From 4cc3c01dcbaf17dda09f7db62f9d72aca678aca4 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 10 Nov 2014 10:07:32 +0100 Subject: [PATCH] remove password-suggestion if a custom regex is defined; added password-complexity-settings for non-regex users to define what generated passwords should contain, thx to Marco Vogt; fixes #1216 Signed-off-by: Michael Kaufmann (d00p) --- actions/admin/settings/110.accounts.php | 42 ++++++++++++++++++- install/froxlor.sql | 7 +++- .../updates/froxlor/0.9/update_0.9.inc.php | 14 +++++++ .../admin/admin/formfield.admin_add.php | 1 + .../admin/admin/formfield.admin_edit.php | 1 + .../admin/customer/formfield.customer_add.php | 1 + .../customer/formfield.customer_edit.php | 1 + .../formfield.emails_accountchangepasswd.php | 1 + .../email/formfield.emails_addaccount.php | 1 + .../extras/formfield.htpasswd_add.php | 1 + .../extras/formfield.htpasswd_edit.php | 1 + .../customer/ftp/formfield.ftp_add.php | 1 + .../customer/ftp/formfield.ftp_edit.php | 1 + .../customer/mysql/formfield.mysql_add.php | 1 + .../customer/mysql/formfield.mysql_edit.php | 1 + .../froxlor/function.generatePassword.php | 28 +++++++++++-- .../validate/function.validatePassword.php | 37 +++++++++++++++- lng/english.lng.php | 10 +++++ lng/german.lng.php | 10 +++++ 19 files changed, 152 insertions(+), 8 deletions(-) diff --git a/actions/admin/settings/110.accounts.php b/actions/admin/settings/110.accounts.php index ca182a37..e03cfe9b 100644 --- a/actions/admin/settings/110.accounts.php +++ b/actions/admin/settings/110.accounts.php @@ -70,6 +70,46 @@ return array( 'default' => 0, 'save_method' => 'storeSettingField', ), + 'panel_password_alpha_lower' => array( + 'label' => $lng['serversettings']['panel_password_alpha_lower'], + 'settinggroup' => 'panel', + 'varname' => 'password_alpha_lower', + 'type' => 'bool', + 'default' => true, + 'save_method' => 'storeSettingField', + ), + 'panel_password_alpha_upper' => array( + 'label' => $lng['serversettings']['panel_password_alpha_upper'], + 'settinggroup' => 'panel', + 'varname' => 'password_alpha_upper', + 'type' => 'bool', + 'default' => true, + 'save_method' => 'storeSettingField', + ), + 'panel_password_numeric' => array( + 'label' => $lng['serversettings']['panel_password_numeric'], + 'settinggroup' => 'panel', + 'varname' => 'password_numeric', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + ), + 'panel_password_special_char_required' => array( + 'label' => $lng['serversettings']['panel_password_special_char_required'], + 'settinggroup' => 'panel', + 'varname' => 'password_special_char_required', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + ), + 'panel_password_special_char' => array( + 'label' => $lng['serversettings']['panel_password_special_char'], + 'settinggroup' => 'panel', + 'varname' => 'password_special_char', + 'type' => 'string', + 'default' => '!?<>§$%&+#=@', + 'save_method' => 'storeSettingField', + ), 'panel_password_regex' => array( 'label' => $lng['serversettings']['panel_password_regex'], 'settinggroup' => 'panel', @@ -150,4 +190,4 @@ return array( ), ); -?> \ No newline at end of file +?> diff --git a/install/froxlor.sql b/install/froxlor.sql index e5eefb9e..65497507 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -529,7 +529,12 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'phpconfigs_hidestdsubdomain', '0'), ('panel', 'allow_theme_change_admin', '1'), ('panel', 'allow_theme_change_customer', '1'), - ('panel', 'version', '0.9.33-dev2'); + ('panel', 'password_alpha_lower', '1'), + ('panel', 'password_alpha_upper', '1'), + ('panel', 'password_numeric', '0'), + ('panel', 'password_special_char_required', '0'), + ('panel', 'password_special_char', '!?<>§$%&+#=@'), + ('panel', 'version', '0.9.33-dev3'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 679ac4a9..e0caac93 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -2791,3 +2791,17 @@ if (isFroxlorVersion('0.9.33-dev1')) { updateToVersion('0.9.33-dev2'); } + +if (isFroxlorVersion('0.9.33-dev2')) { + showUpdateStep("Updating from 0.9.33-dev2 to 0.9.33-dev3", false); + + showUpdateStep("Adding settings for password-generation options"); + Settings::AddNew("panel.password_alpha_lower", '1'); + Settings::AddNew("panel.password_alpha_upper", '1'); + Settings::AddNew("panel.password_numeric", '0'); + Settings::AddNew("panel.password_special_char_required", '0'); + Settings::AddNew("panel.password_special_char", '!?