modules/password_strength/password_strength.module

<?php
// $Id: password_strength.module,v 1.5 2007/11/06 18:30:38 jrbeeman Exp $


/**
* Implementation of hook_perm().
*/
function password_strength_perm() {
  return array('configure password strength');
}


/**
* Implementation of hook_menu().
*/
function password_strength_menu($may_cache) {
  global $user;
  $items = array();

  if ($may_cache) { 
    
    $items[] = array(
  		'path' => 'admin/settings/password_strength', 
  		'title' => t('Password Strength'),
  		'callback' => 'drupal_get_form', 
  		'callback arguments' => array('password_strength_admin_settings'),
  		'access' => user_access('configure password strength'),
  	);
  }
  return $items;
}


function password_strength_admin_settings() {
  $form['rules'] = array(
    '#type' => 'fieldset',
    '#title' => t('Server-side Rules'),
  );
  $form['rules']['password_strength_verify_on_server'] = array(
    '#type' => 'checkbox',
    '#title' => t('Enforce password strength'),
    '#default_value' => variable_get('password_strength_verify_on_server', 0),
    '#description' => t('Drupal should verify and enforce password strength on the server (i.e. not only in JavaScript).  Users will only be allowed to create high-security passwords.'),
  );
  $form['rules']['password_strength_min_level'] = array(
    '#type' => 'select',
    '#title' => t('Enforcement level'),
    '#options' => array(
      1 => t('None'),
      2 => t('Low'),
      3 => t('Medium'),
      4 => t('High'),
    ),
    '#default_value' => variable_get('password_strength_min_level', 4),
  );
  $options = drupal_map_assoc(array(3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16));
  $form['rules']['password_strength_min_length'] = array(
    '#type' => 'select',
    '#title' => t('Minimum length'),
    '#options' => $options,
    '#default_value' => variable_get('password_strength_min_length', 6),
  );
  $form['rules']['password_strength_not_username'] = array(
    '#type' => 'checkbox',
    '#title' => t('Enforce password not same as username'),
    '#default_value' => variable_get('password_strength_not_username', 1),
  );
  return system_settings_form($form);
}


/**
 * Add the necessary classes, and validation to password_confirm elements
 */
function password_strength_expand_password_confirm($element) {
  drupal_add_js(password_strength_js_settings(), 'setting');
  drupal_add_js(drupal_get_path('module', 'password_strength'). '/password_strength.js');
  drupal_add_css(drupal_get_path('module', 'password_strength'). '/password_strength.css');
  $levels = array(
    1 => t('none'),
    2 => t('low'),
    3 => t('medium'),
    4 => t('high'),
  );
  
  $element = expand_password_confirm($element);
  $element['pass1']['#attributes'] = array('class' => 'password-field');
  $element['pass2']['#attributes'] = array('class' => 'password-confirm');
  if ($strength > 1) {
    $element['pass2']['#description'] = t('Your password must be at least @strength strength.', array('@strength' => $levels[$strength]));
  }
  
  // Only validate on server if admins want it
  if (variable_get('password_strength_verify_on_server', 0)) {
    $element['#validate']['password_strength_confirm_validate'] = array();
  }
  return $element;
}


function password_strength_js_settings() {
  global $user;
  return array(
    'password' => array(
      'strengthTitle' => t('Password strength:'),
      'lowStrength' => t('Low'),
      'mediumStrength' => t('Medium'),
      'highStrength' => t('High'),
      'requiredStrength' => variable_get('password_strength_min_level', 4),
      'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
      'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
      'recommendVariation' => t('Your password is strong enough to meet the site requirements, but could be stronger.  If you like, try:'),
      'addLetters' => t('Adding both upper and lowercase letters.'),
      'addNumbers' => t('Adding numbers.'),
      'addPunctuation' => t('Adding punctuation.'),
      'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
      'confirmSuccess' => t('Yes'),
      'confirmFailure' => t('No'),
      'confirmTitle' => t('Passwords match:'),
      'username' => $user->name,
      'minLength' => variable_get('password_strength_min_length', 6),
    ),
  );
}


/**
 * Implementation of hook_elements
 */
function password_strength_elements() {
  // Override the default password_confirm processor
  $type['password_confirm'] = array('#input' => TRUE, '#process' => array('password_strength_expand_password_confirm' => array()));
  return $type;
}


/**
 * @todo Validate password_confirm element strength using algorithm similar to JS algorithm
 * Confirmation that passwords match is already handled by password_confirm_validate
 */
function password_strength_confirm_validate($form) {
  $pass1 = trim($form['pass1']['#value']);
  if (!empty($pass1)) {
    global $user;
    $min_length = variable_get('password_strength_min_length', '6');
    $min_level = variable_get('password_strength_min_level', 4);
    $pass = $form['pass1']['#value'];
  
