SecureAssist pages don't require password confirmation field to be the same as password field
I've created the Security pages but the registration and update pages don't require that the password confirmation field and the password field be the same. The password field is stored in the database regardless of what is put in the confirmation field.
Relevant code:
<span id="Registration_group_Confirm_Spry"> <span>
<input id="Registration_group_Confirm" name="Registration_group_Confirm" type="password" value="<?php echo((isset($_GET["invalid"])?ValidatedField("registration","Registration_group_Confirm"):"")); ?>" class="formPasswordfield_Large" tabindex="3" onBlur="hideServerError('Registration_group_Confirm_ServerError');">
<?php
if (ValidatedField('registration','registration')) {
if ((strpos((",".ValidatedField("registration","registration").","), "," . "5" . ",") !== false || "5" == "")) {
if (!(false)) {
?>
<span class="serverInvalidState" id="Registration_group_Confirm_ServerError">A value is required.</span>
<?php //WAFV_Conditional registration.php registration(5:)
}
}
}?>
<span class="confirmRequiredMsg">A value is required.</span><span class="confirmInvalidMsg">Please ensure password entries match.</span> </span> </span>