<>§$%&+#=@'); + lastStepStatus(0); + + updateToVersion('0.9.33-dev3'); +} diff --git a/lib/formfields/admin/admin/formfield.admin_add.php b/lib/formfields/admin/admin/formfield.admin_add.php index 7b47674c..57ba4723 100644 --- a/lib/formfields/admin/admin/formfield.admin_add.php +++ b/lib/formfields/admin/admin/formfield.admin_add.php @@ -38,6 +38,7 @@ return array( 'admin_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'def_language' => array( diff --git a/lib/formfields/admin/admin/formfield.admin_edit.php b/lib/formfields/admin/admin/formfield.admin_edit.php index f96a1705..eb5dc7ca 100644 --- a/lib/formfields/admin/admin/formfield.admin_edit.php +++ b/lib/formfields/admin/admin/formfield.admin_edit.php @@ -47,6 +47,7 @@ return array( 'admin_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), 'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true) ), diff --git a/lib/formfields/admin/customer/formfield.customer_add.php b/lib/formfields/admin/customer/formfield.customer_add.php index 92e0c5a4..50ac5436 100644 --- a/lib/formfields/admin/customer/formfield.customer_add.php +++ b/lib/formfields/admin/customer/formfield.customer_add.php @@ -52,6 +52,7 @@ return array( 'new_customer_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'sendpassword' => array( diff --git a/lib/formfields/admin/customer/formfield.customer_edit.php b/lib/formfields/admin/customer/formfield.customer_edit.php index 8d8d9bc0..475bcf28 100644 --- a/lib/formfields/admin/customer/formfield.customer_edit.php +++ b/lib/formfields/admin/customer/formfield.customer_edit.php @@ -58,6 +58,7 @@ return array( 'new_customer_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'def_language' => array( diff --git a/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php b/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php index 1b8d5f89..03c6bae2 100644 --- a/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php +++ b/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php @@ -37,6 +37,7 @@ return array( 'email_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ) ) diff --git a/lib/formfields/customer/email/formfield.emails_addaccount.php b/lib/formfields/customer/email/formfield.emails_addaccount.php index 5335cd67..c7614ffd 100644 --- a/lib/formfields/customer/email/formfield.emails_addaccount.php +++ b/lib/formfields/customer/email/formfield.emails_addaccount.php @@ -37,6 +37,7 @@ return array( 'email_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'email_quota' => array( diff --git a/lib/formfields/customer/extras/formfield.htpasswd_add.php b/lib/formfields/customer/extras/formfield.htpasswd_add.php index 8ec3507c..d918601d 100644 --- a/lib/formfields/customer/extras/formfield.htpasswd_add.php +++ b/lib/formfields/customer/extras/formfield.htpasswd_add.php @@ -43,6 +43,7 @@ return array( 'directory_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'directory_authname' => array( diff --git a/lib/formfields/customer/extras/formfield.htpasswd_edit.php b/lib/formfields/customer/extras/formfield.htpasswd_edit.php index 542b1b69..31572541 100644 --- a/lib/formfields/customer/extras/formfield.htpasswd_edit.php +++ b/lib/formfields/customer/extras/formfield.htpasswd_edit.php @@ -42,6 +42,7 @@ return array( 'directory_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'directory_authname' => array( diff --git a/lib/formfields/customer/ftp/formfield.ftp_add.php b/lib/formfields/customer/ftp/formfield.ftp_add.php index e8f84262..6bf224b2 100644 --- a/lib/formfields/customer/ftp/formfield.ftp_add.php +++ b/lib/formfields/customer/ftp/formfield.ftp_add.php @@ -53,6 +53,7 @@ return array( 'ftp_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'sendinfomail' => array( diff --git a/lib/formfields/customer/ftp/formfield.ftp_edit.php b/lib/formfields/customer/ftp/formfield.ftp_edit.php index 84f3c091..ba6fe920 100644 --- a/lib/formfields/customer/ftp/formfield.ftp_edit.php +++ b/lib/formfields/customer/ftp/formfield.ftp_edit.php @@ -49,6 +49,7 @@ return array( 'ftp_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ) ) diff --git a/lib/formfields/customer/mysql/formfield.mysql_add.php b/lib/formfields/customer/mysql/formfield.mysql_add.php index 6676b960..4ddb6241 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_add.php +++ b/lib/formfields/customer/mysql/formfield.mysql_add.php @@ -41,6 +41,7 @@ return array( 'mysql_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ), 'sendinfomail' => array( diff --git a/lib/formfields/customer/mysql/formfield.mysql_edit.php b/lib/formfields/customer/mysql/formfield.mysql_edit.php index 6f5b3189..d006a086 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_edit.php +++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php @@ -47,6 +47,7 @@ return array( 'mysql_password_suggestion' => array( 'label' => $lng['customer']['generated_pwd'], 'type' => 'text', + 'visible' => (Settings::Get('panel.password_regex') == ''), 'value' => generatePassword(), ) ) diff --git a/lib/functions/froxlor/function.generatePassword.php b/lib/functions/froxlor/function.generatePassword.php index 47241993..04e64b20 