Add exposed password check to manual password change

mod/settings.php

@@ -390,6 +390,11 @@ function settings_post(App $a)
 			$err = true;
         }
 
+		if (User::checkPasswordExposed($newpass)) {
+			notice(L10n::t('The new password has been exposed in a public data dump, please choose another.') . EOL);
+			$err = true;
+		}
+
         //  check if the old password was supplied correctly before changing it to the new value
         if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
             notice(L10n::t('Wrong password.') . EOL);

src/Model/User.php

@@ -5,6 +5,7 @@
  */
 namespace Friendica\Model;
 
+use DivineOmega\PasswordExposed\PasswordStatus;
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
@@ -22,6 +23,7 @@ use Friendica\Util\Network;
 use dba;
 use Exception;
 use LightOpenID;
+use function password_exposed;
 
 require_once 'boot.php';
 require_once 'include/dba.php';
@@ -101,7 +103,7 @@ class User
 	 * @param string $password
 	 * @return int|boolean
 	 * @deprecated since version 3.6
-	 * @see Friendica\Model\User::getIdFromPasswordAuthentication()
+	 * @see User::getIdFromPasswordAuthentication()
 	 */
 	public static function authenticate($user_info, $password)
 	{
@@ -216,6 +218,17 @@ class User
 		return autoname(6) . mt_rand(100, 9999);
 	}
 
+	/**
+	 * Checks if the provided plaintext password has been exposed or not
+	 *
+	 * @param string $password
+	 * @return bool
+	 */
+	public static function checkPasswordExposed($password)
+	{
+		return password_exposed($password) === PasswordStatus::EXPOSED;
+	}
+
 	/**
 	 * Legacy hashing function, kept for password migration purposes
 	 *