This MUST NOT be called from check(). It should be called by the office UI,
self-service ClientAPI, or other I<user-interactive> code that processes a
password change, and only if the user has taken some action with the intent
-of changing the password.
+of setting the password.
=cut
my $self = shift;
my $password = shift;
+ my $cust_main = $self->cust_main;
+ return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum);
+
# basic checks using Data::Password;
# options for Data::Password
$DICTIONARY = 4; # minimum length of disallowed words
return '' unless $self->get($self->primary_key); # for validating new passwords pre-insert
#check against customer fields
- my $cust_main = $self->cust_main;
if ($cust_main) {
my @words;
# words from cust_main