/** * Checks whether a password is too similar to a dictionary of strings. * * @param string $password A password. * @param array $dict A dictionary to check for similarity, for * example the user name or an old password. * @param float $max The maximum allowed similarity in percent. * * @throws Horde_Auth_Exception if the password is too similar. */ public static function checkPasswordSimilarity($password, array $dict, $max = 80) { // Check for pass == dict, simple reverse strings, etc. foreach ($dict as $test) { if (strcasecmp($password, $test) == 0 || strcasecmp($password, strrev($test)) == 0) { throw new Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too simple to guess.")); } } // Check for percentages similarity also. This will catch very simple // Things like "password" -> "password2" or "xpasssword"... // Also, don't allow simple changing of capitalization to pass foreach ($dict as $test) { similar_text(Horde_String::lower($password), Horde_String::lower($test), $percent); if ($percent > $max) { throw new Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too simple to guess.")); } } }
/** * Finds out if a set of login credentials are valid, and if requested, * mark the user as logged in in the current session. * * @param string $userId The userId to check. * @param array $credentials The credentials to check. * @param boolean $login Whether to log the user in. If false, we'll * only test the credentials and won't modify * the current session. Defaults to true. * * @return boolean Whether or not the credentials are valid. */ public function authenticate($userId, $credentials, $login = true) { $userId = trim($userId); try { $this->_credentials['userId'] = $userId; if ($this->hasCapability('lock') && $this->isLocked($userId)) { $details = $this->isLocked($userId, true); if ($details['lock_timeout'] == Horde_Lock::PERMANENT) { $message = Horde_Auth_Translation::t("Your account has been permanently locked"); } else { $message = sprintf(Horde_Auth_Translation::t("Your account has been locked for %d minutes"), ceil(($details['lock_timeout'] - time()) / 60)); } throw new Horde_Auth_Exception($message, Horde_Auth::REASON_LOCKED); } $this->_authenticate($userId, $credentials); $this->setCredential('userId', $this->_credentials['userId']); $this->setCredential('credentials', $credentials); if ($this->hasCapability('badlogincount')) { $this->_resetBadLogins($userId); } return true; } catch (Horde_Auth_Exception $e) { if (($code = $e->getCode()) && $code != Horde_Auth::REASON_MESSAGE) { if ($code == Horde_Auth::REASON_BADLOGIN && $this->hasCapability('badlogincount')) { $this->_badLogin($userId); } $this->setError($code, $e->getMessage()); } else { $this->setError(Horde_Auth::REASON_MESSAGE, $e->getMessage()); } return false; } }
/** * Returns the plural translation of a message. * * @param string $singular The singular version to translate. * @param string $plural The plural version to translate. * @param integer $number The number that determines singular vs. plural. * * @return string The string translation, or the original string if no * translation exists. */ public static function ngettext($singular, $plural, $number) { self::$_domain = 'Horde_Auth'; self::$_directory = '@data_dir@' == '@' . 'data_dir' . '@' ? __DIR__ . '/../../../locale' : '@data_dir@/Horde_Auth/locale'; return parent::ngettext($singular, $plural, $number); }