From e7b283b80ee7b8812267715f47cac64bac3962c2 Mon Sep 17 00:00:00 2001 From: alecpl Date: Fri, 11 Sep 2009 13:12:43 +0000 Subject: [PATCH] - Password: added password strength options (#1486062) --- CHANGELOG | 1 + plugins/password/config.inc.php.dist | 11 +++++++++-- plugins/password/localization/en_US.inc | 2 ++ plugins/password/localization/pl_PL.inc | 2 ++ plugins/password/password.php | 13 ++++++++++++- 5 files changed, 26 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e2fcf8e92..7dd9f224b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Password: added password strength options (#1486062) - Fix LDAP partial result warning (#1485536) - Fix delete in message view deletes permanently with flag_for_deletion=true (#1486101) - Use faster/secure mt_rand() (#1486094) diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index f526c7f3f..3950afca5 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -9,6 +9,14 @@ $rcmail_config['password_driver'] = 'sql'; // Default: false. $rcmail_config['password_confirm_current'] = true; +// Require the new password to be a certain length. +// set to blank to allow passwords of any length +$rcmail_config['password_minimum_length'] = 0; + +// Require the new password to contain a letter and punctuation character +// Change to false to remove this check. +$rcmail_config['password_require_nonalpha'] = false; + // SQL Driver options // ------------------ @@ -134,8 +142,7 @@ $rcmail_config['password_ldap_force_replace'] = true; // DirectAdmin Driver options // -------------------------- // The host which changes the password -// Use 'ssl://serverip' instead of 'tcp://serverip' when running DirectAdmin over SSL. -$rcmail_config['password_directadmin_host'] = 'tcp://localhost'; +$rcmail_config['password_directadmin_host'] = 'localhost'; // TCP port used for DirectAdmin connections $rcmail_config['password_directadmin_port'] = 2222; diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc index 6c64cc04d..75fe8618f 100644 --- a/plugins/password/localization/en_US.inc +++ b/plugins/password/localization/en_US.inc @@ -14,5 +14,7 @@ $messages['passwordinconsistency'] = 'Passwords do not match, please try again.' $messages['crypterror'] = 'Could not save new password. Encrypt function missing.'; $messages['connecterror'] = 'Could not save new password. Connection error.'; $messages['internalerror'] = 'Could not save new password.'; +$messages['passwordshort'] = 'Your password must be at least $length characters long.'; +$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.'; ?> diff --git a/plugins/password/localization/pl_PL.inc b/plugins/password/localization/pl_PL.inc index 4520d7966..774437a28 100644 --- a/plugins/password/localization/pl_PL.inc +++ b/plugins/password/localization/pl_PL.inc @@ -14,5 +14,7 @@ $messages['passwordinconsistency'] = 'Hasła nie pasują, spróbuj ponownie.'; $messages['crypterror'] = 'Nie udało się zapisać nowego hasła. Brak funkcji kodującej.'; $messages['connecterror'] = 'Nie udało się zapisać nowego hasła. Błąd połączenia.'; $messages['internalerror'] = 'Nie udało się zapisać nowego hasła.'; +$messages['passwordshort'] = 'Hasło musi posiadać co najmniej $length znaków.'; +$messages['passwordweak'] = 'Hasło musi zawierać co najmniej jedną cyfrę i znak interpunkcyjny.'; ?> diff --git a/plugins/password/password.php b/plugins/password/password.php index 0e5e1efff..3a7050bdc 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -79,16 +79,27 @@ class password extends rcube_plugin $rcmail->output->set_pagetitle($this->gettext('changepasswd')); $confirm = $rcmail->config->get('password_confirm_current'); + $required_length = intval($rcmail->config->get('password_minimum_length')); + $check_strength = $rcmail->config->get('password_require_nonalpha'); if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) { $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error'); } else { + $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) + if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); + } + else if ($required_length && strlen($newpwd) < $required_length) { + $rcmail->output->command('display_message', $this->gettext( + array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error'); + } + else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { + $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); + } else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); $_SESSION['password'] = $rcmail->encrypt($newpwd);