1194 }

  1195 

  1196 /**

  1197  * Give the codename of the release of Enano being run.

  1198  * @return string

  1199  */

  1200 

  1201 function enano_codename()

  1202 {

  1203   $names = array(

  1204       '1.0RC1' => 'Leprechaun',

  1205       '1.0RC2' => 'Clurichaun',

  1206       '1.0RC3' => 'Druid',

  1207       '1.0'    => 'Banshee',

  1208       '1.0.1'  => 'Loch Ness',

  1209       '1.0.1.1'=> 'Loch Ness internal bugfix build',

  1210       '1.0.2'  => 'Coblynau'

  1211     );

  1212   $version = enano_version();

  1213   if ( isset($names[$version]) )

  1214   {

  1215     return $names[$version];

  1216   }

  1217   return 'Anonymous build';

  2952 function password_score_len($password)

  2953 {

  2954   if ( !is_string($password) )

  2955   {

  2956     return -10;

  2957   }

  2958   $len = strlen($password);

  2959   $score = $len - 7;

  2960   return $score;

  2961 }

  2962 

  2963 /**

  2964  * Give a numerical score for how strong a password is. This is an open-ended scale based on a score added to or subtracted

  2965  * from based on certain complexity rules. Anything less than about 1 or 0 is weak, 3-4 is strong, and 10 is not to be easily cracked.

  2966  * Based on the Javascript function of the same name.

  2967  * @param string Password to test

  2968  * @param null Will be filled with an array of debugging info

  2969  * @return int

  2970  */

  2971 

  2972 function password_score($password, &$debug = false)

  2973 {

  2974   if ( !is_string($password) )

  2975   {

  2976     return -10;

  2977   }

  2978   $score = 0;

  2979   $debug = array();

  2980   // length check

  2981   $lenscore = password_score_len($password);

  2982   

  2983   $debug[] = "<b>How this score was calculated</b>\nYour score was tallied up based on an extensive algorithm which outputted\nthe following scores based on traits of your password. Above you can see the\ncomposite score; your individual scores based on certain tests are below.\n\nThe scale is open-ended, with a minimum score of -10. 10 is very strong, 4\nis strong, 1 is good and -3 is fair. Below -3 scores \"Weak.\"\n";

  2984   

  2985   $debug[] = 'Adding '.$lenscore.' points for length';

  2986   

  2987   $score += $lenscore;

  2988     

  2989   $has_upper_lower = false;

  2990   $has_symbols     = false;

  2991   $has_numbers     = false;

  2992   

  2993   // contains uppercase and lowercase

  2994   if ( preg_match('/[A-z]+/', $password) && strtolower($password) != $password )

  2995   {

  2996     $score += 1;

  2997     $has_upper_lower = true;

  2998     $debug[] = 'Adding 1 point for having uppercase and lowercase';

  2999   }

  3000   

  3001   // contains symbols

  3002   if ( preg_match('/[^A-z0-9]+/', $password) )

  3003   {

  3004     $score += 1;

  3005     $has_symbols = true;

  3006     $debug[] = 'Adding 1 point for having nonalphanumeric characters (matching /[^A-z0-9]+/)';

  3007   }

  3008   

  3009   // contains numbers

  3010   if ( preg_match('/[0-9]+/', $password) )

  3011   {

  3012     $score += 1;

  3013     $has_numbers = true;

  3014     $debug[] = 'Adding 1 point for having numbers';

  3015   }

  3016   

  3017   if ( $has_upper_lower && $has_symbols && $has_numbers && strlen($password) >= 9 )

  3018   {

  3019     // if it has uppercase and lowercase letters, symbols, and numbers, and is of considerable length, add some serious points

  3020     $score += 4;

  3021     $debug[] = 'Adding 4 points for having uppercase and lowercase, numbers, and nonalphanumeric and being more than 8 characters';

  3022   }

  3023   else if ( $has_upper_lower && $has_symbols && $has_numbers )

  3024   {

  3025     // still give some points for passing complexity check

  3026     $score += 2;

  3027     $debug[] = 'Adding 2 points for having uppercase and lowercase, numbers, and nonalphanumeric';

