includes/functions.php
changeset 132 0ae1b281a884
parent 129 0b5244001799
child 137 3bce0c320e80
equal deleted inserted replaced
131:f59a8881f7e9 132:0ae1b281a884
  1189     $nightlytag  = ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
  1189     $nightlytag  = ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
  1190     $nightlylong = ' nightly; build date: ' . ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
  1190     $nightlylong = ' nightly; build date: ' . ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
  1191     $r = ( $long ) ? $r . $nightlylong : $r . '-nightly-' . $nightlytag;
  1191     $r = ( $long ) ? $r . $nightlylong : $r . '-nightly-' . $nightlytag;
  1192   }
  1192   }
  1193   return $r;
  1193   return $r;
       
  1194 }
       
  1195 
       
  1196 /**
       
  1197  * Give the codename of the release of Enano being run.
       
  1198  * @return string
       
  1199  */
       
  1200 
       
  1201 function enano_codename()
       
  1202 {
       
  1203   $names = array(
       
  1204       '1.0RC1' => 'Leprechaun',
       
  1205       '1.0RC2' => 'Clurichaun',
       
  1206       '1.0RC3' => 'Druid',
       
  1207       '1.0'    => 'Banshee',
       
  1208       '1.0.1'  => 'Loch Ness',
       
  1209       '1.0.1.1'=> 'Loch Ness internal bugfix build',
       
  1210       '1.0.2'  => 'Coblynau'
       
  1211     );
       
  1212   $version = enano_version();
       
  1213   if ( isset($names[$version]) )
       
  1214   {
       
  1215     return $names[$version];
       
  1216   }
       
  1217   return 'Anonymous build';
  1194 }
  1218 }
  1195 
  1219 
  1196 /**
  1220 /**
  1197  * What kinda sh** was I thinking when I wrote this. Deprecated.
  1221  * What kinda sh** was I thinking when I wrote this. Deprecated.
  1198  */
  1222  */
  2923           $ips[] = "$oc1.$oc2.$oc3.$oc4";
  2947           $ips[] = "$oc1.$oc2.$oc3.$oc4";
  2924         
  2948         
  2925   return $ips;
  2949   return $ips;
  2926 }
  2950 }
  2927 
  2951 
       
  2952 function password_score_len($password)
       
  2953 {
       
  2954   if ( !is_string($password) )
       
  2955   {
       
  2956     return -10;
       
  2957   }
       
  2958   $len = strlen($password);
       
  2959   $score = $len - 7;
       
  2960   return $score;
       
  2961 }
       
  2962 
       
  2963 /**
       
  2964  * Give a numerical score for how strong a password is. This is an open-ended scale based on a score added to or subtracted
       
  2965  * from based on certain complexity rules. Anything less than about 1 or 0 is weak, 3-4 is strong, and 10 is not to be easily cracked.
       
  2966  * Based on the Javascript function of the same name.
       
  2967  * @param string Password to test
       
  2968  * @param null Will be filled with an array of debugging info
       
  2969  * @return int
       
  2970  */
       
  2971 
       
  2972 function password_score($password, &$debug = false)
       
  2973 {
       
  2974   if ( !is_string($password) )
       
  2975   {
       
  2976     return -10;
       
  2977   }
       
  2978   $score = 0;
       
  2979   $debug = array();
       
  2980   // length check
       
  2981   $lenscore = password_score_len($password);
       
  2982   
       
  2983   $debug[] = "<b>How this score was calculated</b>\nYour score was tallied up based on an extensive algorithm which outputted\nthe following scores based on traits of your password. Above you can see the\ncomposite score; your individual scores based on certain tests are below.\n\nThe scale is open-ended, with a minimum score of -10. 10 is very strong, 4\nis strong, 1 is good and -3 is fair. Below -3 scores \"Weak.\"\n";
       
  2984   
       
  2985   $debug[] = 'Adding '.$lenscore.' points for length';
       
  2986   
       
  2987   $score += $lenscore;
       
  2988     
       
  2989   $has_upper_lower = false;
       
  2990   $has_symbols     = false;
       
  2991   $has_numbers     = false;
       
  2992   
       
  2993   // contains uppercase and lowercase
       
  2994   if ( preg_match('/[A-z]+/', $password) && strtolower($password) != $password )
       
  2995   {
       
  2996     $score += 1;
       
  2997     $has_upper_lower = true;
       
  2998     $debug[] = 'Adding 1 point for having uppercase and lowercase';
       
  2999   }
       
  3000   
       
  3001   // contains symbols
       
  3002   if ( preg_match('/[^A-z0-9]+/', $password) )
       
  3003   {
       
  3004     $score += 1;
       
  3005     $has_symbols = true;
       
  3006     $debug[] = 'Adding 1 point for having nonalphanumeric characters (matching /[^A-z0-9]+/)';
       
  3007   }
       
  3008   
       
  3009   // contains numbers
       
  3010   if ( preg_match('/[0-9]+/', $password) )
       
  3011   {
       
  3012     $score += 1;
       
  3013     $has_numbers = true;
       
  3014     $debug[] = 'Adding 1 point for having numbers';
       
  3015   }
       
  3016   
       
  3017   if ( $has_upper_lower && $has_symbols && $has_numbers && strlen($password) >= 9 )
       
  3018   {
       
  3019     // if it has uppercase and lowercase letters, symbols, and numbers, and is of considerable length, add some serious points
       
  3020     $score += 4;
       
