DivebombInc

Allow special characters in passwords

5 posts in this topic

Running v2.3.4, is there a setting I'm missing that will allow customers to use special characters in their passwords? Getting several requests for this.

Share this post


Link to post
Share on other sites

Hello @@DivebombInc,

 

I just tried with 2.3.4 BS and I can use all of these: ª!"·$%&/()=áéúóöç

Which concrete characters would not work on your store?

The only combinations which will be replaced are these you can see in the tep_sanitize function in includes/functions/general.php:

  function tep_sanitize_string($string) {
    $patterns = array ('/ +/','/[<>]/');
    $replace = array (' ', '_');
    return preg_replace($patterns, $replace, trim($string));
  }

rgds

Rainer

Share this post


Link to post
Share on other sites

@@raiwa, Hi.

I changed function tep_sanitize_string to remove unwanted characters from the search string.  It seems to work ok and not effecting anything else (not that I've noticed anyway).

My question is, what is the main reason for this function?  Is it used just to remove unwanted characters before entering data into the DB?  If that is the case, then for me to atler $patterns and $replace will be ok.

Thanks in advance

Mike

Share this post


Link to post
Share on other sites

@@Mikepo, it's for security reason to filter sql injection attempts.

Share this post


Link to post
Share on other sites

@@raiwa, I thought so, so I filtered for %20 within the advanced_search and store_search files to replace %20 with a space ' ', as I had a problem with bots using %20 instead of space

Thanks for the reply

Mike

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now