From d782038d0fd1153a8ba949b9a22918b75f459e62 Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Mon, 20 Jan 2014 15:38:46 -0500
Subject: [PATCH 1/3] stupid rebase

---
 public/include/pages/login.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 13c8b504..f2e685d5 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -48,7 +48,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
     }
   }
   // Check if recaptcha is enabled, process form data if valid
-  if (($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_logins') != 1 || $rsp->is_valid) && ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login']))) {
+  if (($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_logins') != 1 || $rsp->is_valid) && ($nocsrf == 1 || (!$config['csrf']['enabled'] || in_array('login', $config['csrf']['disabled_forms'])))) {
     if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
       empty($_POST['to']) ? $to = $_SERVER['SCRIPT_NAME'] : $to = $_POST['to'];
       $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);

From b0053b65e16f271ca99d387a741bd1109d04e267 Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Mon, 20 Jan 2014 23:57:01 -0500
Subject: [PATCH 2/3] Added basic javascript password strength/match testing
 Added pw strength/match to registration form

---
 public/site_assets/mpos/js/pwcheck.js      | 78 ++++++++++++++++++++++
 public/templates/mpos/master.tpl           |  2 +-
 public/templates/mpos/register/default.tpl |  8 ++-
 3 files changed, 84 insertions(+), 4 deletions(-)
 create mode 100644 public/site_assets/mpos/js/pwcheck.js

