Skip to content

Commit c9e684d

Browse files
author
Marius Cramer
committed
Fixed: FS#3500 - Improve password strengthmeter
1 parent d195e39 commit c9e684d

File tree

2 files changed

+58
-21
lines changed

2 files changed

+58
-21
lines changed

interface/lib/classes/validate_password.inc.php

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,19 +38,27 @@ private function _get_password_strength($password) {
3838
return 1;
3939
}
4040

41+
$different = 0;
42+
if (preg_match('/[abcdefghijklnmopqrstuvwxyz]/', $password)) {
43+
$different += 1;
44+
}
45+
4146
if (preg_match('/[ABCDEFGHIJKLNMOPQRSTUVWXYZ]/', $password)) {
4247
$points += 1;
48+
$different += 1;
4349
}
4450

4551
if (preg_match('/[0123456789]/', $password)) {
4652
$points += 1;
53+
$different += 1;
4754
}
4855

4956
if (preg_match('/[`~!@#$%^&*()_+|\\=-[]}{\';:\/?.>,<" ]/', $password)) {
5057
$points += 1;
58+
$different += 1;
5159
}
5260

53-
if ($points == 0) {
61+
if ($points == 0 || $different < 3) {
5462
if ($length >= 5 && $length <= 6) {
5563
return 1;
5664
} else if ($length >= 7 && $length <= 8) {

interface/web/js/scrigo.js.php

Lines changed: 49 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -579,6 +579,8 @@ function keepalive() {
579579
pass_message['color'] = "green";
580580
pass_messages[5] = pass_message;
581581

582+
var special_chars = "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ";
583+
582584
function pass_check(password) {
583585
var length = password.length;
584586
var points = 0;
@@ -591,20 +593,29 @@ function pass_check(password) {
591593
pass_result(1);
592594
return;
593595
}
594-
596+
597+
var different = 0;
598+
599+
if (pass_contains(password, "abcdefghijklnmopqrstuvwxyz")) {
600+
different += 1;
601+
}
602+
595603
if (pass_contains(password, "ABCDEFGHIJKLNMOPQRSTUVWXYZ")) {
596604
points += 1;
605+
different += 1;
597606
}
598607

599608
if (pass_contains(password, "0123456789")) {
600609
points += 1;
610+
different += 1;
601611
}
602612

603-
if (pass_contains(password, "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ")) {
613+
if (pass_contains(password, special_chars)) {
604614
points += 1;
615+
different += 1;
605616
}
606617

607-
if (points == 0) {
618+
if (points == 0 || different < 3) {
608619
if (length >= 5 && length <=6) {
609620
pass_result(1);
610621
} else if (length >= 7 && length <=8) {
@@ -742,27 +753,45 @@ function getInternetExplorerVersion() {
742753
return rv;
743754
}
744755

745-
function password(minLength, special){
746-
var iteration = 0;
747-
var password = "";
748-
var randomNumber;
756+
function password(minLength, special, num_special){
749757
minLength = minLength || 10;
758+
if(minLength < 8) minLength = 8;
750759
var maxLength = minLength + 5;
751760
var length = getRandomInt(minLength, maxLength);
752-
if(special == undefined){
753-
var special = false;
761+
762+
var alphachars = "abcdefghijklmnopqrstuvwxyz";
763+
var upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
764+
var numchars = "1234567890";
765+
var specialchars = "!@#_";
766+
767+
if(num_special == undefined) num_special = 0;
768+
if(special != undefined && special == true) {
769+
num_special = Math.floor(Math.random() * (length / 4)) + 1;
754770
}
755-
while(iteration < length){
756-
randomNumber = (Math.floor((Math.random() * 100)) % 94) + 33;
757-
if(!special){
758-
if ((randomNumber >=33) && (randomNumber <=47)) { continue; }
759-
if ((randomNumber >=58) && (randomNumber <=64)) { continue; }
760-
if ((randomNumber >=91) && (randomNumber <=96)) { continue; }
761-
if ((randomNumber >=123) && (randomNumber <=126)) { continue; }
762-
}
763-
iteration++;
764-
password += String.fromCharCode(randomNumber);
771+
var numericlen = getRandomInt(1, 2);
772+
var alphalen = length - num_special - numericlen;
773+
var upperlen = Math.floor(alphalen / 2);
774+
alphalen = alphalen - upperlen;
775+
var password = "";
776+
777+
for(i = 0; i < alphalen; i++) {
778+
password += alphachars.charAt(Math.floor(Math.random() * alphachars.length));
779+
}
780+
781+
for(i = 0; i < upperlen; i++) {
782+
password += upperchars.charAt(Math.floor(Math.random() * upperchars.length));
783+
}
784+
785+
for(i = 0; i < num_special; i++) {
786+
password += specialchars.charAt(Math.floor(Math.random() * specialchars.length));
787+
}
788+
789+
for(i = 0; i < numericlen; i++) {
790+
password += numchars.charAt(Math.floor(Math.random() * numchars.length));
765791
}
792+
793+
password = password.split('').sort(function() { return 0.5 - Math.random(); }).join('');
794+
766795
return password;
767796
}
768797

@@ -778,7 +807,7 @@ function generatePassword(passwordFieldID, repeatPasswordFieldID){
778807
var newPWField = oldPWField.clone();
779808
newPWField.attr('type', 'text').attr('id', 'tmp'+passwordFieldID).insertBefore(oldPWField);
780809
oldPWField.remove();
781-
var pword = password(<?php echo $min_password_length ?>, false);
810+
var pword = password(<?php echo $min_password_length; ?>, false, 1);
782811
jQuery('#'+repeatPasswordFieldID).val(pword);
783812
newPWField.attr('id', passwordFieldID).val(pword).trigger('keyup');
784813
}

0 commit comments

Comments
 (0)