From 632ef17c63c78f7b35df20929e429bfe4e690f87 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Sat, 17 Jan 2026 08:49:19 +0100
Subject: [PATCH 1/4] save error msg when send mail failed

---
 inc/inc.ClassEmailNotify.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/inc.ClassEmailNotify.php b/inc/inc.ClassEmailNotify.php
index 9c06c047f..833db086b 100644
--- a/inc/inc.ClassEmailNotify.php
+++ b/inc/inc.ClassEmailNotify.php
@@ -54,6 +54,8 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
 
 	protected $debug;
 
+	public $errmsg;
+
 	function __construct($dms, $translator, $from_address='', $smtp_server='', $smtp_port='', $smtp_username='', $smtp_password='', $lazy_ssl=true, $force_from=false) { /* {{{ */
 		$this->_dms = $dms;
 		$this->_translator = $translator;
@@ -65,6 +67,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
 		$this->lazy_ssl = $lazy_ssl;
 		$this->force_from = $force_from;
 		$this->debug = false;
+		$this->errmsg = '';
 	} /* }}} */
 
 	public function setDebug($debug=true) { /* {{{ */
@@ -251,6 +254,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
 		}
 		$result = $mail->send($to, $hdrs, $message);
 		if (PEAR::isError($result)) {
+			$this->errmsg = $result->getMessage();
 			if($this->debug)
 				echo "\n".$result->getMessage();
 			return false;

From 8f07b8ca50b2ebd5dad0ad77f217e8ca4ca25cb3 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Sat, 17 Jan 2026 08:49:53 +0100
Subject: [PATCH 2/4] some more documentation

---
 inc/inc.Extension.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/inc.Extension.php b/inc/inc.Extension.php
index 3c776a9c4..8f9d9f857 100644
--- a/inc/inc.Extension.php
+++ b/inc/inc.Extension.php
@@ -27,6 +27,7 @@ class_alias('Seeddms\Seeddms\ExtensionBase', 'SeedDMS_ExtBase');
 $extmgr = new ExtensionMgr($settings->_rootDir."/ext", $settings->_cacheDir, $settings->_repositoryUrl, $settings->_proxyUrl, $settings->_proxyUser, $settings->_proxyPassword);
 
 foreach($extmgr->getExtensionConfiguration() as $extname=>$extconf) {
+	/* Check if conf.php already disables the extension */
 	if($extconf['disable']) {
 		$settings->disableExtension($extname);
 		continue;

From e033268576fd17a696b497da5ddc8679183b8490 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 19 Jan 2026 13:24:11 +0100
Subject: [PATCH 3/4] check for secure password when adding a new user, secure
 password check can be turned off for admins

---
 CHANGELOG                          |  2 ++
 inc/inc.ClassSettings.php          |  4 ++++
 op/op.Settings.php                 |  1 +
 op/op.UsrMgr.php                   | 18 ++++++++++++++++--
 views/bootstrap/class.Settings.php |  1 +
 5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9a2a7ef8c..dd8bd1b83 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,8 @@
 - fix utilities which require translations
 - fix potential XSS attack when deleting a folder/document
 - links to operations on folders/documents can be put into a dropdown menu
+- check for secure password when adding a new user
+- secure password check can be turned off for admins
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.44
diff --git a/inc/inc.ClassSettings.php b/inc/inc.ClassSettings.php
index ed25a320b..89022334c 100644
--- a/inc/inc.ClassSettings.php
+++ b/inc/inc.ClassSettings.php
@@ -66,6 +66,8 @@ class Settings { /* {{{ */
 	var $_passwordExpiration = 10;
 	// Number of different passwords before a password can be reused
 	var $_passwordHistory = 10;
+	// Allow to set unsecure passwords by admin
+	var $_allowUnsecurePassword = false;
 	// Number of failed logins before account is disabled
 	var $_loginFailure = 0;
 	// User id that is automatically logged if nobody is logged in
@@ -682,6 +684,7 @@ class Settings { /* {{{ */
 			$this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]);
 			$this->_passwordExpiration = intval($tab["passwordExpiration"]);
 			$this->_passwordHistory = intval($tab["passwordHistory"]);
+			$this->_allowUnsecurePassword = Settings::boolVal($tab["allowUnsecurePassword"]);
 			$this->_loginFailure = intval($tab["loginFailure"]);
 			$this->_autoLoginUser = intval($tab["autoLoginUser"]);
 			$this->_quota = intval($tab["quota"]);
@@ -1084,6 +1087,7 @@ class Settings { /* {{{ */
     $this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm);
     $this->setXMLAttributValue($node, "passwordExpiration", $this->_passwordExpiration);
     $this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory);
+    $this->setXMLAttributValue($node, "allowUnsecurePassword", $this->_allowUnsecurePassword);
     $this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure);
     $this->setXMLAttributValue($node, "autoLoginUser", $this->_autoLoginUser);
     $this->setXMLAttributValue($node, "quota", $this->_quota);
diff --git a/op/op.Settings.php b/op/op.Settings.php
index ee42fc8a1..1984fa5d2 100644
--- a/op/op.Settings.php
+++ b/op/op.Settings.php
@@ -207,6 +207,7 @@ if ($action == "saveSettings")
 	setStrValue("passwordStrengthAlgorithm");
   setIntValue("passwordExpiration");
   setIntValue("passwordHistory");
+  setBoolValue("allowUnsecurePassword");
   setIntValue("loginFailure");
   setIntValue("autoLoginUser");
   setIntValue("quota");
diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php
index ac5978f8f..080bb1fd7 100644
--- a/op/op.UsrMgr.php
+++ b/op/op.UsrMgr.php
@@ -75,6 +75,20 @@ if ($action == "adduser") {
 	$homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0);
 	$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
 
