/** -----------------------------------------
/** Spell Check for Textareas
/** -----------------------------------------*/
function spellcheck()
{
if (!class_exists('Spellcheck')) {
require PATH_CORE . 'core.spellcheck' . EXT;
}
return Spellcheck::check();
}
/**
* Checks the security of a password.
*
* The following aspects will be concidered. The password...
* <ul>
* <li>... is not a word in a dictionary (uses Spellcheck class if possible).
* <li>... reaches the minimum length (4 chars).
* <li>... consists of uppercase and lowercase chars, digits and special chars.
* <li>... does not contain identical char sequences. (min. 3 chars)
* <li>... does not contain general keyboard sequences. (min. 3 chars)
* <li>... does not contain increasing or decreasing numbers in a row. (min. 3 chars)
* <li>... does not contain char sequences that match sequences in the alphabet. (min. 3 chars)
* </ul>
*
* @param string Password to check
* @param array Array contains the values why the password is not secure (see class constants)
* @param int Optimal length of a password
* @param string Sprachkürtzel eines Wörterbuchs zum Prüfen
* @return int 0 = Very low security, 100 = Very high Security
* @see Spellcheck::check()
* @todo Consider special chars like umlauts (see below)
*/
public static function check($password, &$failureArray = array(), $language = null, $optimalPasswordLength = 10) {
//Rating initialisieren
$rating = 100;
$passwordLength = strlen($password);
$smallPassword = strtolower($password); //Zum Vergleich mit Reihen
// Check that pw is not shorter than 4 chars.
if ($passwordLength < 4) {
// Pw is too short, completely unsecure, return 0 now
return 0;
}
// Check that pw is not a word in a dictionary.
try {
$spellcheck = new Spellcheck($language);
if ($spellcheck->check($password) == false) {
$failureArray[] = self::LEXICON_WORD;
$rating -= 50;
}
}
catch (CoreException $e) {
// No other solution at the moment
}
// Remove 5 points for each char missing to the optimal pw length
$diff = $optimalPasswordLength - $passwordLength;
if ($diff > 0) {
$failureArray[] = self::TOO_SMALL;
$rating -= $diff * 5;
}
// Password consists of uppercase and lowercase chars, digits and special chars.
// Todo: This does not tests for special chars like umlauts
$smallChar = false;
$bigChar = false;
$numericChar = false;
$specialChar = false;
for($i = 0; $i < $passwordLength; $i++) {
$ascii = ord($password[$i]);
if ($ascii >= 48 && $ascii <= 57) {
$numericChar = true;
}
elseif ($ascii >= 65 && $ascii <= 90) {
$bigChar = true;
}
elseif ($ascii >= 97 && $ascii <= 122) {
$smallChar = true;
}
elseif ($ascii >= 32 && $ascii <= 126) {
$specialChar = true;
}
}
// Remove points and add reason to failrue array
if($smallChar == false) {
$failureArray[] = self::NO_LOWERCASE_CHAR;
$rating -= 15;
}
if($bigChar == false) {
$failureArray[] = self::NO_UPPERCASE_CHAR;
$rating -= 15;
}
if($numericChar == false) {
$failureArray[] = self::NO_NUMBERIC_CHAR;
$rating -= 20;
}
if($specialChar == false) {
$failureArray[] = self::NO_SPECIAL_CHAR;
$rating -= 10;
}
// Check for identical char sequences (min 3 chars)
for ($i = 0; $i <= $passwordLength-3; $i++) {
$excerpt = substr($smallPassword, $i, 3);
if ($excerpt[0] == $excerpt[1] && $excerpt[1] == $excerpt[2]) {
$failureArray[] = self::SAME_CHAR_SEQUENCE;
$rating -= 20;
break;
}
}
// Check for increasing or decreasing numbers in a row. (min. 3 chars)
foreach(self::$keyboardSequences as &$sequence) {
if (strpos($smallPassword, $sequence) !== false) {
$failureArray[] = self::KEYBOARD_SEQUENCE;
$rating -= 15;
break;
}
}
//ABC oder Zahlenreihen (ab 3 Buchstaben) => 20 Punkte abziehen
for ($i = 0; $i <= $passwordLength-3; $i++) {
$excerpt = substr($smallPassword, $i, 3);
if(strpos(self::$alphabet, $excerpt) !== false) {
$failureArray[] = self::ALPHABETICAL_SEQUENCE;
$rating -= 15;
break;
}
}
return ($rating > 0) ? $rating: 0;
}
