From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manual
Crystal Clear action run.png

Release status: beta

Implementation User identity
Description Enforces a strong password.
Author(s) Ger Apeldoorn
Latest version 0.2 (2007-03-07)
License No license specified
Download see below
Hooks used

Translate the EnforceStrongPassword extension if it is available at translatewiki.net

Check usage and version matrix; code metrics

What can this extension do?[edit | edit source]

This extension lets you set additional requirements for passwords. (1 number, 1 capital, 1 'normal' letter etc.)

Usage[edit | edit source]

Note that all passwords are checked, also the ones your users will use to login. If you have users in place that already have a password set that does NOT meet the requirements, they will be unable to login. You might want to change the MediaWiki:Passwordtooshort message to reflect the additional password requirements.

Installation[edit | edit source]

Changes to LocalSettings.php[edit | edit source]

Add this:

$wgMinimalPasswordLength = 6; 
$wgHooks['isValidPassword'] [] = 'isStrongPassword';

Code[edit | edit source]

Save this in: extensions/StrongPassword.php


$wgExtensionCredits['other'][] = array(
        'name' => 'EnforceStrongPassword',
        'version' => '0.2',
        'author' => 'Ger Apeldoorn',
        'url' => 'http://www.mediawiki.org/wiki/Extension:EnforceStrongPassword',
        'description' => 'Enforces a strong password.',

function isStrongPassword($password, &$return, $user) {

  //Remember to set this variable in LocalSettings.php
  global $wgMinimalPasswordLength;
    ctype_alnum($password) // numbers & digits only
    && strlen($password)>=$wgMinimalPasswordLength // at least xx chars
    && strlen($password)<17 // at most 16 chars
    && preg_match('`[A-Z]`',$password) // at least one upper case
    && preg_match('`[a-z]`',$password) // at least one lower case
    && preg_match('`[0-9]`',$password) // at least one digit
    // valid
    $return = true;
   } else {
    // not valid
    $return = false;

   // This hook REPLACES the original code.
  return false;