[KL] Password Tools

xF1 Add-on [KL] Password Tools 2.3.5

No permission to download
  • Fix red 'X' next to password may not be removed on a valid password.
  • Prevent displaying the password comparison checkbox if the feature is disabled
Thanks @WoodiE for funding the HIBP (pwned password) integration.
  • Pwned password integration
    • This allows securely checking if a password has likely been compromised without sharing the password.
    • See Validating Leaked Passwords with k-Anonymity for details. Warning; contains Maths.
    • If the API fails, the password is blocked with a generic error message (as it does not log the stack trace as this would leak the user's password into the error log).
    • Caches API results for at least a day
    • Pwned password reports the number of breaches, and there is an admincp option to use this to determine if a password is compromised.
  • New Password checks option.
    • Allows zxcvbn & pwned password support to be independantly disabled
  • Only show 'too short' password strength phrase if there is any password
  • Only show 'password matching' indicator between password/confirmed password fields if there is any password.
  • Rework failed password reporting to be more consistent
  • Enable password complexity for admins in admincp
    • Applies to admin edits.
    • Default disabled
  • Fixed that an older XML was used pointing at old code event listener files.
  • Now maintained by Xon
  • Installer enforces minimum php 5.4+ version
  • Rewrite password-meter javascript to reliably find the fields it needs to hook into.
  • Add password-meter to admincp page when setting a user password
    • Option to not enforce password complexity rules for setting a user password via the admincp
  • Add password-meter to lost password page
  • Use "async" attribute for external scripts, removing the polyfill.
    • Sorry pre-IE11, go die in a fire.
    • For ancient browsers, they will ignore the attribute and block the page while downloading the zxcvbn script.
  • Fixed that an older XML was used pointing at old code event listener files.
PATCH NOTES
  • Fixed a php7 error causing registrations and password changes to fail.
Installer
  • Fixed an error that caused the installer to fail installing some addons, if the server has no file write permission.
  • Fixed an error that caused the installer to fail installing or updating some addons with database tables.
  • Forgot to add the installer
  • Like
Reactions: mdforce
PATCH NOTES
  • Add-On ID has been changed. If you're upgrading from a previous version, please read the notice below.
  • Some core parts have been rewritten to be more efficient and less vulnerable for bugs (hopefully).
  • Style properties have been ajusted for a cleaner look.
  • Features a unified installer used among my Add-Ons to eliminate (un-)installation bugs in the future.

IMPORTANT NOTICE
  • Upgrading from a previous version:
    • Go to the style properties page and make a copy of some sort from your modifications made to this addons settings.
    • Go to the Settings Page and make a copy of some sort of all options.
    • Upload all content of the 'Upload' folder to your XenForo installation. Overwrite files as necessary.
    • In your Addon List, hit: "Install Add-On", do not upgrade the previous version.
    • The Installer will remove the previous version and all deprecated files as necessary.
    • Head back to the style properties page and restore all your settings.
    • Head to the options page and restore all your settings.