patch to enforce password policy

--HG--
extra : source : 98986452d02ff23ce833850d268e705c6b7b172f

src/mibew/libs/config.php

@@ -54,4 +54,6 @@ $default_locale = "en"; /* if user does not provide known lang */
  */
 $use_open_basedir_protection = false;
 
+require_once('password-policy.php');
+
 ?>

src/mibew/libs/password-policy.php

@@ -0,0 +1,29 @@
+<?php
+
+/*
+ * You can set this to a different value.
+ * See http://www.php.net/manual/en/language.types.callable.php
+ */
+$password_policy = 'standard_password_policy';
+
+function standard_password_policy ($pwd) {
+	if (strlen($pwd) < 8) {
+		return false;
+	}
+	if (strlen($pwd) >= 16) {
+		return true;
+	}
+	
+	$character_classes = 0;
+	if (preg_match('/[A-Z]/', $pwd)) $character_classes++;
+	if (preg_match('/[a-z]/', $pwd)) $character_classes++;
+	if (preg_match('/[0-9]/', $pwd)) $character_classes++;
+	if (preg_match('/[^A-Za-z0-9]/', $pwd)) $character_classes++;
+	
+	if ($character_classes >= 3) {
+		return true;
+	}
+	return false;
+}
+
+?>

src/mibew/locales/en/properties

@@ -248,6 +248,7 @@ menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
 my_settings.error.password_match=Entered passwords do not match
+my_settings.error.password_policy=Password is too simple
 no_such_operator=No such Operator
 notification.back_to_list=Back to the list
 notification.intro=Contents of sent notification.

src/mibew/operator/operator.php

@@ -69,6 +69,11 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 
 	if ($password != $passwordConfirm)
 		$errors[] = getlocal("my_settings.error.password_match");
+	
+	if ($password_policy) {
+		if (!call_user_func($password_policy, $password))
+			$errors[] = getlocal("my_settings.error.password_policy");
+	}
 
 	$existing_operator = operator_by_login($login);
 	if ((!$opId && $existing_operator) ||
@@ -147,4 +152,4 @@ prepare_menu($operator);
 setup_operator_settings_tabs($opId, 0);
 start_html_output();
 require('../view/agent.php');
-?>
+?>