Project

General

Profile

« Previous | Next » 

Revision 1906

Added by darkviper over 11 years ago

added new static Method Password::isValid() It checks a new password for invalid characters

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12
===============================================================================
13 13

  
14
06 Jun-2013 Build 1906 Werner v.d.Decken(DarkViper)
15
+ new Method Password::isValid() checks a new password for invalid characters
14 16
01 Jun-2013 Build 1905 Werner v.d.Decken(DarkViper)
15 17
+ new OutputFilter plugin 'FilterMediaRel'
16 18
01 Jun-2013 Build 1904 Werner v.d.Decken(DarkViper)
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1905');
54
if(!defined('REVISION')) define('REVISION', '1906');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/Password.php
68 68
		parent::__construct($iIterationCountLog2, $bPortableHashes);
69 69
	}
70 70
/**
71
 * make hash from password
71 72
 * @param string password to hash
72 73
 * @return string generated hash. Null if failed.
73 74
 */
74
	public function hashPassword($sPassword)
75
	public function makeHash($sPassword)
75 76
	{
76 77
		$sNewHash = parent::HashPassword($sPassword);
77 78
		return ($sNewHash == '*') ? null : $sNewHash;
......
81 82
 * @param string existing stored hash
82 83
 * @return bool true if PW matches the stored hash
83 84
 */
84
	public function checkPassword($sPassword, $sStoredHash)
85
	public function checkIt($sPassword, $sStoredHash)
85 86
	{
86 87
		// compatibility layer for deprecated, simple and old MD5 hashes
87 88
		if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) {
......
90 91
		return parent::CheckPassword($sPassword, $sStoredHash);
91 92
	}
92 93
/**
94
 * Check password for forbidden characters
95
 * @param string password to test
96
 * @return bool
97
 */
98
	public static function isValid($sPassword)
99
	{
100
		$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ '
101
		            . '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff';
102
		$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword);
103
		return $bRetval;
104
	}
105
/**
93 106
 * generate a case sensitive mnemonic password including numbers and special chars
94 107
 * makes no use of confusing characters like 'O' and '0' and so on.
95 108
 * @param int length of the generated password. default = PW_LENGTH_DEFAULT
......
103 116
			array('B','C','D','F','G','H','J','K','M','N','P','Q','R','S','T','V','W','X','Y','Z'),
104 117
			array('a','e','i','o','u'),
105 118
			array('A','E','U'),
106
			array('!','-','@','_',':','.','+','%','/','*')
119
			array('!','-','@','_',':','.','+','%','/','*','=')
107 120
		);
108 121
		$iElements = ($iElements & self::PW_USE_ALL) == 0 ? self::PW_USE_ALL : $iElements;
109 122
		if(($iLength < self::PW_LENGTH_MIN) || ($iLength > self::PW_LENGTH_MAX)) {

Also available in: Unified diff