Simplification to use only the new'ish built in WordPress password strength meter system.

ryanhellyer · ryanhellyer · commit df3715d9936f · 2016-09-20T23:20:51.000+02:00
diff --git a/minimum-password-strength.php b/minimum-password-strength.php
@@ -1,121 +1,19 @@
-<?php
-
-/*
- * Plugin Name: Minimum Password Strength
- * Description: Enforce a specific password strength. Uses the same strength calculations as the WordPress password strength meter
- * Version: 1.2.0
- * Plugin URI: http://wordpress.org/extend/plugins/minimum-password-strength/
- * Author: Will Anderson and Tony Ferrell
- * Author URI: http://codeawhile.com/
- */
-
- class Minimum_Password_Strength {
-	
-	const STRENGTH_KEY = 'minimum_password_strength';
-	const PASS_LENGTH = 4;
-	const SHORT_PASS = 1;
-	const BAD_PASS = 2;
-	const GOOD_PASS = 3;
-	const STRONG_PASS = 4;
-	const MISMATCH = 5;
-	const DEFAULT_REQUIRED_STRENGTH = self::GOOD_PASS;
-	
-	public static $strengths = array(
-		2 => 'Weak',
-		3 => 'Medium',
-		4 => 'Strong',
-	);
-
- 	public static function start() {
-		add_action( 'user_profile_update_errors', array( __CLASS__, 'check_password_strength' ) );
-		add_action( 'admin_menu', array( __CLASS__, 'add_menu' ) );
-		add_action( 'validate_password_reset', array( __CLASS__, 'check_password_strength' ) );
-	}
-
-	public static function check_password_strength( $errors ) {
-		$password1 = isset( $_POST['pass1'] ) ? $_POST['pass1'] : '';
-		$password2 = isset( $_POST['pass2'] ) ? $_POST['pass2'] : '';
-		if ( isset( $_POST['user_id'] ) ) {
-			// Editing user profile page
-			$user_id = intval( $_POST['user_id'] );
-			$user = get_userdata( $user_id );
-			$username = $user->user_login;
-		} else {
-			// Creating a new user
-			$username = $_POST['user_login'];
-		}
-		
-		if ( empty( $password1 ) && empty( $password2 ) ) {
-			return;
-		}
-
-		$strength = self::get_password_strength( $username, $password1, $password2 );
-
-		$required_strength = get_option( self::STRENGTH_KEY, 3 );
-
-		if ( self::MISMATCH == $strength ) {
-			$errors->add( 'mismatched-password', 'The passwords you entered do not match', array( 'form-field' => 'pass1' ) );
-		} elseif ( $strength < $required_strength ) {
-			$errors->add( 'weak-password', sprintf( __( 'You must choose a "%s" password', 'minimum-password-strength' ), self::$strengths[$required_strength] ), array( 'form-field' => 'pass1' ) );
-		}
-	}
-
-	public static function add_menu() {
-		add_options_page( __( 'Minimum Password Strength', 'minimum-password-strength' ), __( 'Password Strength', 'minimum-password-strength' ), 'manage_options', __FILE__, array( __CLASS__, 'show_settings_page' ) );
-	}
-
-	public static function show_settings_page() {
-		if ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) &&
-				wp_verify_nonce( $_POST['_wpnonce'], 'update_minimum_password_strength' ) ) {
-			$strength = intval( $_POST['strength'] );
-			update_option( self::STRENGTH_KEY, $strength );
-		}
-		
-		$required_strength = self::get_required_strength();
-		$options = self::$strengths;
-
-		include plugin_dir_path( __FILE__ ) . 'views/settings.php';
-	}
-
-	public static function get_required_strength() {
-		return get_option( self::STRENGTH_KEY, self::DEFAULT_REQUIRED_STRENGTH );
-	}
-
-	public static function get_password_strength( $username, $password1, $password2 ) {
-		$symbolSize = 0;
-
-		// password 1 != password 2
-		if ( $password1 != $password2 )
-			return self::MISMATCH;
-
-		//password < self::PASS_LENGTH
-		if ( strlen( $password1 ) < self::PASS_LENGTH )
-			return self::SHORT_PASS;
-
-		//password1 == username
-		if ( strtolower( $password1 ) == strtolower( $username ) )
-			return self::BAD_PASS;
-
-		if ( preg_match( '/[0-9]/', $password1 ) )
-			$symbolSize += 10;
-		if ( preg_match( '/[a-z]/', $password1 ) )
-			$symbolSize += 26;
-		if ( preg_match( '/[A-Z]/', $password1 ) )
-			$symbolSize += 26;
-		if ( preg_match( '/[^a-zA-Z0-9]/', $password1 ) )
-			$symbolSize += 31;
-
-		$natLog = log( pow( $symbolSize, strlen( $password1 ) ) );
-		$score = $natLog / log( 2 );
-
-		if ( $score < 40 )
-			return self::BAD_PASS;
-
-		if ( $score < 56 )
-			return self::GOOD_PASS;
-		
-		return self::STRONG_PASS;
-	}
- }
-
- Minimum_Password_Strength::start();
+<?php
+
+/*
+ * Plugin Name: Minimum Password Strength
+ * Description: Enforce a specific password strength. Hides the option to ignore weak passwords.
+ * Version: 2.0.0
+ * Plugin URI: http://wordpress.org/extend/plugins/minimum-password-strength/
+ * Author: Will Anderson, Tony Ferrell and Ryan Hellyer
+ * Author URI: http://codeawhile.com/
+ */
+
+
+add_action( 'admin_enqueue_scripts', 'minimum_password_strength' );
+/**
+ * Hiding the "Confirm use of weak password" checkbox from view.
+ */
+function minimum_password_strength() {
