From 8a285f7fa7f09ae969e12cf4b7bda0f5123bb0fb Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 9 Jun 2013 02:29:27 +0200 Subject: AUTH_PASSWORD_GENERATE event added This is needed to replace the password generator by a plugin implementation. Related to PR #166 and FS#2147 --- inc/auth.php | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) (limited to 'inc') diff --git a/inc/auth.php b/inc/auth.php index 1f8489f03..82a6b46cd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -678,27 +678,40 @@ function auth_nameencode($name, $skip_group = false) { /** * Create a pronouncable password * + * The $foruser variable might be used by plugins to run additional password + * policy checks, but is not used by the default implementation + * * @author Andreas Gohr * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 + * @triggers AUTH_PASSWORD_GENERATE * + * @param string $foruser username for which the password is generated * @return string pronouncable password */ -function auth_pwgen() { - $pw = ''; - $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones - $v = 'aeiou'; //vowels - $a = $c.$v; //both - - //use two syllables... - for($i = 0; $i < 2; $i++) { - $pw .= $c[rand(0, strlen($c) - 1)]; - $pw .= $v[rand(0, strlen($v) - 1)]; - $pw .= $a[rand(0, strlen($a) - 1)]; +function auth_pwgen($foruser='') { + $data = array( + 'password' = '', + 'foruser' = $foruser + ); + + $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); + if($evt->advise_before(true)) { + $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones + $v = 'aeiou'; //vowels + $a = $c.$v; //both + + //use two syllables... + for($i = 0; $i < 2; $i++) { + $data['password'] .= $c[rand(0, strlen($c) - 1)]; + $data['password'] .= $v[rand(0, strlen($v) - 1)]; + $data['password'] .= $a[rand(0, strlen($a) - 1)]; + } + //... and add a nice number + $data['password'] .= rand(10, 99); } - //... and add a nice number - $pw .= rand(10, 99); + $evt->advise_after(); - return $pw; + return $data['password']; } /** @@ -765,7 +778,7 @@ function register() { } if($conf['autopasswd']) { - $pass = auth_pwgen(); // automatically generate password + $pass = auth_pwgen($login); // automatically generate password } elseif(empty($pass) || empty($passchk)) { msg($lang['regmissing'], -1); // complain about missing passwords return false; @@ -958,7 +971,7 @@ function act_resendpwd() { } else { // autogenerate the password and send by mail - $pass = auth_pwgen(); + $pass = auth_pwgen($user); if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) { msg('error modifying user data', -1); return false; -- cgit v1.2.3 From d628dcf33c131b3ede5c78b4550c2ba23124f432 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 9 Jun 2013 02:51:19 +0200 Subject: fixed syntax fuckup --- inc/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/auth.php b/inc/auth.php index 82a6b46cd..db6245e20 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -690,8 +690,8 @@ function auth_nameencode($name, $skip_group = false) { */ function auth_pwgen($foruser='') { $data = array( - 'password' = '', - 'foruser' = $foruser + 'password' => '', + 'foruser' => $foruser ); $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); -- cgit v1.2.3 From 987c8d26bbfec753f50b50e8f16e0f5579a93e11 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 14 Jun 2013 14:49:39 +0200 Subject: Increased strength of auto generated passwords a bit If you want better random initialization and more control over the password strength install the passpolicy plugin. --- inc/auth.php | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'inc') diff --git a/inc/auth.php b/inc/auth.php index db6245e20..6107645cd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -681,14 +681,14 @@ function auth_nameencode($name, $skip_group = false) { * The $foruser variable might be used by plugins to run additional password * policy checks, but is not used by the default implementation * - * @author Andreas Gohr - * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 + * @author Andreas Gohr + * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 * @triggers AUTH_PASSWORD_GENERATE * * @param string $foruser username for which the password is generated * @return string pronouncable password */ -function auth_pwgen($foruser='') { +function auth_pwgen($foruser = '') { $data = array( 'password' => '', 'foruser' => $foruser @@ -696,18 +696,19 @@ function auth_pwgen($foruser='') { $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); if($evt->advise_before(true)) { - $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones - $v = 'aeiou'; //vowels - $a = $c.$v; //both - - //use two syllables... - for($i = 0; $i < 2; $i++) { - $data['password'] .= $c[rand(0, strlen($c) - 1)]; - $data['password'] .= $v[rand(0, strlen($v) - 1)]; - $data['password'] .= $a[rand(0, strlen($a) - 1)]; + $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones + $v = 'aeiou'; //vowels + $a = $c.$v; //both + $s = '!$%&?+*~#-_:.;,'; // specials + + //use thre syllables... + for($i = 0; $i < 3; $i++) { + $data['password'] .= $c[mt_rand(0, strlen($c) - 1)]; + $data['password'] .= $v[mt_rand(0, strlen($v) - 1)]; + $data['password'] .= $a[mt_rand(0, strlen($a) - 1)]; } - //... and add a nice number - $data['password'] .= rand(10, 99); + //... and add a nice number and special + $data['password'] .= mt_rand(10, 99).$s[mt_rand(0, strlen($s) - 1)]; } $evt->advise_after(); -- cgit v1.2.3