Extension:SafeCreate
 Release status: beta |
|
|---|---|
| Implementation | User identity |
| Description | Enforces secure password rules on new accounts and password changes. |
| Author(s) | Michael Briganti (mbrigantitalk) |
| Latest version | 1.0.0 (2010-08-18) |
| MediaWiki | 1.15+ |
| License | GPL |
| Download | Project page Subversion [Help] Browse source code  Note: No localisation updates provided by translatewiki.net. |
|
$wgValidPasswords, $wgMinimalPasswordLength, $wgPasswordSpecialChars |
|
| Translate the SafeCreate extension if it is available at translatewiki.net | |
| Check usage and version matrix. | |
Contents
What can this extension do?[edit]
This extension works in 2 ways to help users set more secure passwords (with password rules that are setup in LocalSettings.php):
- Requiring new account to conform to the password rules
- Requiring changed passwords on the Special:ChangePassword page to conform to the password rules
Features:
- Does not require any customizations to the Mediawiki core code, nor does it require any customizations to the database.
- Easy to switch back to the default Mediawiki authentication method.
- Allows users who are already in the database (who might have passwords that do not conform with the rules) to log in normally.
Usage[edit]
This extension has only been tested on Mediawiki 1.15.5.
Download instructions[edit]
Please download the file from the SVN link on the right and place it in $IP/extensions/safeCreate/. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
Installation[edit]
To install this extension, add the following to LocalSettings.php:
require_once("$IP/extensions/safeCreate/safeCreate.php");
$wgMinimalPasswordLength = 8;
$wgPasswordSpecialChars = '.|\/!@#$%^&*\(\)-_=+\[\]{}`~,<>?\'";: '; # Character class of special characters for a regex
$wgValidPasswords = array(
'minlength' => $wgMinimalPasswordLength, #Minimum password length, should be at least 8 for decent security
'lowercase' => true, #Should we require at least one lowercase letter?
'uppercase' => true, #Should we require at least one uppercase letter?
'digit' => true, #Should we require at least one digit?
'special' => false, #Should we require at least one special character (punctuation, etc.)?
'usercheck' => true, #Should we disallow passwords that are the same as the username?
);
Configuration parameters[edit]
Each of the items in the $wgValidPasswords array can be set to require that item in the passwords for new accounts and password changes. With the exception of "minlength", if the item is set to "true", that item is required and "false" means that it is not required. The item "minlength" is set to $wgMinimalPasswordLength, which is set to the minimum character length requirement of the password (the value '0' means that there is no minimum requirement). The array $wgPasswordSpecialChars is used for the "special" item of the $wgValidPasswords array. To limit the special characters that count for "special characters," remove them from this list.
History[edit]
- 1.0.0 (Initial release)
See also[edit]
SecurePasswords - Credit given to this extension for ideas used in my extension.
- Extensions with unknown license
- Beta status extensions
- Extensions without an image
- User identity extensions
- Extensions without a compatibility policy
- Extensions in Google Code version control
- Extensions in Google Code version control (Svn)
- IsValidPassword extensions
- PrefsPasswordAudit extensions
- All extensions
