support online check for password strength (url in config var "pwcheck")
Bernd Wurst commited on 2019-03-18 08:54:28
Zeige 1 geänderte Dateien mit 22 Einfügungen und 0 Löschungen.
- inc/security.php d8f974f..8db28cb
| ... | ... |
@@ -20,12 +20,34 @@ require_once('vendor/autoload.php');
|
| 20 | 20 |
|
| 21 | 21 |
function strong_password($password, $user = array()) |
| 22 | 22 |
{
|
| 23 |
+ $pwcheck = config('pwcheck');
|
|
| 24 |
+ $result = null; |
|
| 25 |
+ if ($pwcheck) {
|
|
| 26 |
+ DEBUG($pwcheck); |
|
| 27 |
+ $req = curl_init($pwcheck.$password); |
|
| 28 |
+ curl_setopt($req, CURLOPT_RETURNTRANSFER, 1); |
|
| 29 |
+ curl_setopt($req, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 30 |
+ curl_setopt($req, CURLOPT_SSL_VERIFYSTATUS, 1); |
|
| 31 |
+ curl_setopt($req, CURLOPT_CONNECTTIMEOUT, 5); |
|
| 32 |
+ curl_setopt($req, CURLOPT_TIMEOUT, 5); |
|
| 33 |
+ curl_setopt($req, CURLOPT_FOLLOWLOCATION, 0); |
|
| 34 |
+ $result = chop(curl_exec($req)); |
|
| 35 |
+ DEBUG($result); |
|
| 36 |
+ } |
|
| 37 |
+ if ($result === 'good') {
|
|
| 38 |
+ return true; |
|
| 39 |
+ } elseif ($result === 'bad') {
|
|
| 40 |
+ return "Das ist kein gutes Passwort!"; |
|
| 41 |
+ } |
|
| 42 |
+ if ($result === null || $result === false) {
|
|
| 43 |
+ // Kein Online-Check eingerichtet oder der request war nicht erfolgreich |
|
| 23 | 44 |
$passwordchecker = new ZxcvbnPhp\Zxcvbn(); |
| 24 | 45 |
$strength = $passwordchecker->passwordStrength($password, $user); |
| 25 | 46 |
|
| 26 | 47 |
if ($strength['score'] < 2) {
|
| 27 | 48 |
return "Das Passwort ist zu einfach!"; |
| 28 | 49 |
} |
| 50 |
+ } |
|
| 29 | 51 |
|
| 30 | 52 |
return true; |
| 31 | 53 |
} |
| 32 | 54 |