  3028   }

  3029   else if ( ( $has_upper_lower && $has_symbols ) ||

  3030             ( $has_upper_lower && $has_numbers ) ||

  3031             ( $has_symbols && $has_numbers ) )

  3032   {

  3033     // if 2 of the three main complexity checks passed, add a point

  3034     $score += 1;

  3035     $debug[] = 'Adding 1 point for having 2 of 3 complexity checks';

  3036   }

  3037   else if ( preg_match('/^[0-9]*?([a-z]+)[0-9]?$/', $password) )

  3038   {

  3039     // password is something like magnum1 which will be cracked in seconds

  3040     $score += -4;

  3041     $debug[] = 'Adding -4 points for being of the form [number][word][number]';

  3042   }

  3043   else if ( ( !$has_upper_lower && !$has_numbers && $has_symbols ) ||

  3044             ( !$has_upper_lower && !$has_symbols && $has_numbers ) ||

  3045             ( !$has_numbers && !$has_symbols && $has_upper_lower ) )

  3046   {

  3047     $score += -2;

  3048     $debug[] = 'Adding -2 points for only meeting 1 complexity check';

  3049   }

  3050   else if ( !$has_upper_lower && !$has_numbers && !$has_symbols )

  3051   {

  3052     $debug[] = 'Adding -3 points for not meeting any complexity checks';

  3053     $score += -3;

  3054   }

  3055   

  3056   //

  3057   // Repetition

  3058   // Example: foobar12345 should be deducted points, where f1o2o3b4a5r should be given points

  3059   //

  3060   

  3061   if ( preg_match('/([A-Z][A-Z][A-Z][A-Z]|[a-z][a-z][a-z][a-z])/', $password) )

  3062   {

  3063     $debug[] = 'Adding -2 points for having more than 4 letters of the same case in a row';

  3064     $score += -2;

  3065   }

  3066   else if ( preg_match('/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/', $password) )

  3067   {

  3068     $debug[] = 'Adding -1 points for having more than 3 letters of the same case in a row';

  3069     $score += -1;

  3070   }

  3071   else if ( preg_match('/[A-z]/', $password) && !preg_match('/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/', $password) )

  3072   {

  3073     $debug[] = 'Adding 1 point for never having more than 2 letters of the same case in a row';

  3074     $score += 1;

  3075   }

  3076   

  3077   if ( preg_match('/[0-9][0-9][0-9][0-9]/', $password) )

  3078   {

  3079     $debug[] = 'Adding -2 points for having 4 or more numbers in a row';

  3080     $score += -2;

  3081   }

  3082   else if ( preg_match('/[0-9][0-9][0-9]/', $password) )

  3083   {

  3084     $debug[] = 'Adding -1 points for having 3 or more numbers in a row';

  3085     $score += -1;

  3086   }

  3087   else if ( $has_numbers && !preg_match('/[0-9][0-9][0-9]/', $password) )

  3088   {

  3089     $debug[] = 'Adding 1 point for never more than 2 numbers in a row';

  3090     $score += -1;

  3091   }

  3092   

  3093   // make passwords like fooooooooooooooooooooooooooooooooooooo totally die by subtracting a point for each character repeated at least 3 times in a row

  3094   $prev_char = '';

  3095   $warn = false;

  3096   $loss = 0;

  3097   for ( $i = 0; $i < strlen($password); $i++ )

  3098   {

  3099     $chr = $password{$i};

  3100     if ( $chr == $prev_char && $warn )

  3101     {

  3102       $loss += -1;

  3103     }

  3104     else if ( $chr == $prev_char && !$warn )

  3105     {

  3106       $warn = true;

  3107     }

  3108     else if ( $chr != $prev_char && $warn )

  3109     {

  3110       $warn = false;

  3111     }

  3112     $prev_char = $chr;

  3113   }

  3114   if ( $loss < 0 )

  3115   {

  3116     $debug[] = 'Adding '.$loss.' points for immediate character repetition';

  3117     $score += $loss;

  3118     // this can bring the score below -10 sometimes

  3119     if ( $score < -10 )

  3120     {

  3121       $debug[] = 'Setting score to -10 because it went below ('.$score.')';

  3122       $score = -10;

  3123     }

  3124   }

  3125   

  3126   return $score;

  3127 }

  3128