From: cajus Date: Tue, 29 Jan 2008 08:26:05 +0000 (+0000) Subject: Added password strength meter. Closes #323. X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=e60652f21a826abf44ac947698d0dc9287396f3a;p=gosa.git Added password strength meter. Closes #323. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8627 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-core/html/include/pwdStrength.js b/gosa-core/html/include/pwdStrength.js new file mode 100644 index 000000000..aebc1b1cf --- /dev/null +++ b/gosa-core/html/include/pwdStrength.js @@ -0,0 +1,247 @@ + +/* ************************************************************ +Created: 20060120 +Author: Steve Moitozo +Description: This is a quick and dirty password quality meter + written in JavaScript +License: MIT License (see below) +================================= +Revision Author: Dick Ervasti (dick dot ervasti at quty dot com) +Revision Description: Exchanged text based prompts for a graphic thermometer +================================= +Revision Author: Jay Bigam jayb tearupyourlawn com +Revision Date: Feb. 26, 2007 +Revision Description: Changed D. Ervasti's table based "thermometer" to CSS. +Revision Notes: - Verified to work in FF2, IE7 and Safari2 + - Modified messages to reflect Minimum strength requirement + - Added formSubmit button disabled until minimum requirement met +================================= +Modified: 20061111 - Steve Moitozo corrected regex for letters and numbers + Thanks to Zack Smith -- zacksmithdesign.com + and put MIT License back in + +--------------------------------------------------------------- +Copyright (c) 2006 Steve Moitozo + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or +sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + + The above copyright notice and this permission notice shall +be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY +KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE +AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. +--------------------------------------------------------------- + +USAGE: + +You can play with the pwdTest div style to make it go where you want. + +In this case it sits to the right side of the input + + + + + + + + + + +
+ Password Strength:
+ + + Minimum Strength Not Met +
+ + + + +=================================== +Password Strength Factors and Weightings + +password length: +level 0 (3 point): less than 4 characters +level 1 (6 points): between 5 and 7 characters +level 2 (12 points): between 8 and 15 characters +level 3 (18 points): 16 or more characters + +letters: +level 0 (0 points): no letters +level 1 (5 points): all letters are lower case +level 2 (7 points): letters are mixed case + +numbers: +level 0 (0 points): no numbers exist +level 1 (5 points): one number exists +level 1 (7 points): 3 or more numbers exists + +special characters: +level 0 (0 points): no special characters +level 1 (5 points): one special character exists +level 2 (10 points): more than one special character exists + +combinatons: +level 0 (1 points): letters and numbers exist +level 1 (1 points): mixed case letters +level 1 (2 points): letters, numbers and special characters + exist +level 1 (2 points): mixed case letters, numbers and special + characters exist + + +************************************************************ */ +function testPasswordCss(passwd) +{ + var description = new Array(); + description[0] = "Minimum Strength Not Met"; + description[1] = "Weak"; + description[2] = "Improving"; + description[3] = "Strong"; + description[4] = "Strongest"; + description[5] = "Begin Typing"; + + var intScore = 0 + var strVerdict = 0 + + // PASSWORD LENGTH + if (passwd.length==0 || !passwd.length) // length 0 + { + intScore = -1 + } + else if (passwd.length>0 && passwd.length<5) // length between 1 and 4 + { + intScore = (intScore+3) + } + else if (passwd.length>4 && passwd.length<8) // length between 5 and 7 + { + intScore = (intScore+6) + } + else if (passwd.length>7 && passwd.length<12)// length between 8 and 15 + { + intScore = (intScore+12) + } + else if (passwd.length>11) // length 16 or more + { + intScore = (intScore+18) + } + + + // LETTERS (Not exactly implemented as dictacted above because of my limited understanding of Regex) + if (passwd.match(/[a-z]/)) // [verified] at least one lower case letter + { + intScore = (intScore+1) + } + + if (passwd.match(/[A-Z]/)) // [verified] at least one upper case letter + { + intScore = (intScore+5) + } + + // NUMBERS + if (passwd.match(/\d+/)) // [verified] at least one number + { + intScore = (intScore+5) + } + + if (passwd.match(/(.*[0-9].*[0-9].*[0-9])/)) // [verified] at least three numbers + { + intScore = (intScore+5) + } + + + // SPECIAL CHAR + if (passwd.match(/.[!,@,#,$,%,^,&,*,?,_,~]/)) // [verified] at least one special character + { + intScore = (intScore+5) + } + + // [verified] at least two special characters + if (passwd.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) + { + intScore = (intScore+5) + } + + + // COMBOS + if (passwd.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) // [verified] both upper and lower case + { + intScore = (intScore+2) + } + + if (passwd.match(/([a-zA-Z])/) && passwd.match(/([0-9])/)) // [verified] both letters and numbers + { + intScore = (intScore+2) + } + + // [verified] letters, numbers, and special characters + if (passwd.match(/([a-zA-Z0-9].*[!,@,#,$,%,^,&,*,?,_,~])|([!,@,#,$,%,^,&,*,?,_,~].*[a-zA-Z0-9])/)) + { + intScore = (intScore+2) + } + + +//if you don't want to prevent submission of weak passwords you can comment out +// document.getElementById("formSubmit").disabled = true; + + if(intScore == -1) + { + strVerdict = description[5]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "0"; + document.getElementById("formSubmit").disabled = true; + } + else if(intScore > -1 && intScore < 16) + { + strVerdict = description[0]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "0%"; + document.getElementById("formSubmit").disabled = true; + } + else if (intScore > 15 && intScore < 25) + { + strVerdict = description[1]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "25%"; + document.getElementById("formSubmit").disabled = false; + } + else if (intScore > 24 && intScore < 35) + { + strVerdict = description[2]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "50%"; + document.getElementById("formSubmit").disabled = false; + } + else if (intScore > 34 && intScore < 45) + { + strVerdict = description[3]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "75%"; + document.getElementById("formSubmit").disabled = false; + } + else + { + strVerdict = description[4]; + document.getElementById("meterEmpty").style.width= "100%"; + document.getElementById("meterFull").style.width= "100%"; + document.getElementById("formSubmit").disabled = false; + } + + //Changed by : no need for words + //document.getElementById("Words").innerHTML= (strVerdict); + +} diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php index 7ae172154..6e3d205a3 100644 --- a/gosa-core/html/password.php +++ b/gosa-core/html/password.php @@ -285,6 +285,7 @@ if ($ssl != "" && $config->data['MAIN']['WARNSSL'] == 'true'){ } /* show login screen */ +$smarty->assign("JS",session::get('js')); $smarty->assign ("PHPSESSID", session_id()); if (session::is_set('errors')){ $smarty->assign("errors", session::get('errors'));; diff --git a/gosa-core/ihtml/themes/default/password.tpl b/gosa-core/ihtml/themes/default/password.tpl index 1553ead41..637a88afd 100644 --- a/gosa-core/ihtml/themes/default/password.tpl +++ b/gosa-core/ihtml/themes/default/password.tpl @@ -22,6 +22,7 @@ {if isset($ieworkaround)}{/if} + @@ -78,19 +79,27 @@ {t}New password{/t} - + {t}New password{/t} ({t}again{/t}) + + {t}Password strength{/t} + + + + +
- +

