diff --git a/admin/settings/security.php b/admin/settings/security.php index ae88bbe..0c93247 100644 --- a/admin/settings/security.php +++ b/admin/settings/security.php @@ -36,6 +36,11 @@ $temp->add(new admin_setting_configselect('bloglevel', get_string('bloglevel', ' $temp->add(new admin_setting_configcheckbox('cronclionly', get_string('cronclionly', 'admin'), get_string('configcronclionly', 'admin'), 0)); $temp->add(new admin_setting_configtext('cronremotepassword', get_string('cronremotepassword', 'admin'), get_string('configcronremotepassword', 'admin'), '', PARAM_RAW)); +$temp->add(new admin_setting_configcheckbox('passwordpolicy', get_string('passwordpolicy', 'admin'), get_string('configpasswordpolicy', 'admin'), 0)); +$temp->add(new admin_setting_configtext('minpasswordlength', get_string('minpasswordlength', 'admin'), get_string('configminpasswordlength', 'admin'), 8, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpassworddigits', get_string('minpassworddigits', 'admin'), get_string('configminpassworddigits', 'admin'), 1, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpasswordlower', get_string('minpasswordlower', 'admin'), get_string('configminpasswordlower', 'admin'), 1, PARAM_INT)); +$temp->add(new admin_setting_configtext('minpasswordupper', get_string('minpasswordupper', 'admin'), get_string('configminpasswordupper', 'admin'), 1, PARAM_INT)); $ADMIN->add('security', $temp); diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index 81c6830..cc61449 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -490,5 +490,19 @@ $string['userscreated'] = 'Users created'; $string['usersrenamed'] = 'Users renamed'; $string['usersupdated'] = 'Users updated'; $string['validateerror'] = 'This value was not valid:'; +$string['passwordpolicy'] = 'Password Policy'; +$string['configpasswordpolicy'] = 'Turning this on will make Moodle check user passwords agains a valid password policy. Use the settings below to specify your policy (they will be ignored if you set this to \'No\').'; +$string['minpasswordlength'] = 'Password Length'; +$string['configminpasswordlength'] = 'Passwords must be at least these many characters long.'; +$string['minpassworddigits'] = 'Digits'; +$string['configminpassworddigits'] = 'Passwords must have at least these many digits.'; +$string['minpasswordlower'] = 'Lowercase letters'; +$string['configminpasswordlower'] = 'Passwords must have at least these many lower case letters.'; +$string['minpasswordupper'] = 'Uppercase letters'; +$string['configminpasswordupper'] = 'Passwords must have at least these many upper case letters.'; +$string['errorminpasswordlength'] = 'Passwords must be at least $a characters long.'; +$string['errorminpassworddigits'] = 'Passwords must have at least $a digit(s).'; +$string['errorminpasswordlower'] = 'Passwords must have at least $a lower case letter(s).'; +$string['errorminpasswordupper'] = 'Passwords must have at least $a upper case letter(s).'; ?> diff --git a/lib/moodlelib.php b/lib/moodlelib.php index aaa02b6..c292d07 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -6605,5 +6605,39 @@ function is_enabled_enrol($enrol='') { return in_array($enrol, explode(',', $CFG->enrol_plugins_enabled)); } +/* + * @uses $CFG + * @param string $password the password to be checked agains the password policy + * @param string $errmsg the error message to display when the password doesn't comply with the policy. + * @return bool true if the password is valid according to the policy. false otherwise. + */ +function check_password_policy($password, &$errmsg) { + global $CFG; + + if(empty($CFG->passwordpolicy)) { + return true; + } + + $errmsg = ''; + if (strlen($password) < $CFG->minpasswordlength) { + $errmsg = get_string('errorminpasswordlength', 'admin', $CFG->minpasswordlength); + } + elseif (preg_match_all('/[[:digit:]]/u', $password, $matches) < $CFG->minpassworddigits) { + $errmsg = get_string('errorminpassworddigits', 'admin', $CFG->minpassworddigits); + } + elseif (preg_match_all('/[[:lower:]]/u', $password, $matches) < $CFG->minpasswordlower) { + $errmsg = get_string('errorminpasswordlower', 'admin', $CFG->minpasswordlower); + } + elseif (preg_match_all('/[[:upper:]]/u', $password, $matches) < $CFG->minpasswordupper) { + $errmsg = get_string('errorminpasswordupper', 'admin', $CFG->minpasswordupper); + } + + if (empty($errmsg)) { + return true; + } else { + return false; + } +} + // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?> diff --git a/login/change_password_form.php b/login/change_password_form.php index db04a15..dc63786 100644 --- a/login/change_password_form.php +++ b/login/change_password_form.php @@ -98,6 +98,11 @@ class login_change_password_form extends moodleform { return $errors; } + if (!check_password_policy($data['newpassword1'], $errmsg)) { + $errors['newpassword1'] = $errmsg; + $errors['newpassword2'] = $errmsg; + } + return true; } } diff --git a/login/signup_form.php b/login/signup_form.php index 8b60857..e62c117 100644 --- a/login/signup_form.php +++ b/login/signup_form.php @@ -102,6 +102,12 @@ class login_signup_form_1 extends moodleform { } + if (empty($data['password'])) { + $errors['password'] = get_string("missingpassword"); + } + else if (!check_password_policy($data['password'], $errmsg)) { + $errors['password'] = $errmsg; + } if (0 == count($errors)){ return true; diff --git a/user/edit_form.php b/user/edit_form.php index fd158da..0504771 100644 --- a/user/edit_form.php +++ b/user/edit_form.php @@ -363,6 +363,11 @@ class user_edit_form extends moodleform { if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) { $err["newpassword"] = get_string("unsafepassword"); } + // Just check password policy if we set a new password (and password can be + // changed through Moodle). + if ((!empty($usernew->newpassword)) and (is_internal_auth($user->auth) || (!empty($CFG->{'auth_'.$user->auth.'_stdchangepassword'}))) and (!check_password_policy($usernew->newpassword, $errmsg))) { + $err["newpassword"] = $errmsg; + } }