/** * checks password with cracklib and outputs warning message if insecure. * * @param string username * @param string password */ function liveuser_admin_users_cracklib_check($username, $password) { if (extension_loaded('crack') && function_exists('crack_check') && function_exists('crack_getlastmessage')) { crack_check($value); if (crack_getlastmessage() != "strong password") { echo '<p>Password for user ' . $username . ' is not secure, cracklib reports: ' . crack_getlastmessage() . '.</p>'; } } //Jeff's password checker, copied from auth_liveuser.php $password_status = ewiki_check_passwd($password, $username); //$end=getmicrotime(); //echo($end-$time); if ($password_status != 'good passwd') { if ($password_status == 'read error') { echo ewiki_t('PASS_DICTIONARY_READ_ERROR'); } else { echo ewiki_t($password_status); } } }
function liveuser_generate_password() { $pwd = ''; // to store generated password $len = rand(LW_PASSWORD_LEN_MIN, LW_PASSWORD_LEN_MAX); // password length do { // generate random number sequence of ascii characters for ($i = 0; $i < $len; $i++) { $num = rand(48, 122); if ($num >= ord('a') && $num <= ord('z')) { $pwd .= chr($num); } else { if ($num >= ord('A') && $num <= ord('Z')) { $pwd .= chr($num); } else { if ($num >= ord('0') && $num <= ord('9')) { $pwd .= chr($num); } else { if ($num >= ord('#') && $num <= ord('&')) { $pwd .= chr($num); } else { if ($num >= ord('?') && $num <= ord('@')) { $pwd .= chr($num); } else { $i--; } } } } } } } while (ewiki_check_passwd($pwd) != "good passwd"); return $pwd; }
/** * changes current user's password based on form input * * @param mixed id * @param mixed data * @return mixed */ function ewiki_page_liveuser_chpw($id, $data) { global $liveuser, $liveuserAuthAdmin; // if form was not submitted, return page output for form if (!isset($_REQUEST['oldpassword'])) { return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_FORM'); } // ensure that original password is valid, and that new passwords match if ($liveuser->getProperty('passwd') != $liveuserAuthAdmin->encryptPW($_REQUEST['oldpassword'])) { return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_BADOLD') . ewiki_t('CHPW_FORM'); } else { if ($_REQUEST['newpassword1'] != $_REQUEST['newpassword2']) { return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_NOMATCH') . ewiki_t('CHPW_FORM'); } else { if ($_REQUEST['newpassword1'] == $_REQUEST['oldpassword']) { return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_SAMEOLD') . ewiki_t('CHPW_FORM'); } } } //$time=getmicrotime(); $password_status = ewiki_check_passwd($_REQUEST['newpassword1'], $liveuser->getHandle()); //$end=getmicrotime(); //echo($end-$time); if ($password_status != 'good passwd') { if ($password_status == 'read error') { return ewiki_make_title($id, $id, 2) . ewiki_t('PASS_DICTIONARY_READ_ERROR'); } else { return ewiki_make_title($id, $id, 2) . ewiki_t($password_status) . '<!--' . $password_status . '-->' . ewiki_t('CHPW_FORM'); } } // return success if ($liveuserAuthAdmin->updateUser($liveuser->getProperty('authUserId'), $liveuser->getHandle(), $_REQUEST['newpassword2']) === true) { ewiki_set_uservar("passwdstatus", 'good', $GLOBALS['ewiki_auth_user']); ewiki_set_uservar("passwdexpiredate", time() + 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $GLOBALS['ewiki_auth_user']); return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_SUCCESS'); } else { return ewiki_make_title($id, $id, 2) . ewiki_t('CHPW_ERROR'); } }