5753afb..191e79d 100644
--- a/Web/betatest/content/adminpanel.php
+++ b/Web/betatest/content/adminpanel.php
@@ -34,6 +34,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         if (empty($uname) || empty($pswd)) {
             $_SESSION['message'] = 'Error: Username and password are required!';
             $_SESSION['message_type'] = 'error';
+        } else if (!CheckPassword($pswd)) {
+            $_SESSION['message'] = 'Error: Password must be at least 8 characters long, contain at least one number and one uppercase letter!';
+            $_SESSION['message_type'] = 'error';
         } else {
             $sql_check = "SELECT * FROM users WHERE uname = ?";
             $stmt_check = $conn->prepare($sql_check);
@@ -117,6 +120,19 @@ $message = $_SESSION['message'] ?? '';
 $message_type = $_SESSION['message_type'] ?? '';
 unset($_SESSION['message']);
 unset($_SESSION['message_type']);
+
+function CheckPassword($password) {
+    if (strlen($password) < 8) {
+        return false;
+    }
+    if (!preg_match('/[0-9]/', $password)) {
+        return false;
+    }
+    if (!preg_match('/[A-Z]/', $password)) {
+        return false;
+    }
+    return true;
+}
 ?>
 
 <!DOCTYPE html>
diff --git a/Web/betatest/content/changepassword.php b/Web/betatest/content/changepassword.php
index 8aa1bfa..74c93f2 100644
--- a/Web/betatest/content/changepassword.php
+++ b/Web/betatest/content/changepassword.php
@@ -21,7 +21,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $confirm_password = htmlspecialchars($_POST['confirm_password']);
         $uname = $_SESSION['uname'];
 
-        if ($new_password !== $confirm_password) {
+        if(!CheckPassword($new_password)) {
+            $message = "New password must be at least 8 characters long, contain at least one number and one uppercase letter!";
+            $messageType = "danger";
+        } else if ($new_password !== $confirm_password) {
             $message = "New passwords do not match!";
             $messageType = "danger";
         } else {
@@ -74,6 +77,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $messageType = "danger";
     }
 }
+
+function CheckPassword($password) {
+    if (strlen($password) < 8) {
+        return false;
+    }
+    if (!preg_match('/[0-9]/', $password)) {
+        return false;
+    }
+    if (!preg_match('/[A-Z]/', $password)) {
+        return false;
+    }
+    return true;
+}
 ?>
 
 <!DOCTYPE html>