kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adding levenshtein computation in password policy (deny >40% similarity with login) + deny login in password or the other way around

This commit is contained in:
Benjamin Sonntag 2015-06-16 14:09:11 +02:00
parent 3b19a765f4
commit b2d1540693
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bureau/class/m_admin.php
View File

@ -1468,13 +1468,18 @@ EOF;
$logins = explode("@", $login);
$logins[] = $login;
foreach ($logins as $l) {
if (strpos($password, $l) !== false) {
$err->raise("admin", _("The password policy prevents you to use your login name inside your password"));
if (strpos($password, $l) !== false || strpos($l,$password) !== false) {
$err->raise("admin", _("The password policy prevents you to use your login name inside your password or the other way around"));
return false;
}
// Now check that levenshten distance between your login parts and your password is below 40% :
if ( intval(levenshtein($password, $l)/strlen($password)*1000) > 400 ) {
$err->raise("admin", _("The password policy prevents you to use something too similar from your login name inside your password"));
return false;
}
}
}
if ($pol["classcount"] > 0) {
$cls = array(0, 0, 0, 0, 0);
for ($i = 0; $i < strlen($password); $i++) {