- Fix red 'X' next to password may not be removed on a valid password.
- Prevent displaying the password comparison checkbox if the feature is disabled
Thanks @WoodiE for funding the HIBP (pwned password) integration.
- Pwned password integration
- This allows securely checking if a password has likely been compromised without sharing the password.
- See Validating Leaked Passwords with k-Anonymity for details. Warning; contains Maths.
- If the API fails, the password is blocked with a generic error message (as it does not log the stack trace as this would leak the user's password into the error log).
- Caches API results for at least a day
- Pwned password reports the number of breaches, and there is an admincp option to use this to determine if a password is compromised.
- New Password checks option.
- Allows zxcvbn & pwned password support to be independantly disabled
- Only show 'too short' password strength phrase if there is any password
- Only show 'password matching' indicator between password/confirmed password fields if there is any password.
- Rework failed password reporting to be more consistent
- Enable password complexity for admins in admincp
- Applies to admin edits.
- Default disabled
- Now maintained by Xon
- Installer enforces minimum php 5.4+ version
- Rewrite password-meter javascript to reliably find the fields it needs to hook into.
- Add password-meter to admincp page when setting a user password
- Option to not enforce password complexity rules for setting a user password via the admincp
- Add password-meter to lost password page
- Use "async" attribute for external scripts, removing the polyfill.
- Sorry pre-IE11, go die in a fire.
- For ancient browsers, they will ignore the attribute and block the page while downloading the zxcvbn script.
PATCH NOTES
Installer
- Fixed a php7 error causing registrations and password changes to fail.
- Fixed an error that caused the installer to fail installing some addons, if the server has no file write permission.
- Fixed an error that caused the installer to fail installing or updating some addons with database tables.
PATCH NOTES
- Add-On ID has been changed. If you're upgrading from a previous version, please read the notice below.
- Some core parts have been rewritten to be more efficient and less vulnerable for bugs (hopefully).
- Style properties have been ajusted for a cleaner look.
- Features a unified installer used among my Add-Ons to eliminate (un-)installation bugs in the future.
IMPORTANT NOTICE
- Upgrading from a previous version:
- Go to the style properties page and make a copy of some sort from your modifications made to this addons settings.
- Go to the Settings Page and make a copy of some sort of all options.
- Upload all content of the 'Upload' folder to your XenForo installation. Overwrite files as necessary.
- In your Addon List, hit: "Install Add-On", do not upgrade the previous version.
- The Installer will remove the previous version and all deprecated files as necessary.
- Head back to the style properties page and restore all your settings.
- Head to the options page and restore all your settings.