diff --git a/core/modules/user/user.js b/core/modules/user/user.js index 8e0e135..9e5ecf0 100644 --- a/core/modules/user/user.js +++ b/core/modules/user/user.js @@ -159,6 +159,21 @@ Drupal.evaluatePasswordStrength = function (password, translate) { strength = 5; } + // Check if password is the same as the email address. + var email = $('input[name="mail"]').val(); + if (password !== '' && email !== '' && password.toLowerCase() === email.toLowerCase()) { + msg.push(translate.sameAsEmail); + // Passwords the same as email address are always very weak. + strength = 5; + } + + // Check if the entered password is in the list of top weak passwords. + if (password !== '' && $.inArray(password.toLowerCase(), translate.weakPasswords) != -1) { + msg.push(translate.passwordIsKnownAsWeak); + // Any of these passwords are known to be weak and useless. + strength = 0; + } + // Based on the strength, work out what text should be shown by the password strength meter. if (strength < 60) { indicatorText = translate.weak; diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 81ad706..6370822 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -3046,6 +3046,8 @@ function user_form_process_password_confirm($element) { 'addNumbers' => t('Add numbers'), 'addPunctuation' => t('Add punctuation'), 'sameAsUsername' => t('Make it different from your username'), + 'sameAsEmail' => t('Make it different from your email address'), + 'passwordIsKnownAsWeak' => t('This password is known to be weak'), 'confirmSuccess' => t('yes'), 'confirmFailure' => t('no'), 'weak' => t('Weak'), @@ -3054,6 +3056,16 @@ function user_form_process_password_confirm($element) { 'strong' => t('Strong'), 'confirmTitle' => t('Passwords match:'), 'username' => (isset($user->name) ? $user->name : ''), + 'weakPasswords' => variable_get('user_weak_passwords', array( + '123456', + 'password', + 'welcome', + 'ninja', + 'abc123', + '123456789', + 'letmein', + 'qwerty', + )), ), );