Issue #498 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Clément OUDOT Target version changed from self-service-password-0.8 to self-service-password-?
Set to another release, need OOP code ---------------------------------------- Feature #498: Add rule for local password policy: Similarity check http://tools.lsc-project.org/issues/498 Author: Luiz Fernando Severnini Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? -Usingo OOP style: -Add a class that implements the rule (SimilarityRule.class.php attached) -Edit the file config/config.inc.php and add setting for the policy, below $pwd_complexity, add: <pre> # Checks for similatity of the new password with the old one $pw_similarity = false; </pre> In password policy array add: <pre> $pw_policy_config = array( ... "pw_similarity" => $pw_similarity ... ); </pre> -Edit the file classes/PasswordPolicy.class.php Change the initializeRules() method: <pre> private function initializeRules() { ... $pw_history = $this->policyConfig['pw_history']; $pw_max_sequential_char = $this->policyConfig['pw_max_sequential_char']; $pw_max_repeated_char = $this->policyConfig['pw_max_repeated_char']; $pw_similarity = $this->policyConfig['pw_similarity']; ... //Rules must be chained, the last one will point to NULL if ($pw_similarity) { $nextRule = new SimilarityRule($nextRule); $nextRule->setPolicyMessage($this->messages['policysimilarity']); } ... } </pre> Change showPolicy() method and add the code 'toosimilar' to regular expression pattern: <pre> public function showPolicy($result) { ... if ($pwd_show_policy === "onerror") { if (!preg_match("/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars|sameasold|notcomplex|passwordinhistory|seqchar|repeatedchar|toosimilar/", $result)) { return; } } ... } </pre> -Edit the file lang/en.inc.php Below $messages['passwordinhistory'] ... add: <pre> $messages['passwordinhistory'] = "Password has already been used. Choose a new one."; $messages['seqchar'] = "It's not allowed to use sequential char"; $messages['repeatedchar'] = "It's not allowed to use repeated char"; $messages['toosimilar'] = "Your password is too similar to your old password"; </pre> Below $messages['policynoreuse'] ... add: <pre> $messages['policyhistory'] = "The password can't be reused"; $messages['policyseqchar'] = "Maximal of sequential characters: "; $messages['policyrepeatedchar'] = "Maximal of repeated characters: "; $messages['policysimilarity'] = "Your new password may not be similar to the old password"; </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
