Beispiel #1
0
 /**
  * Checks for valid password. Returns boolean. The following checks are done:
  *
  * + min length (constant AUTH_MIN_PASS_LENGTH defined in CAT_Users)
  * + max length (constant AUTH_MAX_PASS_LENGTH defined in CAT_Users)
  * + is a string (spaces allowed), no control characters
  * + if $allow_quotes = false: no quotes
  * + if $strict = true: consists of 6 or more letters, digits, underscores
  *                and hyphens; must contain at least one upper case letter,
  *                one lower case letter and one digit
  *
  * Use method getPasswordError() to get an error message on return value false
  *
  * @access public
  * @param  string  $password
  * @param  boolean $allow_quotes (default: true)
  * @param  boolean $strict       (default: false)
  * @return boolean
  *
  */
 public static function validatePassword($password, $allow_quotes = true, $strict = false)
 {
     $min_length = CAT_Registry::exists('AUTH_MIN_PASS_LENGTH') ? CAT_Registry::get('AUTH_MIN_PASS_LENGTH') : 5;
     $max_length = CAT_Registry::exists('AUTH_MAX_PASS_LENGTH') ? CAT_Registry::get('AUTH_MAX_PASS_LENGTH') : 20;
     // ----- check length -----
     if (strlen($password) < $min_length && (!CAT_Registry::exists('ALLOW_SHORT_PASSWORDS') || CAT_Registry::get('ALLOW_SHORT_PASSWORDS') !== true)) {
         self::$validatePasswordError = self::lang()->translate('The password is too short.');
         return false;
     } elseif (strlen($password) > $max_length) {
         self::$validatePasswordError = self::lang()->translate('The password is too long.');
         return false;
     }
     // any string that doesn't have control characters (ASCII 0 - 31) - spaces allowed
     if (!preg_match('/^[^\\x-\\x1F]+$/D', $password, $match)) {
         self::$validatePasswordError = self::lang()->translate('Invalid password!');
         return false;
     } else {
         self::$lastValidatedPassword = $match[0];
     }
     if (!$allow_quotes) {
         // don't allow quotes in the PW!
         if (preg_match('/(\\%27)|(\')|(%2D%2D)|(\\-\\-)/i', $password)) {
             self::$validatePasswordError = self::lang()->translate('Invalid password!');
             return false;
         }
     }
     // check complexity
     if ($strict) {
         $PASSWORD = new Password();
         $PASSWORD->setComplexity($PASSWORD->getComplexityStrict());
         if (!$PASSWORD->complexEnough($password, self::get_username())) {
             self::$validatePasswordError = self::lang()->translate('The required password complexity is not met') . implode('<br />', $PASSWORD->getPasswordIssues());
             return false;
         }
     }
     // all checks done
     return true;
 }