From b2d154069317c61c0e681715ae45305d6195fbd9 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@octopuce.fr>
Date: Tue, 16 Jun 2015 14:09:11 +0200
Subject: [PATCH] adding levenshtein computation in password policy (deny >40%
 similarity with login) + deny login in password or the other way around

---
 bureau/class/m_admin.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php
index cbf8ffed..6bf2a149 100644
--- a/bureau/class/m_admin.php
+++ b/bureau/class/m_admin.php
@@ -1468,13 +1468,18 @@ EOF;
             $logins = explode("@", $login);
             $logins[] = $login;
             foreach ($logins as $l) {
-                if (strpos($password, $l) !== false) {
-                    $err->raise("admin", _("The password policy prevents you to use your login name inside your password"));
+	      if (strpos($password, $l) !== false || strpos($l,$password) !== false) {
+                    $err->raise("admin", _("The password policy prevents you to use your login name inside your password or the other way around"));
                     return false;
                 }
+	      // Now check that levenshten distance between your login parts and your password is below 40% : 
+	      if ( intval(levenshtein($password, $l)/strlen($password)*1000) > 400 ) {
+                    $err->raise("admin", _("The password policy prevents you to use something too similar from your login name inside your password"));
+                    return false;
+	      }
             }
         }
-
+	
         if ($pol["classcount"] > 0) {
             $cls = array(0, 0, 0, 0, 0);
             for ($i = 0; $i < strlen($password); $i++) {