Browse code

support online check for password strength (url in config var "pwcheck")

Bernd Wurst authored on18/03/2019 08:54:28
Showing1 changed files
... ...
@@ -20,11 +20,33 @@ require_once('vendor/autoload.php');
20 20
 
21 21
 function strong_password($password, $user = array())
22 22
 {
23
-    $passwordchecker = new ZxcvbnPhp\Zxcvbn();
24
-    $strength = $passwordchecker->passwordStrength($password, $user);
25
-
26
-    if ($strength['score'] < 2) {
27
-        return "Das Passwort ist zu einfach!";
23
+    $pwcheck = config('pwcheck');
24
+    $result = null;
25
+    if ($pwcheck) {
26
+        DEBUG($pwcheck);
27
+        $req = curl_init($pwcheck.$password);
28
+        curl_setopt($req, CURLOPT_RETURNTRANSFER, 1);
29
+        curl_setopt($req, CURLOPT_SSL_VERIFYPEER, 1);
30
+        curl_setopt($req, CURLOPT_SSL_VERIFYSTATUS, 1);
31
+        curl_setopt($req, CURLOPT_CONNECTTIMEOUT, 5);
32
+        curl_setopt($req, CURLOPT_TIMEOUT, 5);
33
+        curl_setopt($req, CURLOPT_FOLLOWLOCATION, 0);
34
+        $result = chop(curl_exec($req));
35
+        DEBUG($result);
36
+    }
37
+    if ($result === 'good') {
38
+        return true;
39
+    } elseif ($result === 'bad') {
40
+        return "Das ist kein gutes Passwort!";
41
+    }
42
+    if ($result === null || $result === false) {
43
+        // Kein Online-Check eingerichtet oder der request war nicht erfolgreich
44
+        $passwordchecker = new ZxcvbnPhp\Zxcvbn();
45
+        $strength = $passwordchecker->passwordStrength($password, $user);
46
+        
47
+        if ($strength['score'] < 2) {
48
+            return "Das Passwort ist zu einfach!";
49
+        }
28 50
     }
29 51
 
30 52
     return true;