Strong password enforcement/customization. See: #573

s2member/includes/classes/login-customizations.inc.php

@@ -133,7 +133,7 @@ public static function login_header_styles()
 			$a[] = 'div#login form#lostpasswordform p.submit { float:none'.$i.'; } div#login form#lostpasswordform input[type="submit"] { float:none'.$i.'; width:100%'.$i.'; box-sizing:border-box'.$i.'; }';
 			$a[] = 'div#login form#resetpassform #pass-strength-result { float:none'.$i.'; width:100%'.$i.'; box-sizing:border-box'.$i.'; } div#login form#resetpassform p.submit { float:none'.$i.'; } div#login form#resetpassform input[type="submit"] { float:none'.$i.'; width:100%'.$i.'; box-sizing:border-box'.$i.'; }';
 
-			$a[] = 'div.ws-plugin--s2member-password-strength { margin-top:3px'.$i.'; font-color:#000000'.$i.'; background-color:#EEEEEE'.$i.'; padding:3px'.$i.'; border-radius:3px'.$i.'; } div.ws-plugin--s2member-password-strength-short { background-color:#FFA0A0'.$i.'; } div.ws-plugin--s2member-password-strength-bad { background-color:#FFB78C'.$i.'; } div.ws-plugin--s2member-password-strength-good { background-color:#FFEC8B'.$i.'; } div.ws-plugin--s2member-password-strength-strong { background-color:#C3FF88'.$i.'; } div.ws-plugin--s2member-password-strength-mismatch { background-color:#D6C1AB'.$i.'; }';
+			$a[] = 'div.ws-plugin--s2member-password-strength { margin-top:3px'.$i.'; font-color:#000000'.$i.'; background-color:#EEEEEE'.$i.'; padding:3px'.$i.'; border-radius:3px'.$i.'; } div.ws-plugin--s2member-password-strength-short { background-color:#FFA0A0'.$i.'; } div.ws-plugin--s2member-password-strength-weak { background-color:#FFB78C'.$i.'; } div.ws-plugin--s2member-password-strength-good { background-color:#FFEC8B'.$i.'; } div.ws-plugin--s2member-password-strength-strong { background-color:#C3FF88'.$i.'; } div.ws-plugin--s2member-password-strength-mismatch { background-color:#D6C1AB'.$i.'; }';
 
 			$a[] = 'div#login form#registerform p#reg_passmail { font-style:italic'.$i.'; }';
 

s2member/includes/classes/user-securities.inc.php

@@ -157,5 +157,111 @@ public static function hide_password_fields($show, $user = NULL)
 
 			return apply_filters('ws_plugin__s2member_hide_password_fields', $show, get_defined_vars());
 		}
+
+		/**
+		 * Acquires password minimum length.
+		 *
+		 * @package s2Member\User_Securities
+		 * @since 150717
+		 *
+		 * @param string $password The password to score.
+		 *
+		 * @return integer Password minimum length.
+		 */
+		public static function min_password_length()
+		{
+			$min = (integer)$GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password_min_length'];
+			return max(6, (integer)apply_filters('ws_plugin__s2member_min_password_length', $min > 0 ? $min : 0));
+		}
+
+		/**
+		 * Acquires minimum password strength code.
+		 *
+		 * @package s2Member\User_Securities
+		 * @since 150717
+		 *
+		 * @return string Minimum password strength code.
+		 */
+		public static function min_password_strength_code()
+		{
+			$code = $GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password_min_strength'];
+			return apply_filters('ws_plugin__s2member_min_password_strength_code', trim($code));
+		}
+
+		/**
+		 * Acquires minimum password strength label.
+		 *
+		 * @package s2Member\User_Securities
+		 * @since 150717
+		 *
+		 * @return string Minimum password strength label.
+		 */
+		public static function min_password_strength_label()
+		{
+			switch(self::min_password_strength_code())
+			{
+				case 'weak': return _x('`weak`, `good`, or `strong`', 's2member-front', 's2member');
+				case 'good': return _x('`good` or `strong` (i.e., use numbers, letters, and mixed caSe)', 's2member-front', 's2member');
+				case 'strong': return _x('`strong` (i.e., use numbers, letters, mixed caSe, and punctuation)', 's2member-front', 's2member');
+			}
+			return ''; // Default behavior.
+		}
+
+		/**
+		 * Acquires minimum password strength score.
+		 *
+		 * @package s2Member\User_Securities
+		 * @since 150717
+		 *
+		 * @return integer Minimum password strength score.
+		 */
+		public static function min_password_strength_score()
+		{
+			$score = 0; // Default behavior.
+
+			switch(self::min_password_strength_code())
+				{
+					case 'n/a': $score = 0; break;
+					case 'weak': $score = 10; break;
+					case 'good': $score = 30; break;
+					case 'strong': $score = 50; break;
+				}
+			return apply_filters('ws_plugin__s2member_min_password_strength_score', $score > 0 ? $score : 0);
+		}
+
+		/**
+		 * Acquires password strength score.
+		 *
+		 * @package s2Member\User_Securities
+		 * @since 150717
+		 *
+		 * @param string $password The password to score.
+		 *
+		 * @return integer Password strength score.
+		 */
+		public static function password_strength_score($password)
+		{
+			$score = 0; // Initialize score.
+
+			if(strlen($password) < 1)
+				return $score;
+
+		 	else if(strlen($password) < self::min_password_length())
+				return $score;
+
+			if(preg_match('/[0-9]/', $password))
+				$score += 10;
+
+			if(preg_match('/[a-z]/', $password))
+				$score += 10;
+
+			if(preg_match('/[A-Z]/', $password))
+				$score += 10;
+
+			if(preg_match('/[^0-9a-zA-Z]/', $password))
+				$score += $score === 30 ? 20 : 10;
+
+			return apply_filters('ws_plugin__s2member_password_strength_score', $score > 0 ? $score : 0);
+		}
 	}
-}
+}

