From: fmarier Date: Fri, 3 Apr 2009 02:22:52 +0000 (+0000) Subject: Password policy: MDL-17602 new "max consecutive identical characters" setting X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=c65ab2be9563580f8a2b2daf1bf88d0399a2965d;p=moodle.git Password policy: MDL-17602 new "max consecutive identical characters" setting --- diff --git a/admin/settings/security.php b/admin/settings/security.php index cbd405e7e9..8144a2cf4b 100644 --- a/admin/settings/security.php +++ b/admin/settings/security.php @@ -66,6 +66,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page $temp->add(new admin_setting_configtext('minpasswordlower', get_string('minpasswordlower', 'admin'), get_string('configminpasswordlower', 'admin'), 1, PARAM_INT)); $temp->add(new admin_setting_configtext('minpasswordupper', get_string('minpasswordupper', 'admin'), get_string('configminpasswordupper', 'admin'), 1, PARAM_INT)); $temp->add(new admin_setting_configtext('minpasswordnonalphanum', get_string('minpasswordnonalphanum', 'admin'), get_string('configminpasswordnonalphanum', 'admin'), 1, PARAM_INT)); + $temp->add(new admin_setting_configtext('maxconsecutiveidentchars', get_string('maxconsecutiveidentchars', 'admin'), get_string('configmaxconsecutiveidentchars', 'admin'), 3, PARAM_INT)); $temp->add(new admin_setting_configcheckbox('disableuserimages', get_string('disableuserimages', 'admin'), get_string('configdisableuserimages', 'admin'), 0)); $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', get_string('emailchangeconfirmation', 'admin'), get_string('configemailchangeconfirmation', 'admin'), 1)); $ADMIN->add('security', $temp); diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index 58b45df980..0e4134ebd9 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -186,6 +186,7 @@ $string['configmaxevents'] = 'Events to Lookahead'; $string['configmemcachedhosts'] = 'For memcached. Comma-separated list of hosts that are running the memcached daemon. Use IP addresses to avoid DNS latency. memcached does not behave well if you add/remove hosts on a running setup.'; $string['configmemcachedpconn'] = 'For memcached. Use persistent connections. Use carefully -- it can make Apache/PHP crash after a restart of the memcached daemon.'; $string['configmessaging'] = 'Should the messaging system between site users be enabled?'; +$string['configmaxconsecutiveidentchars'] = 'Passwords must not have more than this number of consecutive identical characters. Use 0 to disable this check.'; $string['configminpassworddigits'] = 'Passwords must have at least these many digits.'; $string['configminpasswordlength'] = 'Passwords must be at least these many characters long.'; $string['configminpasswordlower'] = 'Passwords must have at least these many lower case letters.'; @@ -554,6 +555,7 @@ $string['mediapluginwmv'] = 'Enable .wmv filter'; $string['memcachedhosts'] = 'memcached hosts'; $string['memcachedpconn'] = 'memcached use persistent connections'; $string['messaging'] = 'Enable messaging system'; +$string['maxconsecutiveidentchars'] = 'Consecutive identical characters'; $string['minpasswordlength'] = 'Password Length'; $string['minpassworddigits'] = 'Digits'; $string['minpasswordlower'] = 'Lowercase letters'; diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php index ad020d497b..558215d675 100644 --- a/lang/en_utf8/auth.php +++ b/lang/en_utf8/auth.php @@ -380,6 +380,7 @@ $string['changepasswordhelp'] = 'Here you can specify a location at which your u $string['chooseauthmethod'] = 'Choose an authentication method'; $string['createpasswordifneeded'] = 'Create password if needed'; $string['errorpasswordupdate'] = 'Error updating password, password not changed'; +$string['errormaxconsecutiveidentchars'] = 'Passwords must have at most $a consecutive identical characters.'; $string['errorminpasswordlength'] = 'Passwords must be at least $a characters long.'; $string['errorminpassworddigits'] = 'Passwords must have at least $a digit(s).'; $string['errorminpasswordlower'] = 'Passwords must have at least $a lower case letter(s).'; diff --git a/lib/moodlelib.php b/lib/moodlelib.php index d3f633fb23..7942c66ea5 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3414,6 +3414,9 @@ function check_password_policy($password, &$errmsg) { if (preg_match_all('/[^[:upper:][:lower:][:digit:]]/u', $password, $matches) < $CFG->minpasswordnonalphanum) { $errmsg .= '
'. get_string('errorminpasswordnonalphanum', 'auth', $CFG->minpasswordnonalphanum) .'
'; } + if (!check_consecutive_identical_characters($password, $CFG->maxconsecutiveidentchars)) { + $errmsg .= '
'. get_string('errormaxconsecutiveidentchars', 'auth', $CFG->maxconsecutiveidentchars) .'
'; + } if ($errmsg == '') { return true; @@ -8397,5 +8400,40 @@ function get_site_identifier() { return $CFG->siteidentifier; } +/** + * Check whether the given password has no more than the specified + * number of consecutive identical characters. + * + * @param string $password password to be checked agains the password policy + * @param integer $maxchars maximum number of consecutive identical characters + */ +function check_consecutive_identical_characters($password, $maxchars) { + + if ($maxchars < 1) { + return true; // 0 is to disable this check + } + if (strlen($password) <= $maxchars) { + return true; // too short to fail this test + } + + $previouschar = ''; + $consecutivecount = 1; + foreach (str_split($password) as $char) { + if ($char != $previouschar) { + $consecutivecount = 1; + } + else { + $consecutivecount++; + if ($consecutivecount > $maxchars) { + return false; // check failed already + } + } + + $previouschar = $char; + } + + return true; +} + // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?>