diff --git a/admin/configvars.php b/admin/configvars.php index 60aa0ae..0bff944 100644 --- a/admin/configvars.php +++ b/admin/configvars.php @@ -481,6 +481,42 @@ class configvarrss extends configvar { $security['clamfailureonupload'] = new configvar (get_string('configclamfailureonupload', 'admin'), choose_from_menu($options, 'clamfailureonupload', $config->clamfailureonupload, '', '', '', true) ); +/// passwordpolicy + $security['passwordpolicy'] = new configvar (get_string('configpasswordpolicy', 'admin'), + choose_from_menu ($noyesoptions, 'passwordpolicy', $config->passwordpolicy, '', '', '', true) ); + +/// minpasswordlength + unset($options); + for ($i=6; $i<=32; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordlength'] = new configvar (get_string('configminpasswordlength', 'admin'), + choose_from_menu($options, 'minpasswordlength', $config->minpasswordlength, '', '', '', true) ); + +/// minpassworddigits + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpassworddigits'] = new configvar (get_string('configminpassworddigits', 'admin'), + choose_from_menu($options, 'minpassworddigits', $config->minpassworddigits, '', '', '', true) ); + +/// minpasswordlower + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordlower'] = new configvar (get_string('configminpasswordlower', 'admin'), + choose_from_menu($options, 'minpasswordlower', $config->minpasswordlower, '', '', '', true) ); + +/// minpasswordupper + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordupper'] = new configvar (get_string('configminpasswordupper', 'admin'), + choose_from_menu($options, 'minpasswordupper', $config->minpasswordupper, '', '', '', true) ); + diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index ed1cb6b..5246305 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -260,5 +260,14 @@ $string['usersrenamed'] = 'Users renamed'; $string['usersupdated'] = 'Users updated'; $string['updateaccounts'] = 'Update existing accounts'; $string['upwards'] = 'upwards'; +$string['configpasswordpolicy'] = 'Turning this on will make Moodle check user passwords agains a valid password policy. Use the settings below to specify your policy (they will be ignored if you set this to \'No\').'; +$string['configminpasswordlength'] = 'Passwords must be at least these many characters long.'; +$string['configminpassworddigits'] = 'Passwords must have at least these many digits.'; +$string['configminpasswordlower'] = 'Passwords must have at least these many lower case letters.'; +$string['configminpasswordupper'] = 'Passwords must have at least these many upper case letters.'; +$string['errorminpasswordlength'] = 'Passwords must be at least $a characters long.'; +$string['errorminpassworddigits'] = 'Passwords must have at least $a digit(s).'; +$string['errorminpasswordlower'] = 'Passwords must have at least $a lower case letter(s).'; +$string['errorminpasswordupper'] = 'Passwords must have at least $a upper case letter(s).'; ?> diff --git a/lib/moodlelib.php b/lib/moodlelib.php index cc7a15c..258a5c6 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -7115,5 +7115,39 @@ function loadeditor($args) { return editorObject::loadeditor($args); } +/* + * @uses $CFG + * @param string $password the password to be checked agains the password policy + * @param string $errmsg the error message to display when the password doesn't comply with the policy. + * @return bool true if the password is valid according to the policy. false otherwise. + */ +function check_password_policy($password, &$errmsg) { + global $CFG; + + if(empty($CFG->passwordpolicy)) { + return true; + } + + $errmsg = ''; + if (strlen($password) < $CFG->minpasswordlength) { + $errmsg = get_string('errorminpasswordlength', 'admin', $CFG->minpasswordlength); + } + elseif (preg_match_all('/[[:digit:]]/u', $password, $matches) < $CFG->minpassworddigits) { + $errmsg = get_string('errorminpassworddigits', 'admin', $CFG->minpassworddigits); + } + elseif (preg_match_all('/[[:lower:]]/u', $password, $matches) < $CFG->minpasswordlower) { + $errmsg = get_string('errorminpasswordlower', 'admin', $CFG->minpasswordlower); + } + elseif (preg_match_all('/[[:upper:]]/u', $password, $matches) < $CFG->minpasswordupper) { + $errmsg = get_string('errorminpasswordupper', 'admin', $CFG->minpasswordupper); + } + + if (empty($errmsg)) { + return true; + } else { + return false; + } +} + // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?> diff --git a/login/change_password.php b/login/change_password.php index 62f6e5b..6fa08fb 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -170,6 +169,10 @@ function validate_form($frm, &$err) { } } } + + if (!check_password_policy($frm->newpassword1, $errmsg)) { + $err->newpassword1 = $errmsg; + } return; } diff --git a/login/signup.php b/login/signup.php index 0ff9d32..817596e 100644 --- a/login/signup.php +++ b/login/signup.php @@ -112,6 +112,9 @@ function validate_form($user, &$err) { if (empty($user->password)) { $err->password = get_string("missingpassword"); } + elseif (!check_password_policy($user->password, $errmsg)) { + $err->password = $errmsg; + } if (empty($user->firstname)) { $err->firstname = get_string("missingfirstname"); diff --git a/user/edit.php b/user/edit.php index 2180a69..dde5101 100644 --- a/user/edit.php +++ b/user/edit.php @@ -419,6 +419,9 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) { if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) { $err["newpassword"] = get_string("unsafepassword"); } + if (!check_password_policy($usernew->newpassword, $errmsg)) { + $err["newpassword"] = $errmsg; + } } if (empty($usernew->email))