#158 Password Quality Meter

First of all, I would like to ask for excuses me for my
very poor English. I am strengtheing itself to be able
to share with you some of my works.

Security is primordial nowadays. And as everything in
the Internet that has a minimum of security demands the
use of passwords, is necessary that uses safe passwords
to keep its security and the security of the
information of the site.

It is known that the majority of the users uses the
same password for the majority of the sites that
registers and that in the great majority these
passwords are not very safe, therefore is short
passwords, that remember some thing of the user, at
last, this is a risk for you, its site and its users.

But, how to force the users of its site to use safe
passwords?

It is simple, installs a quality passwords meter in
your site and only allows registers that they reach
definitive level of security defined for you.

In the last days some xoops sites in Brazil had been
hacked and know, at least what it consists, that this
invasion was made possible because the invader
discovered the password of some user who possessed a
weak password.

Was thinking about this that I developed this hack and
I hope that with this I can help them to make more
difficult the life of this type of person who invades
sites to cause the chaos, it at least a little.

Well, go to start.

The first step is make backup of the files that you go
edit to install the hack.
The files are:

• include/registerform.php
• edituser.php

• language/your_language/user.php

  
  modules/system/language/your_language/admin/preferences.php

Made backup, download the necessary files on the final
of this page.

Open the files include/registerform.php and
edituser.php text editor and only substitutes the code
of creation of password field for this:

Password Quality Meter

Type: Core Hack

Description: This hack creates a Password Quality

Meter for the user in the register or edition

profile form. It only enable the send form button

case the typed password reach the level of

security defined for you in the administration

(System Admin=>Preferences=>Users Config).

Rodrigo Pereira Lima aka TheRplima

therplima@gmail.com

Last Update: 16/09/2006

See the hack in my site

http://rwbanner.brinfo.com.br/register.php

include_once
XOOPS_ROOT_PATH."/include/passwordquality.php";

End of Hack

Original password form field creation code in
include/registerform.php:
$reg_form->addElement(new
XoopsFormPassword(_US_PASSWORD, "pass", 10, 32,
$myts->htmlSpecialChars($pass)), true);

Original password form field creation code in edituser.php:
$pwd_text = new XoopsFormPassword('', 'password', 10, 32);

Made this, the next step is to include the used texts
in hack in the definitions of language of xoops.
Opens the file language/your_language/user.php and in
the end of the file, before ?> includes the stretch below:

Password Quality Meter

Type: Core Hack

Description: This hack creates a Password Quality

Meter for the user in the register or edition

profile form. It only enable the send form button

case the typed password reach the level of

security defined for you in the administration

(System Admin=>Preferences=>Users Config).

Rodrigo Pereira Lima aka TheRplima

therplima@gmail.com

Last Update: 16/09/2006

See the hack in my site

http://rwbanner.brinfo.com.br/register.php

define('_US_REGFORM_NOJAVASCRIPT', 'To register in this
site the Javascript of your browser must be enable.
Enable it and try again!');
define('_US_REGFORM_WARNING', 'To register in this
sitee you will be use a safe password. Try to create
your passwords using a mix of letters (case sensitive),
numbers and symbols.');

End of Hack

Open now
modules/system/language/your_language/admin/preferences.php
and in the end of the file, before ?> includes the
stretch below:

Password Quality Meter

Type: Core Hack

Description: This hack creates a Password Quality

Meter for the user in the register or edition

profile form. It only enable the send form button

case the typed password reach the level of

security defined for you in the administration

(System Admin=>Preferences=>Users Config).

Rodrigo Pereira Lima aka TheRplima

therplima@gmail.com

Last Update: 16/09/2006

See the hack in my site

http://rwbanner.brinfo.com.br/register.php

define("_MD_AM_PASSLEVEL","Minimun password security");
define("_MD_AM_PASSLEVEL_DESC","Define which the
minimum level of security for the passwords of the
users.");
define("_MD_AM_PASSLEVEL1","Unsafe");
define("_MD_AM_PASSLEVEL2","Weak");
define("_MD_AM_PASSLEVEL3","Fair");
define("_MD_AM_PASSLEVEL4","Strong");
define("_MD_AM_PASSLEVEL5","Safe");
define("_MD_AM_PASSLEVEL6","Not rated");

End of Hack

Soon, the alterations are made, copy the files
passwordquality.php, passwordquality.js and
percent_bar.js for inside of the folder include of its
site.

We now go effectively to install hack in xoops. Copy
the file Securitypasshack_install.php for the root of
its site. Make a login as admin and access
XOOPS_URL/securitypasshack_install.php.

It is very fast and if everything ok you will receive a
success message and will be redirected for the main
page of its site.

Erase the file Securitypasshack_install.php to prevent
problems.

The installation is complete, it goes now in System
Admin=>Preferences=>Users Config and sees if the length
of the password and the level of security are in
accordance with its necessities and are felt safer!

I hope that they have liked.

TheRplima

[Anonymous]

Necessary files of hacks