added anti-hacking pw list

htdocs/lib2/logic/cracklib.inc.php

@@ -70,14 +70,18 @@ function cracklib_checkpw($pw, $addwords)
 
 	// $pw may not contain one of $addwords[]
 	foreach ($wordlist AS $v)
-		if (mb_strpos($pw_lc, $v) !== false)
+		if (mb_stripos($pw_lc, $v) !== false)
 			return false;
 
 	// one of $addwords[] may not contain $pw
 	foreach ($wordlist AS $v)
-		if (mb_strpos($v, $pw_lc) !== false)
+		if (mb_stripos($v, $pw_lc) !== false)
 			return false;
 
+	// words from pw library are not allowed
+	if (sql_value("SELECT COUNT(*) FROM `pw_dict` WHERE `pw`='&1'", 0, $pw))
+		return false;
+
 	if ($opt['logic']['cracklib'] == true)
 	{
 		// load cracklib

htdocs/lib2/logic/user.class.php

@@ -157,7 +157,7 @@ class user
 		if (!mb_ereg_match(REGEX_PASSWORD, $value))
 			return false;
 
-		if (cracklib_checkPW($value, array('open', 'caching', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
+		if (cracklib_checkPW($value, array('open', 'caching', 'cache', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
 			return false;
 
 		$pwmd5 = md5($value);