diff --git a/gosa-core/plugins/admin/users/password.tpl b/gosa-core/plugins/admin/users/password.tpl index 83dfc2494..9eb761f3a 100644 --- a/gosa-core/plugins/admin/users/password.tpl +++ b/gosa-core/plugins/admin/users/password.tpl @@ -1,3 +1,5 @@ + +

{t}To change the user password use the fields below. The changes take effect immediately. Please memorize the new password, because the user wouldn't be able to login without it.{/t}

@@ -9,18 +11,26 @@ - + + + + +
{t}Strength{/t} + + +

  +

diff --git a/gosa-core/plugins/personal/password/password.tpl b/gosa-core/plugins/personal/password/password.tpl index 0787b7056..41f9737a1 100644 --- a/gosa-core/plugins/personal/password/password.tpl +++ b/gosa-core/plugins/personal/password/password.tpl @@ -1,3 +1,5 @@ + +

{t}To change your personal password use the fields below. The changes take effect immediately. Please memorize the new password, because you wouldn't be able to login without it.{/t}

@@ -15,13 +17,20 @@ + onFocus="nextfield= 'repeated_password';" onkeyup="testPasswordCss(document.getElementById('new_password').value);"> + + {t}Strength{/t} + + + + +
@@ -30,6 +39,7 @@   +