+	wp_add_inline_style( 'admin-menu', '.pw-weak {display: none !important;}' );
+}
diff --git a/readme.md b/readme.md
@@ -1,54 +1,55 @@
-Minimum Password Strength
-=========================
-* Contributors: [itsananderson](http://profiles.wordpress.org/itsananderson),
-  [Zer0Divisor](http://profiles.wordpress.org/Zer0Divisor)
-* Donate link: 
-* Tags: [security](http://wordpress.org/extend/plugins/tags/security),
-  [password](http://wordpress.org/extend/plugins/tags/password),
-  [administration](http://wordpress.org/extend/plugins/tags/administration)
-* Requires at least: 3.0
-* Tested up to: 4.4.2
-* Stable tag: 1.2.0
-* License: GPLv2 or later
-* License URI: http://www.gnu.org/licenses/gpl-2.0.html
-
-Enforce a specific password strength. Uses the same strength calculations as the WordPress password strength meter
-
-Description
------------
-
-WordPress profile pages contain a visual indicator which shows the strength of a user's chosen password. This is nice, but WordPress doesn't actually enforce this in any way, so users are free to select weak passwords.
-
-Minimum Password Strength uses the same method to calculate a password's strength, but forces users to meet a minimum strength requirement before they can change their password.
-
-By default, passwords must have "Medium" strength, but administrators can change this to force passwords to be at least "Weak", "Medium", or "Strong". To change the minimum strength, go to Settings -> Password Strength after installing Minimum Password Strength.
-
-For now, all users have the same password strength requirements, but a later release will allow administrators to select different strength requirements for different roles.
-
-Installation
-------------
-
-1. Upload the 'minimum-password-strength' to the '/wp-content/plugins/' directory
-1. Activate the plugin through the 'Plugins' menu in WordPress
-1. Configure your required password strength in Settings -> Password Strength
-
-Changelog
----------
-
-#### 1.2.0 ####
-* Enforce password strength during password reset
-* Update "Tested up to" tag
-
-#### 1.1.2 ####
-* Fixing the installation instructions
-* Updating the short and long descriptions
-* Updating the "Tested up to" tag
-
-#### 1.1.1 ####
-* Fixing a broken author name
-
-#### 1.1 ####
-* Adding a readme.txt file
-
-#### 1.0 ####
+Minimum Password Strength
+=========================
+* Contributors: [itsananderson](http://profiles.wordpress.org/itsananderson),
+  [Zer0Divisor](http://profiles.wordpress.org/Zer0Divisor),
+  [ryanhellyer](http://profiles.wordpress.org/ryanhellyer)
+* Donate link: 
+* Tags: [security](http://wordpress.org/extend/plugins/tags/security),
+  [password](http://wordpress.org/extend/plugins/tags/password),
+  [administration](http://wordpress.org/extend/plugins/tags/administration)
+* Requires at least: 4.6
+* Tested up to: 4.7
+* Stable tag: 2.0.0
+* License: GPLv2 or later
+* License URI: http://www.gnu.org/licenses/gpl-2.0.html
+
+Enforce a specific password strength. Hides the option to ignore weak passwords.
+
+Description
+-----------
+
+WordPress profile pages contain a visual indicator which shows the strength of a user's chosen password. This is nice, but WordPress doesn't actually enforce this in any way, so users are free to select weak passwords.
+
+Minimum Password Strength removes the option to bypass the strength suggestion.
+
+Installation
+------------
+
+1. Upload the 'minimum-password-strength' to the '/wp-content/plugins/' directory or install via the WordPress plugin installer.
+2. Activate the plugin through the 'Plugins' menu in WordPress
+
+Changelog
+---------
+
+### 2.0.0 ###
+* Change to simply removing the option to bypass the password strength check
+* Documentation update
+* Update "Tested up to" tag
+
+#### 1.2.0 ####
+* Enforce password strength during password reset
+* Update "Tested up to" tag
+
+#### 1.1.2 ####
+* Fixing the installation instructions
+* Updating the short and long descriptions
+* Updating the "Tested up to" tag
+
+#### 1.1.1 ####
+* Fixing a broken author name
+
+#### 1.1 ####
+* Adding a readme.txt file
+
+#### 1.0 ####
 * Initial release
diff --git a/readme.txt b/readme.txt
@@ -1,33 +1,33 @@
 === Minimum Password Strength ===
-Contributors: itsananderson, Zer0Divisor
+Contributors: itsananderson, Zer0Divisor, ryanhellyer
 Donate link: 
 Tags: security, password, administration
-Requires at least: 3.0
-Tested up to: 4.4.2
-Stable tag: 1.2.0
+Requires at least: 4.6
+Tested up to: 4.7
+Stable tag: 2.0.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
-Enforce a specific password strength. Uses the same strength calculations as the WordPress password strength meter
+Enforce a specific password strength. Hides the option to ignore weak passwords.
 
