Created
May 17, 2017 01:55
-
-
Save iomarmochtar/2e6b4647acc64f1ed4b355b69615609d to your computer and use it in GitHub Desktop.
ClearOS custom password policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Custom password policy validator for ClearOS (6) | |
* | |
* @author Imam Omar Mochtar <iomarmochtar@gmail.com> | |
*/ | |
namespace clearos\apps\users; | |
require_once('custom_password_policy.php'); | |
// omarov: | |
class Custom_Password_Validator { | |
// password cannot contain username | |
public static function check_usrn_passwd($usrn, $passwd){ | |
$err_msg = "Password cannot contain username !!!"; | |
if ($usrn && $password && preg_match('/'.$usrn.'/i', $password)) | |
return $err_msg; | |
return FALSE; | |
} | |
// password policy check | |
public static function validate($pass, $username=null){ | |
if (!$pass) | |
return null; | |
$obj = new self(); | |
$is_err = $obj->checkPasswdPolicy($pass); | |
if ($is_err) | |
return "$is_err"; | |
if ($username && $err_same = self::check_usrn_passwd($username, $pass)) | |
return $err_same; | |
return null; | |
} | |
/** | |
* omarov: get list of custom policy | |
* | |
* @return array | |
**/ | |
private function getPasswdPolicies(){ | |
return array( | |
"min_char"=> array( | |
"name" => "Mininum Length", | |
"value" => POLICY_MIN_LENGTH, | |
"score"=>0 | |
), | |
"max_char"=> array( | |
"name" => "Maximum Length", | |
"value" => POLICY_MAX_LENGTH, | |
"score"=>0 | |
), | |
"min_upper"=> array( | |
"name" => "Mininum Uppercase", | |
"value" => POLICY_MIN_UPPERCASE, | |
"score"=>0 | |
), | |
"min_num"=> array( | |
"name" => "Mininum Numeric", | |
"value" => POLICY_MIN_NUMERIC, | |
"score"=>0 | |
), | |
"min_punch"=>array( | |
"name" => "Mininum Punctuation", | |
"value" => POLICY_MIN_PUNCTUATION, | |
"score"=>0 | |
), | |
); | |
} | |
/** | |
* omarov: check password policy | |
* - Cannot contain username | |
* - Cannot contain list of weak password | |
* - Password policy character checker | |
* | |
**/ | |
private function checkPasswdPolicy($passwd){ | |
// list of weak password | |
$weak_list = require('custom_weak_passwd_list.php'); | |
if (in_array($passwd, $weak_list)) | |
return "Your new password is listed as weak password !!!"; | |
// defined policy begin | |
$policy = $this->getPasswdPolicies(); | |
$pass_len = strlen($passwd); | |
$punch_list = str_split('!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'); | |
$policy['min_char']['score'] = $pass_len; | |
$policy['max_char']['score'] = $pass_len; | |
foreach( str_split($passwd) as $letter ){ | |
if (is_numeric($letter)) | |
$policy['min_num']['score'] += 1; | |
if (preg_match('/[A-Z]/', $letter)) | |
$policy['min_upper']['score'] += 1; | |
if (in_array($letter, $punch_list)) | |
$policy['min_punch']['score'] += 1; | |
} | |
// chek the result | |
foreach( $policy as $name => $pdata ){ | |
$iserr = false; | |
if ($name == 'max_char'){ | |
if ($pdata['value'] && $pdata['score'] > $pdata['value'] ) | |
$iserr = true; | |
} else { | |
if ($pdata['score'] < $pdata['value']) | |
$iserr = true; | |
} | |
if ($iserr){ | |
$text = "Password Policy Missmatch: ".$pdata['name']." (".$pdata['value'].")"; | |
return $text; | |
} | |
} | |
return null; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment