In 4.7.0 and in testing I set up a user account with a 3 letter password, that's ok but when I go to test remove the account I get this error message >
Your Password is either to short or empty. making it not possible to delete the account as it appears the two options do not talk with each other ? it is a bit like the song hotel California,
You can check out any time you like, But you can never leave!

Yes, your are totally right. Actually, it's a meaningful limitation; but they forgot to do it in registration process too.
So, for now, you can temporary remove this limitation from remove account process until flynax add limitation in registration process ( maybe they did it in 4.7.1 )

Go to your_template/components/account_removing/_account_removing.js

Find:
if (password == '' || password.length <= 3) {
replace with:
if (password == '') {

There is same problem in Remind password process and you can modify it too.

Go to includes/controllers/remind.inc.php

Find:

if (strlen($password) <= 3) {
$errors[] = $lang['password_lenght_fail'];
}

Replace with:

// if (strlen($password) <= 3) {
// $errors[] = $lang['password_lenght_fail'];
// }

Thank you, looks like fun

Yes, your are totally right. Actually, it's a meaningful limitation; but they forgot to do it in registration process too.

They do have a restriction of a min 3 in registration that I can see.


The value in the Password field must be at least 3 characters long.



Go to your_template/components/account_removing/_account_removing.js
Find:
if (password == '' || password.length <= 3) {



To fix this you only need edit the 3 to a 2 ( or possibly remove the = sign ) for it to work with the registration requirements.


if (password == '' || password.length <= 2) {

Thank you for showing me where to do it.


Now to fix forgot pass and by looking at it I need to change the 3 > 2 as well ?

I can confirm that you just need to change to a 2 here as well


if (strlen($password) <= 2) {
$errors[] = $lang['password_lenght_fail'];
}

I am also sure you could just remove the = sign to read < 3 as it looks like the programmer used the (equal to) by mistake by writing <= 3 instead of < 3

This problem still exists in 4.7.2 and possibly beyond.

Hmmm ... I think for safety reasons this value should be raised significantly.

> Make sure all your passwords are 12 characters or more...
https://blog.codinghorror.com/speed-hashing/

12, maybe a lot by default, but 8 is IMHO, the minimum that should be.

Hmmm ... I think for safety reasons this value should be raised significantly.

> Make sure all your passwords are 12 characters or more...
https://blog.codinghorror.com/speed-hashing/

12, maybe a lot by default, but 8 is IMHO, the minimum that should be.

? would need to find out where we add the password probably ? not sure where that is ?