s2member/includes/menu-pages/gen-ops.inc.php

@@ -56,7 +56,7 @@ public function __construct()
 
 				echo '<div class="ws-menu-page-section ws-plugin--s2member-uninstall-section">'."\n";
 				echo '<h3>Plugin Deletion Safeguards (highly recommended)</h3>'."\n";
-				echo '<p>By default, s2Member will retain all of it\'s Roles, Capabilities, and your Configuration Options when/if you delete s2Member from the Plugins Menu in WordPress. However, if you would like for s2Member to erase itself completely, please choose: <code>No (upon deletion, erase all data/options)</code>. See also: <a href="http://s2member.com/kb-article/how-do-i-manually-uninstall-s2member/" target="_blank" rel="external">s2Member Uninstall Instructions</a></p>';
+				echo '<p>By default, s2Member will retain all of it\'s Roles, Capabilities, and your Configuration Options when/if you delete s2Member from the Plugins Menu in WordPress. However, if you would like for s2Member to erase itself completely, please choose: <code>No (upon deletion, erase all data/options)</code>. See also: <a href="http://s2member.com/kb-article/how-do-i-uninstall-s2member/" target="_blank" rel="external">s2Member Uninstall Instructions</a></p>';
 				do_action("ws_plugin__s2member_during_gen_ops_page_during_left_sections_during_uninstall", get_defined_vars());
 
 				echo '<table class="form-table">'."\n";
@@ -1147,16 +1147,32 @@ public function __construct()
 				echo '</th>'."\n";
 
 				echo '</tr>'."\n";
-				echo '<tr>'."\n";
+				echo '<tr style="padding-bottom:0;">'."\n";
 