 == Description ==
 
 WordPress profile pages contain a visual indicator which shows the strength of a user's chosen password. This is nice, but WordPress doesn't actually enforce this in any way, so users are free to select weak passwords.
 
-Minimum Password Strength uses the same method to calculate a password's strength, but forces users to meet a minimum strength requirement before they can change their password.
-
-By default, passwords must have "Medium" strength, but administrators can change this to force passwords to be at least "Weak", "Medium", or "Strong". To change the minimum strength, go to Settings -> Password Strength after installing Minimum Password Strength.
-
-For now, all users have the same password strength requirements, but a later release will allow administrators to select different strength requirements for different roles.
+Minimum Password Strength removes the option to bypass the strength suggestion.
 
 == Installation ==
 
-1. Upload the 'minimum-password-strength' to the '/wp-content/plugins/' directory
-1. Activate the plugin through the 'Plugins' menu in WordPress
-1. Configure your required password strength in Settings -> Password Strength
+1. Upload the 'minimum-password-strength' to the '/wp-content/plugins/' directory or install via the WordPress plugin installer.
+2. Activate the plugin through the 'Plugins' menu in WordPress
 
 == Changelog ==
 
+= 2.0.0 =
+* Change to simply removing the option to bypass the password strength check
+* Documentation update
+* Update "Tested up to" tag
+
 = 1.2.0 =
 * Enforce password strength during password reset
 * Update "Tested up to" tag
diff --git a/views/settings.php b/views/settings.php
