Prevent users setting/hashing an empty password

2024-01-19 23:45:02 +00:00 · 2024-01-19 23:45:02 +00:00 · 1fcf559e13
parent ee68bf10b8
commit 1fcf559e13
2 changed files with 7 additions and 2 deletions
--- a/post/profile.php
+++ b/post/profile.php
@ -92,6 +92,11 @@ if (isset($_POST['edit_your_user_password'])) {

    $new_password = trim($_POST['new_password']);

+    if (empty($new_password)) {
+        header('Location: user_security.php');
+        exit;
+    }
+
    // Email notification when password or email is changed
    $user_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $session_user_id"));
    $name = sanitizeInput($user_sql['user_name']);
--- a/user_security.php
+++ b/user_security.php
@ -12,12 +12,12 @@ require_once "inc_all_user.php";
            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

            <div class="form-group">
-                <label>Your New Password</label>
+                <label>Your New Password <strong class="text-danger">*</strong></label>
                <div class="input-group">
                    <div class="input-group-prepend">
                        <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
                    </div>
-                    <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
+                    <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8" required>
                    <div class="input-group-append">
                        <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
                    </div>