-				echo '<td>'."\n";
-				echo '<select name="ws_plugin__s2member_custom_reg_password" id="ws-plugin--s2member-custom-reg-password"'.((is_multisite() && c_ws_plugin__s2member_utils_conds::is_multisite_farm() && is_main_site() && !c_ws_plugin__s2member_utils_conds::pro_is_installed()) ? ' disabled="disabled"' : '').'>'."\n";
-				echo '<option value="0"'.((!$GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password"]) ? ' selected="selected"' : '').'>No (send auto-generated passwords via email; after registration)</option>'."\n";
-				echo '<option value="1"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password"]) ? ' selected="selected"' : '').'>Yes (allow members to create their own password during registration)</option>'."\n";
-				echo '</select><br />'."\n";
-				echo 'Auto-generated Passwords are recommended for best security; i.e., this also serves as a form of email confirmation.'."\n";
+				echo '<td style="padding-bottom:0;">'."\n";
+				echo '<em><strong>Note:</strong> Custom passwords are easier for users. However, auto-generated passwords are recommended for best security; i.e., auto-generated passwords also serve as a form of email confirmation.</em>'."\n";
 				echo (is_multisite() && c_ws_plugin__s2member_utils_conds::is_multisite_farm() && is_main_site()) ? '<br /><em>* For security purposes, Custom Passwords are not possible on the Main Site of a Blog Farm. <a href="#" onclick="alert(\'For security purposes, Custom Passwords are not possible on the Main Site of a Blog Farm. A User must wait for the activation/confirmation email; where a randomly generated Password will be assigned. Please note, this limitation only affects your Main Site, via `/wp-signup.php`. In other words, your Customers (i.e., other Blog Owners) will still have the ability to allow Custom Passwords with s2Member. YOU are affected by this limitation, NOT them.\\n\\n* NOTE: s2Member (Pro) removes this limitation.\\nIf you install the s2Member Pro Add-on, you WILL be able to allow Custom Passwords through s2Member Pro-Forms; even on a Multisite Blog Farm.\'); return false;" tabindex="-1">[?]</a></em>'."\n" : '';
 				echo (c_ws_plugin__s2member_utils_conds::bp_is_installed()) ? '<br /><em>* Does not affect BuddyPress registration form (always <code>yes</code> with BuddyPress registration).</em>'."\n" : '';
+				echo '<br /><select name="ws_plugin__s2member_custom_reg_password" id="ws-plugin--s2member-custom-reg-password"'.((is_multisite() && c_ws_plugin__s2member_utils_conds::is_multisite_farm() && is_main_site() && !c_ws_plugin__s2member_utils_conds::pro_is_installed()) ? ' disabled="disabled"' : '').'>'."\n";
+				echo '<option value="0"'.((!$GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password"]) ? ' selected="selected"' : '').'>No (send auto-generated passwords via email; after registration)</option>'."\n";
+				echo '<option value="1"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password"]) ? ' selected="selected"' : '').'>Yes (allow members to create their own password during registration)</option>'."\n";
+				echo '</select>'."\n";
+				echo '</td>'."\n";
+
+				echo '</tr>'."\n";
+				echo '<tr style="padding-top:0;">'."\n";
+
+				echo '<td style="padding-top:2px;">'."\n";
+				echo '<div id="ws-plugin--s2member-custom-reg-password-settings">'."\n";
+				echo '<small><em><strong>Note:</strong> Minimum characters and password strength also impact profile updates, so it\'s a good idea to configure these even if you\'re using auto-generated passwords during registration.</em></small><br />'."\n";
+				echo '<small>Minimum characters:</small> <input type="text" autocomplete="off" name="ws_plugin__s2member_custom_reg_password_min_length" id="ws-plugin--s2member-custom-reg-password-min-length" value="'.format_to_edit($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password_min_length"]).'" maxlength="2" size="2" style="width:auto;" />'."\n";
+				echo '<small>Minimum strength:</small> <select name="ws_plugin__s2member_custom_reg_password_min_strength" id="ws-plugin--s2member-custom-reg-password-min-strength" style="width:auto;">'."\n";
+				echo '<option value="n/a"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password_min_strength"] === 'n/a') ? ' selected="selected"' : '').'>N/A (do not enforce a password strength requirement)</option>'."\n";
+				echo '<option value="weak"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password_min_strength"] === 'weak') ? ' selected="selected"' : '').'>Weak (only needs to meet minimum length requirement)</option>'."\n";
+				echo '<option value="good"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password_min_strength"] === 'good') ? ' selected="selected"' : '').'>Good (must have numbers, letters, and mixed caSe)</option>'."\n";
+				echo '<option value="strong"'.(($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["custom_reg_password_min_strength"] === 'strong') ? ' selected="selected"' : '').'>Strong (must have numbers, letters, mixed caSe, and punctuation)</option>'."\n";
+				echo '</select>'."\n";
+				echo '</div>'."\n";
 				echo '</td>'."\n";
 
 				echo '</tr>'."\n";

s2member/includes/menu-pages/menu-pages-s.js

@@ -65,6 +65,9 @@ jQuery(document).ready(function($)
 							});
 						return false;
 					});
+				$('#ws-plugin--s2member-custom-reg-password').on('change', function(){
+					$('#ws-plugin--s2member-custom-reg-password-settings').css('opacity', $(this).val() === '1' ? '1' : '0.9');
+				}).trigger('change');
 			}
 		if(location.href.match(/page\=ws-plugin--s2member-logs/))
 			{
@@ -1313,4 +1316,4 @@ jQuery(document).ready(function($)
 
 					}).last().trigger('change');
 			}
-	});
+	});

s2member/includes/menu-pages/menu-pages.css

@@ -806,6 +806,10 @@ table.ws-menu-page-table div.ws-menu-page-group table.form-table > tbody > tr >
 	width       : auto;
 	padding     : 0 0.5em 0 0;
 }
+table.ws-menu-page-table div.ws-menu-page-group table.form-table > tbody > tr:not(:first-child) > th
+{
+	padding-top: 0.5em;
+}
 table.ws-menu-page-table div.ws-menu-page-group table.form-table > tbody > tr > td
 {
 	width   : auto;

s2member/includes/s2member.css

@@ -112,7 +112,7 @@ div.ws-plugin--s2member-password-strength-short
 {
 	background-color : #FFA0A0;
 }
-div.ws-plugin--s2member-password-strength-bad
+div.ws-plugin--s2member-password-strength-weak
 {
 	background-color : #FFB78C;
 }
@@ -475,4 +475,4 @@ body.logged-in.profile.profile-edit form div.ws-plugin--s2member-profile-field-4
 	margin       : 10px 0 10px 0;
 	border-width : 0 0 1px 0;
 	padding      : 0 0 7px 0;
-}
+}