diff --git a/public/site_assets/mpos/js/pwcheck.js b/public/site_assets/mpos/js/pwcheck.js
new file mode 100644
index 00000000..5433d012
--- /dev/null
+++ b/public/site_assets/mpos/js/pwcheck.js
@@ -0,0 +1,78 @@
+function scorePassword(pass) {
+    var score = 0;
+    if (!pass)
+        return score;
+    var letters = new Object();
+    for (var i=0; i<pass.length; i++) {
+        letters[pass[i]] = (letters[pass[i]] || 0) + 1;
+        score += 5.0 / letters[pass[i]];
+    }
+    var variations = {
+        digits: /\d/.test(pass),
+        lower: /[a-z]/.test(pass),
+        upper: /[A-Z]/.test(pass),
+        nonWords: /\W/.test(pass),
+        spChars: /!@#\$%\^\&*\)\(+=._-/.test(pass),
+    }
+    variationCount = 0;
+    for (var check in variations) {
+        variationCount += (variations[check] == true) ? 1 : 0;
+    }
+    score += (variationCount - 1) * 10;
+    return parseInt(score);
+}
+function checkPassStrength(pass) {
+    var score = scorePassword(pass);
+    if (score >= 80)
+        return "Excellent";
+    if (score >= 70)
+        return "Strong";
+    if (score >= 50)
+        return "Good";
+    if (score >= 40)
+        return "Weak";
+    if (score >= 10)
+    	return "Very weak";
+    if (score < 10 && score > 1)
+    	return "Extremely weak";
+    return "";
+}
+function getStrengthColor(pass) {
+	var score = scorePassword(pass)
+	if (score >= 80)
+		return "#390"
+	if (score >= 70)
+		return "#3C0"
+	if (score >= 50)
+		return "#399"
+	if (score >= 40)
+		return "#F60"
+	if (score >= 10)
+		return "#E00"
+	if (score < 10)
+		return "#C00"
+	return "#999"
+}
+function checkIfPasswordsMatch() {
+	var pwMatch = document.getElementById('pw_match');
+	var field1 = document.getElementById('pw_field').value;
+    var field2 = document.getElementById('pw_field2').value;
+    if (field1 == field2 && field1 !== "" && field2 !== "") {
+    	pwMatch.innerHTML = "Passwords match!";
+    	pwMatch.style.color = "#390";
+    } else if (field1 == "" || field2 == ""){
+    	pwMatch.innerHTML = "";
+    } else {
+    	pwMatch.innerHTML = "Passwords don't match!";
+    	pwMatch.style.color = "#399";
+    }
+}
+$(document).ready(function() {
+    $("#pw_field,#pw_field2").on("keypress keyup keydown", function() {
+        var fieldValue = document.getElementById('pw_field').value;
+        var pwStrength = document.getElementById('pw_strength');
+        pwStrength.innerHTML = checkPassStrength(fieldValue);
+        pwStrength.style.color = getStrengthColor(fieldValue);
+        checkIfPasswordsMatch();
+    });
+});
\ No newline at end of file
diff --git a/public/templates/mpos/master.tpl b/public/templates/mpos/master.tpl
index c20a966b..13159ce9 100644
--- a/public/templates/mpos/master.tpl
+++ b/public/templates/mpos/master.tpl
@@ -29,7 +29,7 @@
 	<script type="text/javascript" src="{$PATH}/js/tinybox.js"></script>
 	<script type="text/javascript" src="{$PATH}/../global/js/number_format.js"></script>
   <!--[if IE]><script type="text/javascript" src="{$PATH}/js/excanvas.js"></script><![endif]-->
-
+  <script type="text/javascript" src="{$PATH}/js/pwcheck.js"></script>
     {if $GLOBAL.statistics.analytics.enabled}
       {$GLOBAL.statistics.analytics.code nofilter}
     {/if}
diff --git a/public/templates/mpos/register/default.tpl b/public/templates/mpos/register/default.tpl
index bea79a6f..eabec47f 100644
--- a/public/templates/mpos/register/default.tpl
+++ b/public/templates/mpos/register/default.tpl
@@ -14,10 +14,12 @@
       <input type="text" class="text tiny" name="username" value="{$smarty.post.username|escape|default:""}" size="15" maxlength="20" required>
     </fieldset>
     <fieldset>
-      <label>Password</label>
-      <input type="password" class="text tiny" name="password1" value="" size="15" maxlength="100" required>
+      <label>Password</label> 
+      <p style="padding-right:10px;display:block;margin-top:0px;float:right;color:#999;" id="pw_strength">Strength</p>
+      <input type="password" class="text tiny" name="password1" value="" size="15" maxlength="100" id="pw_field" required>
       <label>Repeat Password</label>
-      <input type="password" class="text tiny" name="password2" value="" size="15" maxlength="100" required>
+      <p style="padding-right:10px;display:block;margin-top:0px;float:right;" id="pw_match"></p>
+      <input type="password" class="text tiny" name="password2" value="" size="15" maxlength="100" id="pw_field2" required>
     </fieldset>
     <fieldset>
       <label>Email</label>

From a20c2324e29ae7904cceafdd19069c5ea5aaf7f3 Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Tue, 21 Jan 2014 00:02:57 -0500
Subject: [PATCH 3/3] Added pw strength/match to change password form

---
 public/templates/mpos/account/edit/default.tpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/public/templates/mpos/account/edit/default.tpl b/public/templates/mpos/account/edit/default.tpl
index cea3d882..4a8e81c4 100644
--- a/public/templates/mpos/account/edit/default.tpl
+++ b/public/templates/mpos/account/edit/default.tpl
@@ -144,11 +144,13 @@
       </fieldset>
       <fieldset>
         <label>New Password</label>
-        {nocache}<input type="password" name="newPassword" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>{/nocache}
+        <p style="padding-right:10px;display:block;margin-top:0px;float:right;color:#999;" id="pw_strength"></p>
+        {nocache}<input type="password" name="newPassword" id="pw_field"{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>{/nocache}
       </fieldset>
       <fieldset>
         <label>Repeat New Password</label>
-        {nocache}<input type="password" name="newPassword2" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>{/nocache}
+        <p style="padding-right:10px;display:block;margin-top:0px;float:right;" id="pw_match"></p>
+        {nocache}<input type="password" name="newPassword2" id="pw_field2"{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>{/nocache}
       </fieldset>
       <fieldset>
         <label>4 digit PIN</label>