[geeklog-devtalk] geeklog-devel digest, Vol 1 #333 - 1 msg

geeklog-devel-request at lists.geeklog.net geeklog-devel-request at lists.geeklog.net
Thu Jun 24 13:00:02 EDT 2004

Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

1. Re: A&A AEPasswordGenerator.class.php (Vincent Furia)

--__--__--

Message: 1
Date: Wed, 23 Jun 2004 21:55:35 -0400
From: Vincent Furia <vmf at abtech.org>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] Re: A&A AEPasswordGenerator.class.php
Reply-To: geeklog-devel at lists.geeklog.net

This is a multi-part message in MIME format.
--------------000802010904090006010700
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

A new and improved version of the Password Generator for A&A taking into
account all of Tony's comments. I also now have the isValidPassword
function throwing the AEInvalidPassword exception instead of returning
false for an invalid password. I think this makes more sense as you can
pass a failure message (cleanly).

I think you'll also like what I did to modify the regex configuration to
make them more user friendly (aka dumbed down).

Let me know what you think.

-Vinny

--------------000802010904090006010700
Content-Type: text/html;
name="AEPasswordGenerator.class.php"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="AEPasswordGenerator.class.php"

<?php

/******************************************************************************
* Config section, variables should be included in AEServerConfig.php
*/
$gConf = array();
$gConf['randompasswordlength'] = 7;
$gConf['randompasswordchars'] = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O',
'P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d',
'e','f','g','h','i','j','k','l','m','n','o','p','q','r','s',
't','u','v','w','x','y','z','$','!','@','#','&','^','(',')',
'_','-');

$gConf['pw_pspell'] = false;
$gConf['pspell_dict'] = 'en';
$gConf['pw_crack'] = false;
$gConf['crack_dict'] = '/usr/lib/cracklib';

/* Password Rules */
$gConf['pw_rule']['length']['description'] = 'require 7-20 characters (inclusive)';
$gConf['pw_rule']['length']['enabled'] = true;
$gConf['pw_rule']['length']['regex'] = '/^.{7,20}$/';

$gConf['pw_rule']['chars']['description'] = 'limit characters to (A-Z,a-z,0-9,!,@,#,$,%,^,&,*,(,),-,_ only)';
$gConf['pw_rule']['chars']['enabled'] = true;
$gConf['pw_rule']['chars']['regex'] = '/^[A-Za-z0-9$!@#&^()_-]*$/';

$gConf['pw_rule']['upper']['description'] = 'require at least one upper case character (A-Z)';
$gConf['pw_rule']['upper']['enabled'] = true;
$gConf['pw_rule']['upper']['regex'] = '/.*[A-Z].*/';

$gConf['pw_rule']['lower']['description'] = 'require at least one lower case character (a-z)';
$gConf['pw_rule']['lower']['enabled'] = true;
$gConf['pw_rule']['lower']['regex'] = '/.*[a-z].*/';

$gConf['pw_rule']['number']['description'] = 'require at least one number (0-9)';
$gConf['pw_rule']['number']['enabled'] = true;
$gConf['pw_rule']['number']['regex'] = '/.*[0-9].*/';

$gConf['pw_rule']['special']['description'] = 'require at least one special character (!,@,#,$,%,^,&,*,(,),-,_)';
$gConf['pw_rule']['special']['enabled'] = true;
$gConf['pw_rule']['special']['regex'] = '/.*[$!@#&^()_-].*/';

$gConf['pw_rule']['special']['description'] = 'require at least one letter X';
$gConf['pw_rule']['special']['enabled'] = false;
$gConf['pw_rule']['special']['regex'] = '/.*[X].*/';
/******************************************************************************/

/**
* Auth_Enterprise
*
* This source file is subject to version 2.02 of the PHP license, that is bundled with this package
* in the file LICENSE, and is available at through the world-wide-web at
* http://www.php.net/license/2_02.txt. If you did not receive a copy of the PHP license and are
* unable to obtain it through the world-wide-web, please send a note to license at php.net so we can
* mail you a copy immediately.
*
* @author Tony Bibbs <tony at geeklog.net>
* @author Vincent Furia <vinny01 at users.sf.net>
* @copyright 2004
* @version $Id: AEPasswordGenerator.class.php,v 1.2 2004/06/17 05:31:49 tony Exp $
*
*/

/**
* The Auth_Enterprise server configuration file
*/
require_once 'Auth_Enterprise/Server/AEServerConfig.php';

/**
* Pull in Auth_Enterprise Exceptions
*/
require_once 'Auth_Enterprise/Common/AEExceptions.php';

/**
* Class that validates and generates passwords
*
* @author Vincent Furia <vinny01 at users.sf.net>
* @package net.geeklog.auth_enterprise.server
*
*/
class AEPasswordGenerator {

/**
* Generates a random password
*
* @author Vincent Furia <vinny01 at users.sf.net>
* @access public
* @return string Radomnly generated passsword
*
*/
public static function generatePassword()
{
global $gConf;

$password = '';
$len = 0;

if ($gConf['randompasswordlength'] >= 4) {
$len = $gConf['randompasswordlength'];
} else {
$len = 4;
}

for ($i = 0; $i < $len; $i++) {
$password .= $gConf['randompasswordchars'][rand(0,count($gConf['randompasswordchars'])-1)];
}

return $password;
}

/**
* Determines if a password is valid by the configured rules
*
* You can set rules for what constitutes a good password via the
* server configuration
*
* @author Vincent Furia <vinny01 at users.sf.net>
* @access public
* @param string $password Password to validate
* @return boolean
*
*/
public static function isValidPassword($password)
{
global $gConf;

if (is_array($gConf['pw_rule'])) {
foreach ($gConf['pw_rule'] as $rule) {
if ($rule['enabled']) {
if (!preg_match($rule['regex'], $password)) {
throw new AEPasswordInvalid("The supplied password does not meet the "
. "rule \"{$rule['description']}\"");
}
}
}
}

// Check for dictionary words
if ($gConf['pw_spell'] && function_exists('pspell_check')) {
// open dictionary
if ( !($pspell_link = pspell_new("en")) ) {
throw new AEUnableToConnect('Cannot open pspell dictionary');
}

// check spelling
if (pspell_check($pspell_link, $password)) {
throw new AEPasswordInvalid("The supplied password is a dictionary word");
}
}

// Use cracklib to determine if password is strong
if ($gConf['pw_crack'] && function_exists('crack_check')) {
// Open CrackLib Dictionary
if ( !($dictionary = crack_opendict($gConf['crack_dict'])) ) {
throw new AEUnableToConnect('Cannot open libcrack dictionary');
}

// Perform password check
if (!crack_check($dictionary, $password)) {
// Retrieve messages
$diag = crack_getlastmessage();

// Close dictionary
crack_closedict($dictionary);

throw new AEPasswordInvalid("The supplied password is too easy to crack, $diag");
}

// Close dictionary
crack_closedict($dictionary);
}

return true;
}
}

?>

--------------000802010904090006010700--


--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest

More information about the geeklog-devtalk mailing list