Unmaintained Password Tools 2.3.5

• Fix red 'X' next to password may not be removed on a valid password.
• Prevent displaying the password comparison checkbox if the feature is disabled

Thanks @WoodiE for funding the HIBP (pwned password) integration.

• Pwned password integration
  • This allows securely checking if a password has likely been compromised without sharing the password.
  • See Validating Leaked Passwords with k-Anonymity for details. Warning; contains Maths.
  • If the API fails, the password is blocked with a generic error message (as it does not log the stack trace as this would leak the user's password into the error log).
  • Caches API results for at least a day
  • Pwned password reports the number of breaches, and there is an admincp option to use this to determine if a password is compromised.
• New Password checks option.
  • Allows zxcvbn & pwned password support to be independantly disabled
• Only show 'too short' password strength phrase if there is any password
• Only show 'password matching' indicator between password/confirmed password fields if there is any password.
• Rework failed password reporting to be more consistent
• Enable password complexity for admins in admincp
  • Applies to admin edits.
  • Default disabled

• Fixed that an older XML was used pointing at old code event listener files.

• Now maintained by Xon
• Installer enforces minimum php 5.4+ version
• Rewrite password-meter javascript to reliably find the fields it needs to hook into.
• Add password-meter to admincp page when setting a user password
  • Option to not enforce password complexity rules for setting a user password via the admincp
• Add password-meter to lost password page
• Use "async" attribute for external scripts, removing the polyfill.
  • Sorry pre-IE11, go die in a fire.
  • For ancient browsers, they will ignore the attribute and block the page while downloading the zxcvbn script.

PATCH NOTES

• Fixed a php7 error causing registrations and password changes to fail.

Installer

• Fixed an error that caused the installer to fail installing some addons, if the server has no file write permission.
• Fixed an error that caused the installer to fail installing or updating some addons with database tables.

• Forgot to add the installer

PATCH NOTES

• Add-On ID has been changed. If you're upgrading from a previous version, please read the notice below.
• Some core parts have been rewritten to be more efficient and less vulnerable for bugs (hopefully).
• Style properties have been ajusted for a cleaner look.
• Features a unified installer used among my Add-Ons to eliminate (un-)installation bugs in the future.

IMPORTANT NOTICE

• Upgrading from a previous version:
  • Go to the style properties page and make a copy of some sort from your modifications made to this addons settings.
  • Go to the Settings Page and make a copy of some sort of all options.
  • Upload all content of the 'Upload' folder to your XenForo installation. Overwrite files as necessary.
  • In your Addon List, hit: "Install Add-On", do not upgrade the previous version.
  • The Installer will remove the previous version and all deprecated files as necessary.
  • Head back to the style properties page and restore all your settings.
  • Head to the options page and restore all your settings.

• Fixed the latest error occuring when trying to install this AddOn on XenForo 1.5.3 (Thanks @Xon for suggesting this solution).

• Now really doesn't require FontAwesome anymore.

• Fixed a bug with non-dictionary matchers causing registration and password-changes to fail when Force Reject is enabled.