- Password: added password strength options (#1486062)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Password: added password strength options (#1486062)
 - Fix LDAP partial result warning (#1485536)
 - Fix delete in message view deletes permanently with flag_for_deletion=true (#1486101)
 - Use faster/secure mt_rand() (#1486094)

plugins/password/config.inc.php.dist

@@ -9,6 +9,14 @@ $rcmail_config['password_driver'] = 'sql';
 // Default: false.
 $rcmail_config['password_confirm_current'] = true;
 
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$rcmail_config['password_minimum_length'] = 0;
+ 
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$rcmail_config['password_require_nonalpha'] = false;
+
 
 // SQL Driver options
 // ------------------
@@ -134,8 +142,7 @@ $rcmail_config['password_ldap_force_replace'] = true;
 // DirectAdmin Driver options
 // --------------------------
 // The host which changes the password
-// Use 'ssl://serverip' instead of 'tcp://serverip' when running DirectAdmin over SSL.
-$rcmail_config['password_directadmin_host'] = 'tcp://localhost';
+$rcmail_config['password_directadmin_host'] = 'localhost';
 
 // TCP port used for DirectAdmin connections
 $rcmail_config['password_directadmin_port'] = 2222;

plugins/password/localization/en_US.inc

@@ -14,5 +14,7 @@ $messages['passwordinconsistency'] = 'Passwords do not match, please try again.'
 $messages['crypterror'] = 'Could not save new password. Encrypt function missing.';
 $messages['connecterror'] = 'Could not save new password. Connection error.';
 $messages['internalerror'] = 'Could not save new password.';
+$messages['passwordshort'] = 'Your password must be at least $length characters long.';
+$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.';
 
 ?>

plugins/password/localization/pl_PL.inc

@@ -14,5 +14,7 @@ $messages['passwordinconsistency'] = 'Hasła nie pasują, spróbuj ponownie.';
 $messages['crypterror'] = 'Nie udało się zapisać nowego hasła. Brak funkcji kodującej.';
 $messages['connecterror'] = 'Nie udało się zapisać nowego hasła. Błąd połączenia.';
 $messages['internalerror'] = 'Nie udało się zapisać nowego hasła.';
+$messages['passwordshort'] = 'Hasło musi posiadać co najmniej $length znaków.';
+$messages['passwordweak'] = 'Hasło musi zawierać co najmniej jedną cyfrę i znak interpunkcyjny.';
 
 ?>

plugins/password/password.php

@@ -79,16 +79,27 @@ class password extends rcube_plugin
     $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
 
     $confirm = $rcmail->config->get('password_confirm_current');
+    $required_length = intval($rcmail->config->get('password_minimum_length'));
+    $check_strength = $rcmail->config->get('password_require_nonalpha');
 
     if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
       $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
     }
     else {
+
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
+      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
+      }
+      else if ($required_length && strlen($newpwd) < $required_length) {
+        $rcmail->output->command('display_message', $this->gettext(
+	  array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
+      }
+      else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
+        $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
+      }
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
         $_SESSION['password'] = $rcmail->encrypt($newpwd);