/**
* Checks whether a password is too similar to a dictionary of strings.
*
* @param string $password A password.
* @param array $dict A dictionary to check for similarity, for
* example the user name or an old password.
* @param float $max The maximum allowed similarity in percent.
*
* @throws Horde_Auth_Exception if the password is too similar.
*/
public static function checkPasswordSimilarity($password, array $dict, $max = 80)
{
// Check for pass == dict, simple reverse strings, etc.
foreach ($dict as $test) {
if (strcasecmp($password, $test) == 0 || strcasecmp($password, strrev($test)) == 0) {
throw new Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too simple to guess."));
}
}
// Check for percentages similarity also. This will catch very simple
// Things like "password" -> "password2" or "xpasssword"...
// Also, don't allow simple changing of capitalization to pass
foreach ($dict as $test) {
similar_text(Horde_String::lower($password), Horde_String::lower($test), $percent);
if ($percent > $max) {
throw new Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too simple to guess."));
}
}
}
/**
* Finds out if a set of login credentials are valid, and if requested,
* mark the user as logged in in the current session.
*
* @param string $userId The userId to check.
* @param array $credentials The credentials to check.
* @param boolean $login Whether to log the user in. If false, we'll
* only test the credentials and won't modify
* the current session. Defaults to true.
*
* @return boolean Whether or not the credentials are valid.
*/
public function authenticate($userId, $credentials, $login = true)
{
$userId = trim($userId);
try {
$this->_credentials['userId'] = $userId;
if ($this->hasCapability('lock') && $this->isLocked($userId)) {
$details = $this->isLocked($userId, true);
if ($details['lock_timeout'] == Horde_Lock::PERMANENT) {
$message = Horde_Auth_Translation::t("Your account has been permanently locked");
} else {
$message = sprintf(Horde_Auth_Translation::t("Your account has been locked for %d minutes"), ceil(($details['lock_timeout'] - time()) / 60));
}
throw new Horde_Auth_Exception($message, Horde_Auth::REASON_LOCKED);
}
$this->_authenticate($userId, $credentials);
$this->setCredential('userId', $this->_credentials['userId']);
$this->setCredential('credentials', $credentials);
if ($this->hasCapability('badlogincount')) {
$this->_resetBadLogins($userId);
}
return true;
} catch (Horde_Auth_Exception $e) {
if (($code = $e->getCode()) && $code != Horde_Auth::REASON_MESSAGE) {
if ($code == Horde_Auth::REASON_BADLOGIN && $this->hasCapability('badlogincount')) {
$this->_badLogin($userId);
}
$this->setError($code, $e->getMessage());
} else {
$this->setError(Horde_Auth::REASON_MESSAGE, $e->getMessage());
}
return false;
}
}
/**
* Returns the plural translation of a message.
*
* @param string $singular The singular version to translate.
* @param string $plural The plural version to translate.
* @param integer $number The number that determines singular vs. plural.
*
* @return string The string translation, or the original string if no
* translation exists.
*/
public static function ngettext($singular, $plural, $number)
{
self::$_domain = 'Horde_Auth';
self::$_directory = '@data_dir@' == '@' . 'data_dir' . '@' ? __DIR__ . '/../../../locale' : '@data_dir@/Horde_Auth/locale';
return parent::ngettext($singular, $plural, $number);
}
