diff --git a/admin/settings/security.php b/admin/settings/security.php index bd2619f..eefaa97 100644 --- a/admin/settings/security.php +++ b/admin/settings/security.php @@ -33,6 +33,11 @@ $temp->add(new admin_setting_configselect('bloglevel', get_string('bloglevel', ' 1 => get_string('personalblogs','blog'), 0 => get_string('disableblogs','blog')))); +$temp->add(new admin_setting_configcheckbox('passwordpolicy', get_string('passwordpolicy', 'admin'), get_string('configpasswordpolicy', 'admin'), 0)); +$temp->add(new admin_setting_configtext('minpasswordlength', get_string('minpasswordlength', 'admin'), get_string('configminpasswordlength', 'admin'), 8, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpassworddigits', get_string('minpassworddigits', 'admin'), get_string('configminpassworddigits', 'admin'), 1, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpasswordlower', get_string('minpasswordlower', 'admin'), get_string('configminpasswordlower', 'admin'), 1, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpasswordupper', get_string('minpasswordupper', 'admin'), get_string('configminpasswordupper', 'admin'), 1, PARAM_INT)); $ADMIN->add('security', $temp); diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index 8763f52..db19eba 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -461,5 +461,19 @@ $string['userscreated'] = 'Users created'; $string['usersrenamed'] = 'Users renamed'; $string['usersupdated'] = 'Users updated'; $string['validateerror'] = 'This value was not valid:'; +$string['passwordpolicy'] = 'Password Policy'; +$string['configpasswordpolicy'] = 'Turning this on will make Moodle check user passwords agains a valid password policy. Use the settings below to specify your policy (they will be ignored if you set this to \'No\').'; +$string['minpasswordlength'] = 'Password Length'; +$string['configminpasswordlength'] = 'Passwords must be at least these many characters long.'; +$string['minpassworddigits'] = 'Digits'; +$string['configminpassworddigits'] = 'Passwords must have at least these many digits.'; +$string['minpasswordlower'] = 'Lowercase letters'; +$string['configminpasswordlower'] = 'Passwords must have at least these many lower case letters.'; +$string['minpasswordupper'] = 'Uppercase letters'; +$string['configminpasswordupper'] = 'Passwords must have at least these many upper case letters.'; +$string['errorminpasswordlength'] = 'Passwords must be at least $a characters long.'; +$string['errorminpassworddigits'] = 'Passwords must have at least $a digit(s).'; +$string['errorminpasswordlower'] = 'Passwords must have at least $a lower case letter(s).'; +$string['errorminpasswordupper'] = 'Passwords must have at least $a upper case letter(s).'; ?> diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 9725a58..5f8b21d 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -6736,5 +6736,39 @@ function loadeditor($args) { } +/* + * @uses $CFG + * @param string $password the password to be checked agains the password policy + * @param string $errmsg the error message to display when the password doesn't comply with the policy. + * @return bool true if the password is valid according to the policy. false otherwise. + */ +function check_password_policy($password, &$errmsg) { + global $CFG; + + if(empty($CFG->passwordpolicy)) { + return true; + } + + $errmsg = ''; + if (strlen($password) < $CFG->minpasswordlength) { + $errmsg = get_string('errorminpasswordlength', 'admin', $CFG->minpasswordlength); + } + elseif (preg_match_all('/[[:digit:]]/u', $password, $matches) < $CFG->minpassworddigits) { + $errmsg = get_string('errorminpassworddigits', 'admin', $CFG->minpassworddigits); + } + elseif (preg_match_all('/[[:lower:]]/u', $password, $matches) < $CFG->minpasswordlower) { + $errmsg = get_string('errorminpasswordlower', 'admin', $CFG->minpasswordlower); + } + elseif (preg_match_all('/[[:upper:]]/u', $password, $matches) < $CFG->minpasswordupper) { + $errmsg = get_string('errorminpasswordupper', 'admin', $CFG->minpasswordupper); + } + + if (empty($errmsg)) { + return true; + } else { + return false; + } +} + // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?> diff --git a/login/change_password.php b/login/change_password.php index 49bc2df..fc79de3 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -168,6 +168,10 @@ function validate_form($frm, &$err) { } } } + + if (!check_password_policy($frm->newpassword1, $errmsg)) { + $err->newpassword1 = $errmsg; + } return; } diff --git a/login/signup.php b/login/signup.php index fdb73cc..fd58348 100644 --- a/login/signup.php +++ b/login/signup.php @@ -112,6 +112,9 @@ function validate_form($user, &$err) { if (empty($user->password)) { $err->password = get_string("missingpassword"); } + elseif (!check_password_policy($user->password, $errmsg)) { + $err->password = $errmsg; + } if (empty($user->firstname)) { $err->firstname = get_string("missingfirstname"); diff --git a/user/edit.html b/user/edit.html diff --git a/user/edit.php b/user/edit.php index 5c0c387..a9d10e0 100644 --- a/user/edit.php +++ b/user/edit.php @@ -428,6 +428,11 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) { if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) { $err["newpassword"] = get_string("unsafepassword"); } + // Just check password policy if we set a new password (and password can be + // changed through Moodle). + if ((!empty($usernew->newpassword)) and (is_internal_auth($user->auth) || (!empty($CFG->{'auth_'.$user->auth.'_stdchangepassword'}))) and (!check_password_policy($usernew->newpassword, $errmsg))) { + $err["newpassword"] = $errmsg; + } } if (empty($usernew->email))