    $hasLetters = ereg("[a-zA-Z]", $pass);
    $hasNumbers = ereg("[0-9]", $pass);
    $hasPunctuation = ereg("[^a-zA-Z0-9]", $pass);
    $hasCasing = ereg("[a-z]+.*[A-Z]+|[A-Z]+.*[a-z]", $pass);
  
    // Check if length is less than 6 characters.
    if (strlen($pass) < $min_length) {
      form_error($form, t('Password is not long enough.  Password must be at least @l characters.', array('@l' => $min_length)));
    }
    // Check if password is the same as the username (convert both to lowercase).
    else if (strtolower($pass) == strtolower($user->name) && variable_get('password_strength_not_username', 1)) {
      form_error($form, t('Password cannot be the same as the username.'));
    }
    // Password is not secure enough so construct the medium-strength message.
    else {
      // Extremely bad passwords still count as low.
      $count = ($hasLetters ? 1 : 0) + ($hasNumbers ? 1 : 0) + ($hasPunctuation ? 1 : 0) + ($hasCasing ? 1 : 0);
      if ($count < $min_level) {
        $msgs = array();
        if (!$hasLetters || !$hasCasing) {
          $msgs[] = t('Adding both upper and lowercase letters.');
        }
        if (!$hasNumbers) {
          $msgs[] = t('Adding numbers.');
        }
        if (!$hasPunctuation) {
          $msgs[] = t('Adding punctuation.');
        }
        if (count($msgs)) {
          $msg = 'The password does not include enough variation to be secure. Try:' . "<ul><li>" . implode("</li><li>", $msgs) . "</li></ul>";
          form_error($form, $msg);
        }
      }
    }
  }
  
  // Password field must be converted from a two-element array into a single
  // string regardless of validation results.
  form_set_value($form['pass1'], NULL);
  form_set_value($form['pass2'], NULL);
  form_set_value($form, $pass1);
  
