[Gemstracker-svn] SF.net SVN: gemstracker:[651] trunk/library/classes/Gems/User/ PasswordChecker.ph

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 651
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=651&view=rev
Author:   michieltcs
Date:     2012-05-02 07:29:07 +0000 (Wed, 02 May 2012)
Log Message:
-----------
Initial implementation of inPasswordList()

Modified Paths:
--------------
    trunk/library/classes/Gems/User/PasswordChecker.php

Modified: trunk/library/classes/Gems/User/PasswordChecker.php
===================================================================

--- trunk/library/classes/Gems/User/PasswordChecker.php	2012-05-01 14:41:29 UTC (rev 650)
+++ trunk/library/classes/Gems/User/PasswordChecker.php	2012-05-02 07:29:07 UTC (rev 651)
@@ -57,6 +57,11 @@
      * @var Gems_Project_ProjectSettings
      */
     protected $project;
+    
+    /**
+     * @var Zend_Cache
+     */
+    protected $cache;
 
     /**
      *
@@ -211,6 +216,42 @@
             }
         }
     }
+    
+    /**
+     * Tests if the password appears on a (weak) password list. The list should
+     * be a simpe newline separated list of (lowercase) passwords.
+     * 
+     * @param string $parameter Filename of the password list, relative to APPLICATION_PATH
+     * @param string $password  The password
+     */
+    protected function inPasswordList($parameter, $password)
+    {
+        if (empty($parameter)) {
+            return;
+        }
+        
+        if ($this->cache) {
+            $passwordList = $this->cache->load('weakpasswordlist');
+        }
+        
+        if (empty($passwordList)) {
+            $filename = APPLICATION_PATH . $parameter;
+            
+            if (!file_exists($filename)) {
+                throw new Gems_Exception("Unable to load password list '{$filename}'");
+            }
+            
+            $passwordList = explode("\n", file_get_contents($filename));
+        }
+        
+        if (in_array(strtolower($password), $passwordList)) {
+            $this->_addError($this->translate->_('should not appear in a list of common passwords'));
+        }
+        
+        if ($this->cache) {
+            $this->cache->save($passwordList, 'weakpasswordlist');
+        }
+    }
 
     /**
      * Check for password weakness.

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





[Gemstracker-svn] SF.net SVN: gemstracker:[651] trunk/library/classes/Gems/User/ PasswordChecker.ph

[Gemstracker-svn] SF.net SVN: gemstracker:[651] trunk/library/classes/Gems/User/ PasswordChecker.php