From 0b1490bd6548a3c4cfd44d123ad060bda6bb67df Mon Sep 17 00:00:00 2001
From: Maxetto <max-8000@hotmail.it>
Date: Sat, 4 Jul 2015 22:57:43 +0200
Subject: [PATCH] PW lenght and unsafe PW check to ChangePassword

I told you, you missed it! Also, unified "lowpass.equalsIgnoreCase(name)" to the previous group of checks.
This, however, still provides "Password doesn't match" error, instead of one proper error.
---
 .../xephi/authme/commands/ChangePasswordCommand.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java
index 92e40755..921e7001 100644
--- a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java
+++ b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java
@@ -54,14 +54,20 @@ public class ChangePasswordCommand implements CommandExecutor {
         }
 
         String lowpass = args[1].toLowerCase();
-        if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex)) {
+        if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex) || lowpass.equalsIgnoreCase(name)) {
             m.send(player, "password_error");
             return true;
         }
-        if (lowpass.equalsIgnoreCase(name)) {
-            m.send(player, "password_error");
+        if (lowpass.length() < Settings.getPasswordMinLen || lowpass.length() > Settings.passwordMaxLength) {
+            m.send(player, "pass_len");
             return true;
         }
+        if (!Settings.unsafePasswords.isEmpty()) {
+            if (Settings.unsafePasswords.contains(lowpass)) {
+                m.send(player, "password_error");
+                return true;
+            }
+        }
         try {
             String hashnew = PasswordSecurity.getHash(Settings.getPasswordHash, args[1], name);