  return $form;
}
1	<?php
2	// $Id: password_strength.module,v 1.5 2007/11/06 18:30:38 jrbeeman Exp $
3
4
5	/**
6	* Implementation of hook_perm().
7	*/
8	function password_strength_perm() {
9	return array('configure password strength');
10	}
11
12
13
14
15	/**
16	* Implementation of hook_menu().
17	*/
18	function password_strength_menu($may_cache) {
19	global $user;
20	$items = array();
21
22	if ($may_cache) {
23
24	$items[] = array(
25	'path' => 'admin/settings/password_strength',
26	'title' => t('Password Strength'),
27	'callback' => 'drupal_get_form',
28	'callback arguments' => array('password_strength_admin_settings'),
29	'access' => user_access('configure password strength'),
30	);
31	}
32	return $items;
33	}
34
35
36
37	function password_strength_admin_settings() {
38	$form['rules'] = array(
39	'#type' => 'fieldset',
40	'#title' => t('Server-side Rules'),
41	);
42	$form['rules']['password_strength_verify_on_server'] = array(
43	'#type' => 'checkbox',
44	'#title' => t('Enforce password strength'),
45	'#default_value' => variable_get('password_strength_verify_on_server', 0),
46	'#description' => t('Drupal should verify and enforce password strength on the server (i.e. not only in JavaScript). Users will only be allowed to create high-security passwords.'),
47	);
48	$form['rules']['password_strength_min_level'] = array(
49	'#type' => 'select',
50	'#title' => t('Enforcement level'),
51	'#options' => array(
52	1 => t('None'),
53	2 => t('Low'),
54	3 => t('Medium'),
55	4 => t('High'),
56	),
57	'#default_value' => variable_get('password_strength_min_level', 4),
58	);
59	$options = drupal_map_assoc(array(3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16));
60	$form['rules']['password_strength_min_length'] = array(
61	'#type' => 'select',
62	'#title' => t('Minimum length'),
63	'#options' => $options,
64	'#default_value' => variable_get('password_strength_min_length', 6),
65	);
66	$form['rules']['password_strength_not_username'] = array(
67	'#type' => 'checkbox',
68	'#title' => t('Enforce password not same as username'),
69	'#default_value' => variable_get('password_strength_not_username', 1),
70	);
71	return system_settings_form($form);
72	}
73
74
75
76
77	/**
78	* Add the necessary classes, and validation to password_confirm elements
79	*/
80	function password_strength_expand_password_confirm($element) {
81	drupal_add_js(password_strength_js_settings(), 'setting');
82	drupal_add_js(drupal_get_path('module', 'password_strength'). '/password_strength.js');
83	drupal_add_css(drupal_get_path('module', 'password_strength'). '/password_strength.css');
84	$levels = array(
85	1 => t('none'),
86	2 => t('low'),
87	3 => t('medium'),
88	4 => t('high'),
89	);
90
91	$element = expand_password_confirm($element);
92	$element['pass1']['#attributes'] = array('class' => 'password-field');
93	$element['pass2']['#attributes'] = array('class' => 'password-confirm');
94	if ($strength > 1) {
95	$element['pass2']['#description'] = t('Your password must be at least @strength strength.', array('@strength' => $levels[$strength]));
96	}
97
98	// Only validate on server if admins want it
99	if (variable_get('password_strength_verify_on_server', 0)) {
100	$element['#validate']['password_strength_confirm_validate'] = array();
101	}
102	return $element;
103	}
104
105
106
107	function password_strength_js_settings() {
108	global $user;
109	return array(
110	'password' => array(
111	'strengthTitle' => t('Password strength:'),
112	'lowStrength' => t('Low'),
113	'mediumStrength' => t('Medium'),
114	'highStrength' => t('High'),
115	'requiredStrength' => variable_get('password_strength_min_level', 4),
116	'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
117	'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
118	'recommendVariation' => t('Your password is strong enough to meet the site requirements, but could be stronger. If you like, try:'),
119	'addLetters' => t('Adding both upper and lowercase letters.'),
120	'addNumbers' => t('Adding numbers.'),
121	'addPunctuation' => t('Adding punctuation.'),
122	'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
123	'confirmSuccess' => t('Yes'),
124	'confirmFailure' => t('No'),
125	'confirmTitle' => t('Passwords match:'),
126	'username' => $user->name,
127	'minLength' => variable_get('password_strength_min_length', 6),
128	),
129	);
130	}
131
132
133
134
135	/**
136	* Implementation of hook_elements
137	*/
138	function password_strength_elements() {
139	// Override the default password_confirm processor
140	$type['password_confirm'] = array('#input' => TRUE, '#process' => array('password_strength_expand_password_confirm' => array()));
141	return $type;
142	}
143
144
145
146
147	/**
148	* @todo Validate password_confirm element strength using algorithm similar to JS algorithm
149	* Confirmation that passwords match is already handled by password_confirm_validate
150	*/
151	function password_strength_confirm_validate($form) {
152	$pass1 = trim($form['pass1']['#value']);
153	if (!empty($pass1)) {
154	global $user;
155	$min_length = variable_get('password_strength_min_length', '6');
156	$min_level = variable_get('password_strength_min_level', 4);
157	$pass = $form['pass1']['#value'];
158
159	$hasLetters = ereg("[a-zA-Z]", $pass);
160	$hasNumbers = ereg("[0-9]", $pass);
161	$hasPunctuation = ereg("[^a-zA-Z0-9]", $pass);
162	$hasCasing = ereg("[a-z]+.[A-Z]+\|[A-Z]+.[a-z]", $pass);
163
164	// Check if length is less than 6 characters.
165	if (strlen($pass) < $min_length) {
166	form_error($form, t('Password is not long enough. Password must be at least @l characters.', array('@l' => $min_length)));
167	}
168	// Check if password is the same as the username (convert both to lowercase).
169	else if (strtolower($pass) == strtolower($user->name) && variable_get('password_strength_not_username', 1)) {
170	form_error($form, t('Password cannot be the same as the username.'));
171	}
172	// Password is not secure enough so construct the medium-strength message.
173	else {
174	// Extremely bad passwords still count as low.
175	$count = ($hasLetters ? 1 : 0) + ($hasNumbers ? 1 : 0) + ($hasPunctuation ? 1 : 0) + ($hasCasing ? 1 : 0);
176	if ($count < $min_level) {
177	$msgs = array();
178	if (!$hasLetters \|\| !$hasCasing) {
179	$msgs[] = t('Adding both upper and lowercase letters.');
180	}
181	if (!$hasNumbers) {
182	$msgs[] = t('Adding numbers.');
183	}
184	if (!$hasPunctuation) {
185	$msgs[] = t('Adding punctuation.');
186	}
187	if (count($msgs)) {
188	$msg = 'The password does not include enough variation to be secure. Try:' . "<ul><li>" . implode("</li><li>", $msgs) . "</li></ul>";
189	form_error($form, $msg);
190	}
191	}
192	}
193	}
194
195	// Password field must be converted from a two-element array into a single
196	// string regardless of validation results.
197	form_set_value($form['pass1'], NULL);
198	form_set_value($form['pass2'], NULL);
199	form_set_value($form, $pass1);
200
201	return $form;
202	}