/** ----------------------------------------- /** Spell Check for Textareas /** -----------------------------------------*/ function spellcheck() { if (!class_exists('Spellcheck')) { require PATH_CORE . 'core.spellcheck' . EXT; } return Spellcheck::check(); }
/** * Checks the security of a password. * * The following aspects will be concidered. The password... * <ul> * <li>... is not a word in a dictionary (uses Spellcheck class if possible). * <li>... reaches the minimum length (4 chars). * <li>... consists of uppercase and lowercase chars, digits and special chars. * <li>... does not contain identical char sequences. (min. 3 chars) * <li>... does not contain general keyboard sequences. (min. 3 chars) * <li>... does not contain increasing or decreasing numbers in a row. (min. 3 chars) * <li>... does not contain char sequences that match sequences in the alphabet. (min. 3 chars) * </ul> * * @param string Password to check * @param array Array contains the values why the password is not secure (see class constants) * @param int Optimal length of a password * @param string Sprachkürtzel eines Wörterbuchs zum Prüfen * @return int 0 = Very low security, 100 = Very high Security * @see Spellcheck::check() * @todo Consider special chars like umlauts (see below) */ public static function check($password, &$failureArray = array(), $language = null, $optimalPasswordLength = 10) { //Rating initialisieren $rating = 100; $passwordLength = strlen($password); $smallPassword = strtolower($password); //Zum Vergleich mit Reihen // Check that pw is not shorter than 4 chars. if ($passwordLength < 4) { // Pw is too short, completely unsecure, return 0 now return 0; } // Check that pw is not a word in a dictionary. try { $spellcheck = new Spellcheck($language); if ($spellcheck->check($password) == false) { $failureArray[] = self::LEXICON_WORD; $rating -= 50; } } catch (CoreException $e) { // No other solution at the moment } // Remove 5 points for each char missing to the optimal pw length $diff = $optimalPasswordLength - $passwordLength; if ($diff > 0) { $failureArray[] = self::TOO_SMALL; $rating -= $diff * 5; } // Password consists of uppercase and lowercase chars, digits and special chars. // Todo: This does not tests for special chars like umlauts $smallChar = false; $bigChar = false; $numericChar = false; $specialChar = false; for($i = 0; $i < $passwordLength; $i++) { $ascii = ord($password[$i]); if ($ascii >= 48 && $ascii <= 57) { $numericChar = true; } elseif ($ascii >= 65 && $ascii <= 90) { $bigChar = true; } elseif ($ascii >= 97 && $ascii <= 122) { $smallChar = true; } elseif ($ascii >= 32 && $ascii <= 126) { $specialChar = true; } } // Remove points and add reason to failrue array if($smallChar == false) { $failureArray[] = self::NO_LOWERCASE_CHAR; $rating -= 15; } if($bigChar == false) { $failureArray[] = self::NO_UPPERCASE_CHAR; $rating -= 15; } if($numericChar == false) { $failureArray[] = self::NO_NUMBERIC_CHAR; $rating -= 20; } if($specialChar == false) { $failureArray[] = self::NO_SPECIAL_CHAR; $rating -= 10; } // Check for identical char sequences (min 3 chars) for ($i = 0; $i <= $passwordLength-3; $i++) { $excerpt = substr($smallPassword, $i, 3); if ($excerpt[0] == $excerpt[1] && $excerpt[1] == $excerpt[2]) { $failureArray[] = self::SAME_CHAR_SEQUENCE; $rating -= 20; break; } } // Check for increasing or decreasing numbers in a row. (min. 3 chars) foreach(self::$keyboardSequences as &$sequence) { if (strpos($smallPassword, $sequence) !== false) { $failureArray[] = self::KEYBOARD_SEQUENCE; $rating -= 15; break; } } //ABC oder Zahlenreihen (ab 3 Buchstaben) => 20 Punkte abziehen for ($i = 0; $i <= $passwordLength-3; $i++) { $excerpt = substr($smallPassword, $i, 3); if(strpos(self::$alphabet, $excerpt) !== false) { $failureArray[] = self::ALPHABETICAL_SEQUENCE; $rating -= 15; break; } } return ($rating > 0) ? $rating: 0; }