From e7b283b80ee7b8812267715f47cac64bac3962c2 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 11 Sep 2009 09:12:43 -0400
Subject: [PATCH] - Password: added password strength options (#1486062)

---
 CHANGELOG                               |    1 +
 plugins/password/localization/en_US.inc |    2 ++
 plugins/password/localization/pl_PL.inc |    2 ++
 plugins/password/config.inc.php.dist    |   11 +++++++++--
 plugins/password/password.php           |   13 ++++++++++++-
 5 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index e2fcf8e..7dd9f22 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Password: added password strength options (#1486062)
 - Fix LDAP partial result warning (#1485536)
 - Fix delete in message view deletes permanently with flag_for_deletion=true (#1486101)
 - Use faster/secure mt_rand() (#1486094)
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index f526c7f..3950afc 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -9,6 +9,14 @@
 // Default: false.
 $rcmail_config['password_confirm_current'] = true;
 
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$rcmail_config['password_minimum_length'] = 0;
+ 
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$rcmail_config['password_require_nonalpha'] = false;
+
 
 // SQL Driver options
 // ------------------
@@ -134,8 +142,7 @@
 // DirectAdmin Driver options
 // --------------------------
 // The host which changes the password
-// Use 'ssl://serverip' instead of 'tcp://serverip' when running DirectAdmin over SSL.
-$rcmail_config['password_directadmin_host'] = 'tcp://localhost';
+$rcmail_config['password_directadmin_host'] = 'localhost';
 
 // TCP port used for DirectAdmin connections
 $rcmail_config['password_directadmin_port'] = 2222;
diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc
index 6c64cc0..75fe861 100644
--- a/plugins/password/localization/en_US.inc
+++ b/plugins/password/localization/en_US.inc
@@ -14,5 +14,7 @@
 $messages['crypterror'] = 'Could not save new password. Encrypt function missing.';
 $messages['connecterror'] = 'Could not save new password. Connection error.';
 $messages['internalerror'] = 'Could not save new password.';
+$messages['passwordshort'] = 'Your password must be at least $length characters long.';
+$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.';
 
 ?>
diff --git a/plugins/password/localization/pl_PL.inc b/plugins/password/localization/pl_PL.inc
index 4520d79..774437a 100644
--- a/plugins/password/localization/pl_PL.inc
+++ b/plugins/password/localization/pl_PL.inc
@@ -14,5 +14,7 @@
 $messages['crypterror'] = 'Nie udało się zapisać nowego hasła. Brak funkcji kodującej.';
 $messages['connecterror'] = 'Nie udało się zapisać nowego hasła. Błąd połączenia.';
 $messages['internalerror'] = 'Nie udało się zapisać nowego hasła.';
+$messages['passwordshort'] = 'Hasło musi posiadać co najmniej $length znaków.';
+$messages['passwordweak'] = 'Hasło musi zawierać co najmniej jedną cyfrę i znak interpunkcyjny.';
 
 ?>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 0e5e1ef..3a7050b 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -79,16 +79,27 @@
     $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
 
     $confirm = $rcmail->config->get('password_confirm_current');
+    $required_length = intval($rcmail->config->get('password_minimum_length'));
+    $check_strength = $rcmail->config->get('password_require_nonalpha');
 
     if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
       $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
     }
     else {
+
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
+      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
+      }
+      else if ($required_length && strlen($newpwd) < $required_length) {
+        $rcmail->output->command('display_message', $this->gettext(
+	  array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
+      }
+      else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
+        $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
+      }
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
         $_SESSION['password'] = $rcmail->encrypt($newpwd);

--
Gitblit v1.9.1