+	if (isset($pwd) && ($pwd != "")) {
+		if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
+			$ps = new Password_Strength();
+			$ps->set_password($pwd);
+			if($settings->_passwordStrengthAlgorithm == 'simple')
+				$ps->simple_calculate();
+			else
+				$ps->calculate();
+			$score = $ps->get_score();
+			if($score < $settings->_passwordStrength) {
+				UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
+			}
+		}
+	}
 	if (is_object($dms->getUserByLogin($login))) {
 		UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
 	}
@@ -104,7 +118,7 @@ if ($action == "adduser") {
 			}
 		}
 	}
-	else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
+	else UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
 	
 	if(isset($_POST["workflows"]) && $_POST["workflows"]) {
 		$workflows = array();
@@ -366,7 +380,7 @@ else if ($action == "edituser") {
 	$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
 	
 	if (isset($pwd) && ($pwd != "")) {
-		if($settings->_passwordStrength) {
+		if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
 			$ps = new Password_Strength();
 			$ps->set_password($pwd);
 			if($settings->_passwordStrengthAlgorithm == 'simple')
diff --git a/views/bootstrap/class.Settings.php b/views/bootstrap/class.Settings.php
index 64b6ddd43..be3e5141e 100644
--- a/views/bootstrap/class.Settings.php
+++ b/views/bootstrap/class.Settings.php
@@ -774,6 +774,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk))
 <?php $this->showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?>
 <?php $this->showConfigText('settings_passwordExpiration', 'passwordExpiration'); ?>
 <?php $this->showConfigText('settings_passwordHistory', 'passwordHistory'); ?>
+<?php $this->showConfigCheckbox('settings_allowUnsecurePassword', 'allowUnsecurePassword'); ?>
 <?php $this->showConfigText('settings_loginFailure', 'loginFailure'); ?>
 <?php $this->showConfigUser('settings_autoLoginUser', 'autoLoginUser', true); ?>
 <?php $this->showConfigText('settings_quota', 'quota'); ?>

From e27cd6fc491441c6fd08c9530d54e9bfaa96b0c8 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 19 Jan 2026 16:05:26 +0100
Subject: [PATCH 4/4] simple password strength algorithmn takes length of
 password into account, if length is greater than 8

---
 CHANGELOG                         | 2 ++
 inc/inc.ClassPasswordStrength.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index dd8bd1b83..3049fb42f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,8 @@
 - links to operations on folders/documents can be put into a dropdown menu
 - check for secure password when adding a new user
 - secure password check can be turned off for admins
+- simple password strength algorithmn takes length of password into account,
+  if length is greater than 8
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.44
diff --git a/inc/inc.ClassPasswordStrength.php b/inc/inc.ClassPasswordStrength.php
index ef45d6da8..8e26c41c8 100644
--- a/inc/inc.ClassPasswordStrength.php
+++ b/inc/inc.ClassPasswordStrength.php
@@ -63,7 +63,7 @@ class Password_Strength {
 			$score += 25;
 		if(preg_match('/[^0-9a-zA-Z]+/', $password))
 			$score += 25;
-		if($this->password_length < 8)
+//		if($this->password_length < 8)
 			$score *= ($this->password_length/8);
 
 		$this->password_info['total_score'] = $score;