  3021     $debug[] = 'Adding 4 points for having uppercase and lowercase, numbers, and nonalphanumeric and being more than 8 characters';
       
  3022   }
       
  3023   else if ( $has_upper_lower && $has_symbols && $has_numbers )
       
  3024   {
       
  3025     // still give some points for passing complexity check
       
  3026     $score += 2;
       
  3027     $debug[] = 'Adding 2 points for having uppercase and lowercase, numbers, and nonalphanumeric';
       
  3028   }
       
  3029   else if ( ( $has_upper_lower && $has_symbols ) ||
       
  3030             ( $has_upper_lower && $has_numbers ) ||
       
  3031             ( $has_symbols && $has_numbers ) )
       
  3032   {
       
  3033     // if 2 of the three main complexity checks passed, add a point
       
  3034     $score += 1;
       
  3035     $debug[] = 'Adding 1 point for having 2 of 3 complexity checks';
       
  3036   }
       
  3037   else if ( preg_match('/^[0-9]*?([a-z]+)[0-9]?$/', $password) )
       
  3038   {
       
  3039     // password is something like magnum1 which will be cracked in seconds
       
  3040     $score += -4;
       
  3041     $debug[] = 'Adding -4 points for being of the form [number][word][number]';
       
  3042   }
       
  3043   else if ( ( !$has_upper_lower && !$has_numbers && $has_symbols ) ||
       
  3044             ( !$has_upper_lower && !$has_symbols && $has_numbers ) ||
       
  3045             ( !$has_numbers && !$has_symbols && $has_upper_lower ) )
       
  3046   {
       
  3047     $score += -2;
       
  3048     $debug[] = 'Adding -2 points for only meeting 1 complexity check';
       
  3049   }
       
  3050   else if ( !$has_upper_lower && !$has_numbers && !$has_symbols )
       
  3051   {
       
  3052     $debug[] = 'Adding -3 points for not meeting any complexity checks';
       
  3053     $score += -3;
       
  3054   }
       
  3055   
       
  3056   //
       
  3057   // Repetition
       
  3058   // Example: foobar12345 should be deducted points, where f1o2o3b4a5r should be given points
       
  3059   //
       
  3060   
       
  3061   if ( preg_match('/([A-Z][A-Z][A-Z][A-Z]|[a-z][a-z][a-z][a-z])/', $password) )
       
  3062   {
       
  3063     $debug[] = 'Adding -2 points for having more than 4 letters of the same case in a row';
       
  3064     $score += -2;
       
  3065   }
       
  3066   else if ( preg_match('/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/', $password) )
       
  3067   {
       
  3068     $debug[] = 'Adding -1 points for having more than 3 letters of the same case in a row';
       
  3069     $score += -1;
       
  3070   }
       
  3071   else if ( preg_match('/[A-z]/', $password) && !preg_match('/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/', $password) )
       
  3072   {
       
  3073     $debug[] = 'Adding 1 point for never having more than 2 letters of the same case in a row';
       
  3074     $score += 1;
       
  3075   }
       
  3076   
       
  3077   if ( preg_match('/[0-9][0-9][0-9][0-9]/', $password) )
       
  3078   {
       
  3079     $debug[] = 'Adding -2 points for having 4 or more numbers in a row';
       
  3080     $score += -2;
       
  3081   }
       
  3082   else if ( preg_match('/[0-9][0-9][0-9]/', $password) )
       
  3083   {
       
  3084     $debug[] = 'Adding -1 points for having 3 or more numbers in a row';
       
  3085     $score += -1;
       
  3086   }
       
  3087   else if ( $has_numbers && !preg_match('/[0-9][0-9][0-9]/', $password) )
       
  3088   {
       
  3089     $debug[] = 'Adding 1 point for never more than 2 numbers in a row';
       
  3090     $score += -1;
       
  3091   }
       
  3092   
       
  3093   // make passwords like fooooooooooooooooooooooooooooooooooooo totally die by subtracting a point for each character repeated at least 3 times in a row
       
  3094   $prev_char = '';
       
  3095   $warn = false;
       
  3096   $loss = 0;
       
  3097   for ( $i = 0; $i < strlen($password); $i++ )
       
  3098   {
       
  3099     $chr = $password{$i};
       
  3100     if ( $chr == $prev_char && $warn )
       
  3101     {
       
  3102       $loss += -1;
       
  3103     }
       
  3104     else if ( $chr == $prev_char && !$warn )
       
  3105     {
       
  3106       $warn = true;
       
  3107     }
       
  3108     else if ( $chr != $prev_char && $warn )
       
  3109     {
       
  3110       $warn = false;
       
  3111     }
       
  3112     $prev_char = $chr;
       
  3113   }
       
  3114   if ( $loss < 0 )
       
  3115   {
       
  3116     $debug[] = 'Adding '.$loss.' points for immediate character repetition';
       
  3117     $score += $loss;
       
  3118     // this can bring the score below -10 sometimes
       
  3119     if ( $score < -10 )
       
  3120     {
       
  3121       $debug[] = 'Setting score to -10 because it went below ('.$score.')';
       
  3122       $score = -10;
       
  3123     }
       
  3124   }
       
  3125   
       
  3126   return $score;
       
  3127 }
       
  3128 
  2928 //die('<pre>Original:  01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>');
  3129 //die('<pre>Original:  01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>');
  2929 
  3130 
  2930 ?>
  3131 ?>