From 5061949f94c27dd30cf2d50e9fa71e7f2a0f67c3 Mon Sep 17 00:00:00 2001
From: Toby Inkster <mail@tobyinkster.co.uk>
Date: Thu, 13 Mar 2014 16:13:48 +0000
Subject: [PATCH] patch to enforce password policy

--HG--
extra : source : 98986452d02ff23ce833850d268e705c6b7b172f
---
 src/mibew/libs/config.php          |  2 ++
 src/mibew/libs/password-policy.php | 29 +++++++++++++++++++++++++++++
 src/mibew/locales/en/properties    |  1 +
 src/mibew/operator/operator.php    |  7 ++++++-
 4 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 src/mibew/libs/password-policy.php

diff --git a/src/mibew/libs/config.php b/src/mibew/libs/config.php
index 3b45e7b3..87ad167b 100644
--- a/src/mibew/libs/config.php
+++ b/src/mibew/libs/config.php
@@ -54,4 +54,6 @@ $default_locale = "en"; /* if user does not provide known lang */
  */
 $use_open_basedir_protection = false;
 
+require_once('password-policy.php');
+
 ?>
\ No newline at end of file
diff --git a/src/mibew/libs/password-policy.php b/src/mibew/libs/password-policy.php
new file mode 100644
index 00000000..7aa04554
--- /dev/null
+++ b/src/mibew/libs/password-policy.php
@@ -0,0 +1,29 @@
+<?php
+
+/*
+ * You can set this to a different value.
+ * See http://www.php.net/manual/en/language.types.callable.php
+ */
+$password_policy = 'standard_password_policy';
+
+function standard_password_policy ($pwd) {
+	if (strlen($pwd) < 8) {
+		return false;
+	}
+	if (strlen($pwd) >= 16) {
+		return true;
+	}
+	
+	$character_classes = 0;
+	if (preg_match('/[A-Z]/', $pwd)) $character_classes++;
+	if (preg_match('/[a-z]/', $pwd)) $character_classes++;
+	if (preg_match('/[0-9]/', $pwd)) $character_classes++;
+	if (preg_match('/[^A-Za-z0-9]/', $pwd)) $character_classes++;
+	
+	if ($character_classes >= 3) {
+		return true;
+	}
+	return false;
+}
+
+?>
diff --git a/src/mibew/locales/en/properties b/src/mibew/locales/en/properties
index 73d823ba..ea979e81 100644
--- a/src/mibew/locales/en/properties
+++ b/src/mibew/locales/en/properties
@@ -248,6 +248,7 @@ menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
 my_settings.error.password_match=Entered passwords do not match
+my_settings.error.password_policy=Password is too simple
 no_such_operator=No such Operator
 notification.back_to_list=Back to the list
 notification.intro=Contents of sent notification.
diff --git a/src/mibew/operator/operator.php b/src/mibew/operator/operator.php
index 348c26eb..eddf308d 100644
--- a/src/mibew/operator/operator.php
+++ b/src/mibew/operator/operator.php
@@ -69,6 +69,11 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 
 	if ($password != $passwordConfirm)
 		$errors[] = getlocal("my_settings.error.password_match");
+	
+	if ($password_policy) {
+		if (!call_user_func($password_policy, $password))
+			$errors[] = getlocal("my_settings.error.password_policy");
+	}
 
 	$existing_operator = operator_by_login($login);
 	if ((!$opId && $existing_operator) ||
@@ -147,4 +152,4 @@ prepare_menu($operator);
 setup_operator_settings_tabs($opId, 0);
 start_html_output();
 require('../view/agent.php');
-?>
\ No newline at end of file
+?>