2 years ago · 54c4f8ab68
--- a/fn/auth.php
+++ b/fn/auth.php
@@ -1,18 +1,18 @@
 
															 <?php
														
 
															-define("USERNAME_REGEX", "^[\p{L}\p{N}_-]{1,64}$");
														
 
															-define("PASSWORD_REGEX", "^(?=.*[\p{Ll}])(?=.*[\p{Lu}])(?=.*[\p{N}]).{8,1024}|.{10,1024}$");
														
 
															+const USERNAME_REGEX = '^[\p{L}\p{N}_-]{1,64}$';
														
 
															+const PASSWORD_REGEX = '^(?=.*[\p{Ll}])(?=.*[\p{Lu}])(?=.*[\p{N}]).{8,1024}|.{10,1024}$';
														
 
															-define("PLACEHOLDER_USERNAME", "lain");
														
 
															-define("PLACEHOLDER_PASSWORD", "••••••••••••••••••••••••");
														
 
															+const PLACEHOLDER_USERNAME = 'lain';
														
 
															+const PLACEHOLDER_PASSWORD = '••••••••••••••••••••••••';
														
 
															 // Password storage security
														
 
															-define("ALGO_PASSWORD", PASSWORD_ARGON2ID);
														
 
															-define("OPTIONS_PASSWORD", array(
														
 
															+const ALGO_PASSWORD = PASSWORD_ARGON2ID;
														
 
															+const OPTIONS_PASSWORD = [
														
 
															 	"memory_cost" => 65536,
														
 
															 	"time_cost" => 24,
														
 
															 	"threads" => 64,
														
 
															-));
														
 
															+];
														
 
															 function checkPasswordFormat($password) {
														
 
															 	if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1)
														
--- a/pages/auth/login.php
+++ b/pages/auth/login.php
@@ -25,7 +25,7 @@ if (processForm(false)) {
 
															 <form method="post">
														
 
															 	<label for="username">Identifiant</label><br>
														
 
															-	<input required="" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="<?= PLACEHOLDER_USERNAME ?>">
														
 
															+	<input required="" minlength="1" maxlength="64" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="<?= PLACEHOLDER_USERNAME ?>">
														
 
															 	<br>
														
 
															 	<label for="password">Clé de passe</label><br>
														
--- a/pages/auth/register.php
+++ b/pages/auth/register.php
@@ -50,7 +50,7 @@ if (processForm(false)) {
 
															 		<summary><label for="username">Identifiant</label></summary>
														
 
															 		Uniquement composé de lettres minuscules.
														
 
															 	</details>
														
 
															-	<input id="username" maxlength="32" pattern="<?= USERNAME_REGEX ?>" required="" name="username" type="text" placeholder="<?= PLACEHOLDER_USERNAME ?>"><br>
														
 
															+	<input id="username" minlength="1" maxlength="64" pattern="<?= USERNAME_REGEX ?>" required="" name="username" type="text" placeholder="<?= PLACEHOLDER_USERNAME ?>"><br>
														
 
															 	<details>
														
 
															 		<summary><label for="password">Clé de passe</label></summary>
														
--- a/pages/reg/register.php
+++ b/pages/reg/register.php
@@ -1,8 +1,8 @@
 
															 <?php
														
 
															 if (processForm()) {
														
 
															-	if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
														
 
															-	output(403, 'Erreur : Le nom de domaine doit être composé uniquement d\'entre 4 et 63 lettres minuscules (a-z)');
														
 
															+	if (preg_match('/' . CONF['reg']['subdomain_regex'] . '/', $_POST['subdomain']) !== 1)
														
 
															+		output(403, 'Le nom de domaine doit être composé uniquement d\'entre 4 et 63 lettres minuscules ou chiffre (a-z et 0-9)');
														
 
															 	$domain = formatAbsoluteDomain($_POST['subdomain'] . '.' . CONF['reg']['registry']);