diff --git a/login.php b/login.php index 6f226caed0..c9f584135f 100755 --- a/login.php +++ b/login.php @@ -298,9 +298,18 @@ { list($forward,$extra_vars) = explode('?',$forward,2); } - //echo "redirecting to ".$GLOBALS['egw']->link($forward,$extra_vars); - - $GLOBALS['egw']->redirect_link($forward,$extra_vars); + + // Check for save passwd + if($GLOBALS['egw_info']['server']['check_save_passwd'] && $GLOBALS['egw']->acl->check('changepassword', 1, 'preferences') && $unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd)) + { + $GLOBALS['egw']->log->write(array('text'=>'D-message, User '. $login. ' authenticated with an unsave password','file' => __FILE__,'line'=>__LINE__)); + $message = ''. lang('eGroupWare checked your password for saftyness. You have to change your password for the following reason:').'
'; + $GLOBALS['egw']->redirect_link('/index.php', array('menuaction' => 'preferences.uipassword.change','message' => $message. $unsave_msg. '')); + } + else + { + $GLOBALS['egw']->redirect_link($forward,$extra_vars); + } } } else diff --git a/phpgwapi/inc/class.auth.inc.php b/phpgwapi/inc/class.auth.inc.php index 23a645a5cb..04d5b5069f 100644 --- a/phpgwapi/inc/class.auth.inc.php +++ b/phpgwapi/inc/class.auth.inc.php @@ -240,6 +240,33 @@ return False; } + /** + * Checks if a given password is "save" + * + * @param string $login + * @abstract atm a simple check in length, #digits, #uppercase and #lowercase + * could be made more save using e.g. pecl libary cracklib + * but as pecl dosn't tun on any platform and isn't GPL'd + * i havn't implemented it yet + * Windows compatible check is: 7 char lenth, 1 Up, 1 Low, 1 Num and 1 Special + * @author cornelius weiss + * @return mixed false if password is considerd "save" or a string $message if "unsafe" + */ + function crackcheck($passwd) + { + if (!preg_match('/.{'. ($noc=7). ',}/',$passwd)) + $message = lang('Password must have at least %1 characters',$noc). '
'; + if(!preg_match('/(.*\d.*){'. ($non=1). ',}/',$passwd)) + $message .= lang('Password must contain at least %1 numbers',$non). '
'; + if(!preg_match('/(.*[[:upper:]].*){'. ($nou=1). ',}/',$passwd)) + $message .= lang('Password must contain at least %1 uppercase letters',$nou). '
'; + if(!preg_match('/(.*[[:lower:]].*){'. ($nol=1). ',}/',$passwd)) + $message .= lang('Password must contain at least %1 lowercase letters',$nol). '
'; + if(!preg_match('/(.*[\\!"#$%&\'()*+,-.\/:;<=>?@\[\]\^_ {|}~`].*){'. ($nol=1). ',}/',$passwd)) + $message .= lang('Password must contain at least %1 special charactars',$nol). '
'; + return $message ? $message : false; + } + /** @function smd5_compare @abstract compare SMD5-encrypted passwords for authentication diff --git a/preferences/inc/class.uipassword.inc.php b/preferences/inc/class.uipassword.inc.php index 4ac24cbcfa..1e01d8158c 100644 --- a/preferences/inc/class.uipassword.inc.php +++ b/preferences/inc/class.uipassword.inc.php @@ -70,6 +70,10 @@ { $errors[] = lang('You must enter a password'); } + if($GLOBALS['egw_info']['server']['check_save_passwd'] && $error_msg = $GLOBALS['egw']->auth->crackcheck($n_passwd)) + { + $errors[] = $error_msg; + } if(is_array($errors)) { @@ -111,6 +115,7 @@ $GLOBALS['egw']->common->egw_header(); echo parse_navbar(); + $GLOBALS['egw']->template->set_var('messages',$_GET['message']); $GLOBALS['egw']->template->pfp('out','form'); $GLOBALS['egw']->common->egw_footer(); } diff --git a/setup/lang/phpgw_de.lang b/setup/lang/phpgw_de.lang index 01c8951157..2f1b486b07 100644 --- a/setup/lang/phpgw_de.lang +++ b/setup/lang/phpgw_de.lang @@ -10,6 +10,7 @@ this will create 1 admin account and 3 demo accounts
the username/passwords are: demo/guest, demo2/guest and demo3/guest. setup de Dies wird 1 Admin- und 3 Demo-Benutzerkonten anlegen.
Die Benutzernamen/Passwörter sind: demo/guest, demo2/guest und demo3/guest. accounts existing setup de Benutzerkonten existieren actions setup de Aktionen +activate save password check setup de Aktiviere die "sichere Passwort" Überprüfung add auto-created users to this group ('default' will be attempted if this is empty.) setup de Automatisch erzeugte Benutzer zu dieser Grupper hinzufügen ("Default" wird versucht wenn nichts angegeben.) add new database instance (egw domain) setup de Neue Datenbankinstanz (eGW Domain) hinzufügen additional settings setup de Zusätzliche Einstellungen @@ -174,7 +175,9 @@ enable mcrypt setup de MCrypt einschalten enter some random text for app session encryption setup de Zufallstext zur Verschlüsselung der Anwendungssitzung enter some random text for app_session
encryption (requires mcrypt) setup de Zufallstext zur Verschlüsselung der Anwendungssitzung
(benötigt mcrypt) enter the full path for temporary files.
examples: /tmp, c:\temp setup de Vollständiger Pfad für temporäre Dateien.
Beispiel: /tmp, C:\TEMP +enter the full path for temporary files.
examples: /tmp, c:temp setup de Vollständiger Pfad für temporäre Dateien.
Beispiel: /tmp, C:\TEMP enter the full path for users and group files.
examples: /files, e:\files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.
Beispiel: /files, E:\Files +enter the full path for users and group files.
examples: /files, e:files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.
Beispiel: /files, E:\Files enter the full path to the backup directory.
if empty: files directory setup de Vollständiger Pfad für das Datensicherungsverzeichnis.
Wenn leer: Dateiverzeichnis enter the hostname of the machine on which this server is running setup de Hostname des Computers auf dem der Server läuft enter the location of egroupware's url.
example: http://www.domain.com/egroupware   or   /egroupware
no trailing slash setup de URL zur eGroupWare Installation.
Beispiel: http://www.domain.com/egroupware or /egroupware
keinen nachfolgenden Slash / diff --git a/setup/lang/phpgw_en.lang b/setup/lang/phpgw_en.lang index 9f535b5d61..247f31a349 100644 --- a/setup/lang/phpgw_en.lang +++ b/setup/lang/phpgw_en.lang @@ -10,6 +10,7 @@ this will create 1 admin account and 3 demo accounts
the username/passwords are: demo/guest, demo2/guest and demo3/guest. setup en This will create 1 admin account and 3 demo accounts
The username/passwords are: demo/guest, demo2/guest and demo3/guest. accounts existing setup en Accounts existing actions setup en Actions +activate save password check setup en Activate save password check add auto-created users to this group ('default' will be attempted if this is empty.) setup en Add auto-created users to this group ('Default' will be attempted if this is empty.) add new database instance (egw domain) setup en Add new database instance (eGW domain) additional settings setup en Additional settings diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl index db7dc03c46..d71725eede 100644 --- a/setup/templates/default/config.tpl +++ b/setup/templates/default/config.tpl @@ -208,28 +208,36 @@ {lang_sql_encryption_type}: - + + + {lang_Activate_save_password_check}: + + + + + {lang_Allow_authentication_via_cookie}: - + {lang_Allow_password_migration}: