diff --git a/admin/configvars.php b/admin/configvars.php index b7fb49f..6713903 100644 --- a/admin/configvars.php +++ b/admin/configvars.php @@ -481,6 +481,42 @@ class configvarrss extends configvar { $security['clamfailureonupload'] = new configvar (get_string('configclamfailureonupload', 'admin'), choose_from_menu($options, 'clamfailureonupload', $config->clamfailureonupload, '', '', '', true) ); +/// passwordpolicy + $security['passwordpolicy'] = new configvar (get_string('configpasswordpolicy', 'admin'), + choose_from_menu ($noyesoptions, 'passwordpolicy', $config->passwordpolicy, '', '', '', true) ); + +/// minpasswordlength + unset($options); + for ($i=6; $i<=32; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordlength'] = new configvar (get_string('configminpasswordlength', 'admin'), + choose_from_menu($options, 'minpasswordlength', $config->minpasswordlength, '', '', '', true) ); + +/// minpassworddigits + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpassworddigits'] = new configvar (get_string('configminpassworddigits', 'admin'), + choose_from_menu($options, 'minpassworddigits', $config->minpassworddigits, '', '', '', true) ); + +/// minpasswordlower + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordlower'] = new configvar (get_string('configminpasswordlower', 'admin'), + choose_from_menu($options, 'minpasswordlower', $config->minpasswordlower, '', '', '', true) ); + +/// minpasswordupper + unset($options); + for ($i=0; $i<=10; $i++) { + $options[$i] = "$i"; + } + $security['minpasswordupper'] = new configvar (get_string('configminpasswordupper', 'admin'), + choose_from_menu($options, 'minpasswordupper', $config->minpasswordupper, '', '', '', true) ); + diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index 206e00f..5af6771 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -487,5 +487,14 @@ $string['userscreated'] = 'Users created'; $string['usersrenamed'] = 'Users renamed'; $string['usersupdated'] = 'Users updated'; $string['validateerror'] = 'This value was not valid:'; +$string['configpasswordpolicy'] = 'Turning this on will make Moodle check user passwords agains a valid password policy. Use the settings below to specify your policy (they will be ignored if you set this to \'No\').'; +$string['configminpasswordlength'] = 'Passwords must be at least these many characters long.'; +$string['configminpassworddigits'] = 'Passwords must have at least these many digits.'; +$string['configminpasswordlower'] = 'Passwords must have at least these many lower case letters.'; +$string['configminpasswordupper'] = 'Passwords must have at least these many upper case letters.'; +$string['errorminpasswordlength'] = 'Passwords must be at least $a characters long.'; +$string['errorminpassworddigits'] = 'Passwords must have at least $a digit(s).'; +$string['errorminpasswordlower'] = 'Passwords must have at least $a lower case letter(s).'; +$string['errorminpasswordupper'] = 'Passwords must have at least $a upper case letter(s).'; ?> diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 7f52ce7..83f5759 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -6729,5 +6729,39 @@ function loadeditor($args) { } +/* + * @uses $CFG + * @param string $password the password to be checked agains the password policy + * @param string $errmsg the error message to display when the password doesn't comply with the policy. + * @return bool true if the password is valid according to the policy. false otherwise. + */ +function check_password_policy($password, &$errmsg) { + global $CFG; + + if(empty($CFG->passwordpolicy)) { + return true; + } + + $errmsg = ''; + if (strlen($password) < $CFG->minpasswordlength) { + $errmsg = get_string('errorminpasswordlength', 'admin', $CFG->minpasswordlength); + } + elseif (preg_match_all('/[[:digit:]]/u', $password, $matches) < $CFG->minpassworddigits) { + $errmsg = get_string('errorminpassworddigits', 'admin', $CFG->minpassworddigits); + } + elseif (preg_match_all('/[[:lower:]]/u', $password, $matches) < $CFG->minpasswordlower) { + $errmsg = get_string('errorminpasswordlower', 'admin', $CFG->minpasswordlower); + } + elseif (preg_match_all('/[[:upper:]]/u', $password, $matches) < $CFG->minpasswordupper) { + $errmsg = get_string('errorminpasswordupper', 'admin', $CFG->minpasswordupper); + } + + if (empty($errmsg)) { + return true; + } else { + return false; + } +} + // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?> diff --git a/login/change_password_form.php b/login/change_password_form.php index db04a15..949eca8 100644 --- a/login/change_password_form.php +++ b/login/change_password_form.php @@ -98,6 +98,12 @@ class login_change_password_form extends moodleform { return $errors; } + if (!check_password_policy($data['newpassword1'], $errmsg)) { + $errors['newpassword1'] = $errmsg; + $errors['newpassword2'] = $errmsg; + return $errors; + } + return true; } } diff --git a/login/signup_form.php b/login/signup_form.php index 40c0cd8..334a13f 100644 --- a/login/signup_form.php +++ b/login/signup_form.php @@ -102,6 +102,10 @@ class login_signup_form_1 extends moodleform { } + if (!check_password_policy($data['password'], $errmsg)) { + $errors['password'] = $errmsg; + } + if (0 == count($errors)){ return true; } else { diff --git a/user/edit.php b/user/edit.php index ac3ad9c..e8b6877 100644 --- a/user/edit.php +++ b/user/edit.php @@ -428,6 +428,9 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) { if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) { $err["newpassword"] = get_string("unsafepassword"); } + if (!check_password_policy($usernew->newpassword, $errmsg)) { + $err["newpassword"] = $errmsg; + } } if (empty($usernew->email))