"Fossies" - the Fresh Open Source Software Archive

Member "passwdqc-2.0.3/pwqcheck.php" (23 Jun 2023, 2542 Bytes) of package /linux/privat/passwdqc-2.0.3.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "pwqcheck.php" see the Fossies "Dox" file reference documentation. 
    1 <?php
    2 
    3 /*
    4  * Copyright (c) 2010 by Solar Designer
    5  * See LICENSE
    6  *
    7  * This file was originally written as part of demos for the "How to manage a
    8  * PHP application's users and passwords" article submitted to "the Month of
    9  * PHP Security" (which was May 2010):
   10  *
   11  * https://www.openwall.com/articles/PHP-Users-Passwords#enforcing-password-policy
   12  *
   13  * The pwqcheck() function is a wrapper around the pwqcheck(1) program from
   14  * the passwdqc package:
   15  *
   16  * https://www.openwall.com/passwdqc/
   17  *
   18  * Returns 'OK' if the new password/passphrase passes the requirements.
   19  * Otherwise returns a message explaining one of the reasons why the
   20  * password/passphrase is rejected.
   21  *
   22  * $newpass and $oldpass are the new and current/old passwords/passphrases,
   23  * respectively.  Only $newpass is required.
   24  *
   25  * $user is the username.
   26  *
   27  * $aux may be the user's full name, e-mail address, and/or other textual
   28  * info specific to the user (multiple items may be separated with spaces).
   29  *
   30  * $args are additional arguments to pass to pwqcheck(1), to override the
   31  * default password policy.
   32  */
   33 function pwqcheck($newpass, $oldpass = '', $user = '', $aux = '', $args = '')
   34 {
   35 // pwqcheck(1) itself returns the same message on internal error
   36     $retval = 'Bad passphrase (check failed)';
   37 
   38     $descriptorspec = array(
   39         0 => array('pipe', 'r'),
   40         1 => array('pipe', 'w'));
   41 // Leave stderr (fd 2) pointing to where it is, likely to error_log
   42 
   43 // Replace characters that would violate the protocol
   44     $newpass = strtr($newpass, "\n", '.');
   45     $oldpass = strtr($oldpass, "\n", '.');
   46     $user = strtr($user, "\n:", '..');
   47 
   48 // Trigger a "too short" rather than "is the same" message in this special case
   49     if (!$newpass && !$oldpass)
   50         $oldpass = '.';
   51 
   52     if ($args)
   53         $args = ' ' . $args;
   54     if (!$user)
   55         $args = ' -2' . $args; // passwdqc 1.2.0+
   56 
   57     $command = 'exec '; // No need to keep the shell process around on Unix
   58     $command .= 'pwqcheck' . $args;
   59     if (!($process = @proc_open($command, $descriptorspec, $pipes)))
   60         return $retval;
   61 
   62     $err = 0;
   63     fwrite($pipes[0], "$newpass\n$oldpass\n") || $err = 1;
   64     if ($user)
   65         fwrite($pipes[0], "$user::::$aux:/:\n") || $err = 1;
   66     fclose($pipes[0]) || $err = 1;
   67     ($output = stream_get_contents($pipes[1])) || $err = 1;
   68     fclose($pipes[1]);
   69 
   70     $status = proc_close($process);
   71 
   72 // There must be a linefeed character at the end.  Remove it.
   73     if (substr($output, -1) === "\n")
   74         $output = substr($output, 0, -1);
   75     else
   76         $err = 1;
   77 
   78     if ($err === 0 && ($status === 0 || $output !== 'OK'))
   79         $retval = $output;
   80 
   81     return $retval;
   82 }
   83 
   84 ?>