added password policies
This commit is contained in:
Roland Gruber
parent
26bce2e179
commit
e7e3b581f2
|
|
@ -682,8 +682,14 @@ class inetOrgPerson extends baseModule {
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
$errors[] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$pwdPolicyResult = checkPasswordStrength($_POST['userPassword']);
|
||||||
|
if ($pwdPolicyResult === true) {
|
||||||
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, 'SSHA');
|
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, 'SSHA');
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$errors[] = array('ERROR', $pwdPolicyResult);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($_POST['delPhoto']) $this->attributes['jpegPhoto'] = array();
|
if ($_POST['delPhoto']) $this->attributes['jpegPhoto'] = array();
|
||||||
|
|
@ -956,8 +962,14 @@ class inetOrgPerson extends baseModule {
|
||||||
$messages[] = $this->messages['userPassword'][1];
|
$messages[] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$pwdPolicyResult = checkPasswordStrength($_POST['userPassword']);
|
||||||
|
if ($pwdPolicyResult === true) {
|
||||||
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, 'SSHA');
|
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, 'SSHA');
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$messages[] = array('ERROR', $pwdPolicyResult);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $messages;
|
return $messages;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -913,9 +913,15 @@ class posixAccount extends baseModule {
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
$errors[] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$pwdPolicyResult = checkPasswordStrength($_POST['userPassword']);
|
||||||
|
if ($pwdPolicyResult === true) {
|
||||||
$this->clearTextPassword = $_POST['userPassword'];
|
$this->clearTextPassword = $_POST['userPassword'];
|
||||||
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$errors[] = array('ERROR', $pwdPolicyResult);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $errors;
|
return $errors;
|
||||||
}
|
}
|
||||||
|
|
@ -1729,12 +1735,18 @@ class posixAccount extends baseModule {
|
||||||
$return['messages'][] = $this->messages['userPassword'][1];
|
$return['messages'][] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password']);
|
||||||
|
if ($pwdPolicyResult === true) {
|
||||||
$return['mod']['userPassword'][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings['posixAccount_pwdHash'][0]);
|
$return['mod']['userPassword'][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings['posixAccount_pwdHash'][0]);
|
||||||
if (isset($attributes['shadowLastChange'])) {
|
if (isset($attributes['shadowLastChange'])) {
|
||||||
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
|
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
|
||||||
}
|
}
|
||||||
$_SESSION['selfService_clientPasswordNew'] = $_POST['posixAccount_password'];
|
$_SESSION['selfService_clientPasswordNew'] = $_POST['posixAccount_password'];
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$return['messages'][] = array('ERROR', $pwdPolicyResult);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -675,8 +675,14 @@ class posixGroup extends baseModule {
|
||||||
$errors[] = $this->messages['userPassword'][1];
|
$errors[] = $this->messages['userPassword'][1];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$pwdPolicyResult = checkPasswordStrength($_POST['userPassword']);
|
||||||
|
if ($pwdPolicyResult === true) {
|
||||||
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
$this->attributes['userPassword'][0] = pwd_hash($_POST['userPassword'], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$errors[] = array('ERROR', $pwdPolicyResult);
|
||||||
|
}
|
||||||
|
}
|
||||||
return $errors;
|
return $errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -209,4 +209,75 @@ function checkIfPasswordChangeIsAllowed() {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the password fulfills the password policies.
|
||||||
|
*
|
||||||
|
* @param string $password password
|
||||||
|
* @return mixed true if ok, string with error message if not valid
|
||||||
|
*/
|
||||||
|
function checkPasswordStrength($password) {
|
||||||
|
if ($password == null) {
|
||||||
|
$password = "";
|
||||||
|
}
|
||||||
|
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain'];
|
||||||
|
else $cfg = new LAMCfgMain();
|
||||||
|
// check length
|
||||||
|
if (strlen($password) < $cfg->passwordMinLength) {
|
||||||
|
return sprintf(_('The password is too short. You have to enter at least %s characters.'), $cfg->passwordMinLength);
|
||||||
|
}
|
||||||
|
// get number of characers per character class
|
||||||
|
$lower = 0;
|
||||||
|
$upper = 0;
|
||||||
|
$numeric = 0;
|
||||||
|
$symbols = 0;
|
||||||
|
for ($i = 0; $i < strlen($password); $i++) {
|
||||||
|
if (ereg("[a-z]", $password[$i])) {
|
||||||
|
$lower++;
|
||||||
|
}
|
||||||
|
if (ereg("[A-Z]", $password[$i])) {
|
||||||
|
$upper++;
|
||||||
|
}
|
||||||
|
if (ereg("[0-9]", $password[$i])) {
|
||||||
|
$numeric++;
|
||||||
|
}
|
||||||
|
if (eregi("[^a-z0-9]", $password[$i])) {
|
||||||
|
$symbols++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// check lower case
|
||||||
|
if ($lower < $cfg->passwordMinLower) {
|
||||||
|
return sprintf(_('The password is too weak. You have to enter at least %s lower case characters.'), $cfg->passwordMinLower);
|
||||||
|
}
|
||||||
|
// check upper case
|
||||||
|
if ($upper < $cfg->passwordMinUpper) {
|
||||||
|
return sprintf(_('The password is too weak. You have to enter at least %s upper case characters.'), $cfg->passwordMinUpper);
|
||||||
|
}
|
||||||
|
// check numeric
|
||||||
|
if ($numeric < $cfg->passwordMinNumeric) {
|
||||||
|
return sprintf(_('The password is too weak. You have to enter at least %s numeric characters.'), $cfg->passwordMinNumeric);
|
||||||
|
}
|
||||||
|
// check symbols
|
||||||
|
if ($symbols < $cfg->passwordMinSymbol) {
|
||||||
|
return sprintf(_('The password is too weak. You have to enter at least %s symbolic characters.'), $cfg->passwordMinSymbol);
|
||||||
|
}
|
||||||
|
// check classes
|
||||||
|
$classes = 0;
|
||||||
|
if ($lower > 0) {
|
||||||
|
$classes++;
|
||||||
|
}
|
||||||
|
if ($upper > 0) {
|
||||||
|
$classes++;
|
||||||
|
}
|
||||||
|
if ($numeric > 0) {
|
||||||
|
$classes++;
|
||||||
|
}
|
||||||
|
if ($symbols > 0) {
|
||||||
|
$classes++;
|
||||||
|
}
|
||||||
|
if ($classes < $cfg->passwordMinClasses) {
|
||||||
|
return sprintf(_('The password is too weak. You have to enter at least %s different character classes (upper/lower case, numbers and symbols).'), $cfg->passwordMinClasses);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
Loading…
Reference in New Issue