Extension talk:EnforceStrongPassword

Extension to the Extension
Where I work a strong password requires at least eight characters, a capital letter, a number, and a punctuation mark. So I modified this extension to include a check for punctuation, and I added relevant error messages. This is kind of a kludge because I am not a sophisticated PHP programmer.

Here is my version of StrongPassword.php:

addMessages(array( 'nodigit' => 'Password needs at least one digit.', 'nocap' => 'Password needs at least one capital.', 'nolow' => 'Password needs at least one lower case letter.', 'nospec' => 'Password needs a special character.')); $first_time = false; }   wfDebug("Your password is $password.\n"); if (strlen( $password ) < $wgMinimalPasswordLength) { wfDebug("Password not long enough.\n"); $answer = false; }   elseif (! ereg('[0-9]',$password)) { wfDebug("Password does not contain digit.\n"); $answer = false; }   elseif (! ereg('[A-Z]',$password)) { wfDebug("Password does not contain a capital letter.\n"); $answer = false; }   elseif (! ereg('[a-z]',$password)) { wfDebug("Password does not contain a lowercase letter.\n"); $answer = false; }   elseif (! ereg('punct:',$password)) { wfDebug("Password does not contain a special char.\n"); $answer = false; }   $return = $answer; return $answer; } ?>

I also modified the files User.php and SpecialUserlogin.php so that they provided the right user feedback if someone attempts to set a non-Strong password. Here are the diffs:

$ rcsdiff User.php

=
====================================================== RCS file: RCS/User.php,v retrieving revision 1.1 diff -r1.1 User.php 1391c1391,1392 <                              global $wgMinimalPasswordLength; --- >                          global $wgMinimalPasswordLength; >                          if (strlen( $str ) < $wgMinimalPasswordLength) { 1393c1394,1407 <                                      $wgMinimalPasswordLength ) ); --- >                                  $wgMinimalPasswordLength ) ); >                              } >                           elseif (! ereg('[0-9]',$str)) { >                              throw new PasswordError( wfMsg( 'nodigit')); >                              } >                           elseif (! ereg('[A-Z]',$str)) { >                              throw new PasswordError( wfMsg( 'nocap')); >                              } >                           elseif (! ereg('[a-z]',$str)) { >                              throw new PasswordError( wfMsg( 'nolow')); >                              } >                           else { >                              throw new PasswordError( wfMsg( 'nospec' )); >                              }

$ rcsdiff SpecialUserlogin.php

=
====================================================== RCS file: RCS/SpecialUserlogin.php,v retrieving revision 1.1 diff -r1.1 SpecialUserlogin.php 262a263,264 >                  $str = $this->mPassword; >                  if (strlen( $str ) < $wgMinimalPasswordLength) { 264,265c266,280 <                      return false; <              } --- >                       } >                   elseif (! ereg('[0-9]',$str)) { >                      $this->mainLoginForm( wfMsg( 'nodigit') ); >                      } >                   elseif (! ereg('[A-Z]',$str)) { >                      $this->mainLoginForm( wfMsg( 'nocap') ); >                      } >                   elseif (! ereg('[a-z]',$str)) { >                      $this->mainLoginForm( wfMsg( 'nolow') ); >                      } >                   else { >                      $this->mainLoginForm( wfMsg( 'nospec') ); >                      } >                   return false; >                 }

Any questions or comments? I can be reached at evansjr@computer.org.