Extension:EnforceStrongPassword

From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manual
Crystal Clear action run.png
EnforceStrongPassword

Release status: beta

Implementation User identity
Description Enforces a strong password.
Author(s) Ger Apeldoorn
Latest version 0.2 (2007-03-07)
License No license specified
Download see below

Translate the EnforceStrongPassword extension if it is available at translatewiki.net

Check usage and version matrix; code metrics

What can this extension do?[edit | edit source]

This extension lets you set additional requirements for passwords. (1 number, 1 capital, 1 'normal' letter etc.)

Usage[edit | edit source]

Note that all passwords are checked, also the ones your users will use to login. If you have users in place that already have a password set that does NOT meet the requirements, they will be unable to login. You might want to change the MediaWiki:Passwordtooshort message to reflect the additional password requirements.

Installation[edit | edit source]

A hook must be added to User->isValidPassword (Patch has been submitted to bugzilla and has been applied for MW 1.10 in rev:20195) Change includes/User.php->isValidPassword to:

  static function isValidPassword( $password ) {
    global $wgMinimalPasswordLength;
 
    //Reset the result variable
    $result = null;
 
    // Call hook. If hook REPLACES the rest of the code, (wfRunHooks call returns false)
    // just return the result and be done with it.
    if( !wfRunHooks( 'isValidPassword', array( $password, &$result ) ) ) return $result;
 
    // If hook does not replace the rest of the code, but the hook sets the result
    // as false, return false.
    if ($result === false) return false; 
 
    // If we get to this point, perform the default check.
    return strlen( $password ) >= $wgMinimalPasswordLength

Changes to LocalSettings.php[edit | edit source]

Add this:

$wgMinimalPasswordLength = 6; 
require_once("extensions/StrongPassword.php");
$wgHooks['isValidPassword'] [] = 'isStrongPassword';

Code[edit | edit source]

Save this in: extensions/StrongPassword.php

<?php
 
$wgExtensionCredits['other'][] = array(
        'name' => 'EnforceStrongPassword',
        'version' => '0.2',
        'author' => 'Ger Apeldoorn',
        'url' => 'http://www.mediawiki.org/wiki/Extension:EnforceStrongPassword',
        'description' => 'Enforces a strong password.',
);
 
 
function isStrongPassword($password, &$return) {
 
  //Remember to set this variable in LocalSettings.php
  global $wgMinimalPasswordLength;
  if(
    ctype_alnum($password) // numbers & digits only
    && strlen($password)>=$wgMinimalPasswordLength // at least xx chars
    && strlen($password)<17 // at most 16 chars
    && preg_match('`[A-Z]`',$password) // at least one upper case
    && preg_match('`[a-z]`',$password) // at least one lower case
    && preg_match('`[0-9]`',$password) // at least one digit
    ){
    // valid
    $return = true;
   } else {
    // not valid
    $return = false;
   }
 
   // This hook REPLACES the original code.
  return false;
 
}