| Index: trunk/extensions/PasswordStrength/PasswordStrength.php |
| — | — | @@ -0,0 +1,52 @@ |
| | 2 | +<?php |
| | 3 | + |
| | 4 | +/** |
| | 5 | + * PasswordStrength |
| | 6 | + * Perform additional security checks on a password via regular |
| | 7 | + * expressions |
| | 8 | + * |
| | 9 | + * Copyright (C) 2008 Chad Horohoe <innocentkiller@gmail.com> |
| | 10 | + * http://www.mediawiki.org/wiki/Extension:PasswordStrength |
| | 11 | + * |
| | 12 | + * This program is free software; you can redistribute it and/or modify |
| | 13 | + * it under the terms of the GNU General Public License as published by |
| | 14 | + * the Free Software Foundation; either version 2 of the License, or |
| | 15 | + * (at your option) any later version. |
| | 16 | + * |
| | 17 | + * This program is distributed in the hope that it will be useful, |
| | 18 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | 19 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | 20 | + * GNU General Public License for more details. |
| | 21 | + * |
| | 22 | + * You should have received a copy of the GNU General Public License along |
| | 23 | + * with this program; if not, write to the Free Software Foundation, Inc., |
| | 24 | + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| | 25 | + * http://www.gnu.org/copyleft/gpl.html |
| | 26 | + */ |
| | 27 | + |
| | 28 | +$wgExtensionCredits['other'][] = array( |
| | 29 | + 'name' => 'PasswordStrength', |
| | 30 | + 'author' => 'Chad Horohoe', |
| | 31 | + 'url' => 'http://www.mediawiki.org/wiki/Extension:PasswordStrength', |
| | 32 | + 'description' => 'Perform additional security checks on passwords.', |
| | 33 | + 'version' => '0.2', |
| | 34 | +); |
| | 35 | + |
| | 36 | +$wgPSRegexChecks = array (); |
| | 37 | +$wgPSRegexChecks[] = '/^\d+$/'; |
| | 38 | + |
| | 39 | +$wgHooks['isValidPassword'][] = 'psCheckRegex'; |
| | 40 | + |
| | 41 | +function psCheckRegex( $password, &$result, $userObj ) { |
| | 42 | + global $wgPSRegexChecks; |
| | 43 | + if ( is_array( $wgPSRegexChecks ) ) { |
| | 44 | + foreach ( $wgPSRegexChecks as $regex ) { |
| | 45 | + if ( preg_match( $regex, $password ) ) { |
| | 46 | + $result = false; |
| | 47 | + return false; |
| | 48 | + } |
| | 49 | + } |
| | 50 | + } |
| | 51 | + $result = true; |
| | 52 | + return true; |
| | 53 | +} |
| Property changes on: trunk/extensions/PasswordStrength/PasswordStrength.php |
| ___________________________________________________________________ |
| Added: svn:eol-style |
| 1 | 54 | + native |
| Index: trunk/extensions/PasswordStrength/README |
| — | — | @@ -0,0 +1,26 @@ |
| | 2 | +PASSWORDSTRENGTH README
|
| | 3 | +
|
| | 4 | +1. INTRODUCTION
|
| | 5 | +This extension is designed to implement more stringent password checks on registration/preference update.
|
| | 6 | +
|
| | 7 | +2. INSTALLATION
|
| | 8 | +Place PasswordStrength.php in "$IP/extensions/PasswordStrength/". Open LocalSettings.php and add the following line at the end:
|
| | 9 | +
|
| | 10 | +require_once("$IP/extensions/PasswordStrength/PasswordStrength.php");
|
| | 11 | +
|
| | 12 | +3. SETTING UP CHECKS
|
| | 13 | +The global array $wgPSRegexChecks is a series of regular expressions to be applied to the password. The default (and example) is
|
| | 14 | +$wgPSRegexChecks[] = '/^\d+$/'; This would cause any password consisting of only numbers to be denied.
|
| | 15 | +
|
| | 16 | +4. WARNINGS
|
| | 17 | +a) If a user has a password that does not pass the check, then they are locked out of their account.
|
| | 18 | +b) If anchors are not added to the regex (ie: ^...$), then all passwords matching the regex _in part_ will fail (in the example, without
|
| | 19 | +anchors, no numeric characters would be allowed).
|
| | 20 | +
|
| | 21 | +5. TODO
|
| | 22 | +Make it where a password failure on login (due to invalid complexity) forces a password change, not an account lockout (this requires
|
| | 23 | +a modification to core).
|
| | 24 | +
|
| | 25 | +6. LICENSING
|
| | 26 | +PasswordStrength is made available under the conditions of the GNU General Public License version 2 (or at your option, any later
|
| | 27 | +version). For more information, see http://www.gnu.org/copyleft/gpl.html |
| \ No newline at end of file |