100644 --- a/lib/functions/froxlor/function.generatePassword.php +++ b/lib/functions/froxlor/function.generatePassword.php @@ -19,8 +19,28 @@ * Generates a random password */ function generatePassword() { - return substr( - base64_encode(sha1(md5(uniqid(microtime(), 1))).md5(uniqid(microtime(), 1)).sha1(md5(uniqid(microtime(), 1)))), - rand(5, 50), (Settings::Get('panel.password_min_length') > 0 ? Settings::Get('panel.password_min_length') : 10) - ); + $alpha_lower = 'abcdefghijklmnopqrstuvwxyz'; + $alpha_upper = strtoupper($alpha_lower); + $numeric = '0123456789'; + $special = Settings::Get('panel.password_special_char'); + $length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10; + + $pw = str_shuffle($alpha_lower); + $n = floor(($length)/4); + + if (Settings::Get('panel.password_alpha_upper')) { + $pw .= substr(str_shuffle($alpha_upper), 0, $n); + } + + if (Settings::Get('panel.password_numeric')) { + $pw .= substr(str_shuffle($numeric), 0, $n); + } + + if (Settings::Get('panel.password_special_char_required')) { + $pw .= substr(str_shuffle($special), 0, $n); + } + + $pw = substr($pw, -$length); + + return str_shuffle($pw); } diff --git a/lib/functions/validate/function.validatePassword.php b/lib/functions/validate/function.validatePassword.php index 94bb26b8..48922ba7 100644 --- a/lib/functions/validate/function.validatePassword.php +++ b/lib/functions/validate/function.validatePassword.php @@ -30,7 +30,7 @@ function validatePassword($password = null) { if (Settings::Get('panel.password_min_length') > 0) { $password = validate( - $password, + $password, Settings::Get('panel.password_min_length'), '/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D', 'notrequiredpasswordlength' @@ -39,11 +39,44 @@ function validatePassword($password = null) { if (Settings::Get('panel.password_regex') != '') { $password = validate( - $password, + $password, Settings::Get('panel.password_regex'), Settings::Get('panel.password_regex'), 'notrequiredpasswordcomplexity' ); + } else { + if (Settings::Get('panel.password_alpha_lower')) { + $password = validate( + $password, + '/.*[a-z]+.*/', + '/.*[a-z]+.*/', + 'notrequiredpasswordcomplexity' + ); + } + if (Settings::Get('panel.password_alpha_upper')) { + $password = validate( + $password, + '/.*[A-Z]+.*/', + '/.*[A-Z]+.*/', + 'notrequiredpasswordcomplexity' + ); + } + if (Settings::Get('panel.password_numeric')) { + $password = validate( + $password, + '/.*[0-9]+.*/', + '/.*[0-9]+.*/', + 'notrequiredpasswordcomplexity' + ); + } + if (Settings::Get('panel.password_special_char_required')) { + $password = validate( + $password, + '/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/', + '/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/', + 'notrequiredpasswordcomplexity' + ); + } } return $password; diff --git a/lng/english.lng.php b/lng/english.lng.php index 6cfd57f8..5d94e5c8 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -1823,3 +1823,13 @@ $lng['error']['passwordshouldnotbeusername'] = 'The password should not be the s $lng['admin']['customer_show_news_feed'] = "Show custom newsfeed on customer-dashboard"; $lng['admin']['customer_news_feed_url'] = "RSS-Feed for the custom newsfeed"; $lng['serversettings']['dns_createhostnameentry'] = "Create bind-zone/config for system hostname"; +$lng['serversettings']['panel_password_alpha_lower']['title'] = 'Lowercase character'; +$lng['serversettings']['panel_password_alpha_lower']['description'] = 'Password must contain at least one lowercase letter (a-z).'; +$lng['serversettings']['panel_password_alpha_upper']['title'] = 'Uppercase character'; +$lng['serversettings']['panel_password_alpha_upper']['description'] = 'Password must contain at least one uppercase letter (A-Z).'; +$lng['serversettings']['panel_password_numeric']['title'] = 'Numbers'; +$lng['serversettings']['panel_password_numeric']['description'] = 'Password must contain at least one number (0-9).'; +$lng['serversettings']['panel_password_special_char_required']['title'] = 'Special character'; +$lng['serversettings']['panel_password_special_char_required']['description'] = 'Password must contain at least one of the characters defined below.'; +$lng['serversettings']['panel_password_special_char']['title'] = 'Special characters list'; +$lng['serversettings']['panel_password_special_char']['description'] = 'One of these characters is required if the above option is set.'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 058a85c8..00fc64ba 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1547,3 +1547,13 @@ $lng['error']['passwordshouldnotbeusername'] = 'Das Passwort sollte nicht mit de $lng['admin']['customer_show_news_feed'] = "Zeige benutzerdefinierten Newsfeed im Kunden-Dashboard"; $lng['admin']['customer_news_feed_url'] = "RSS-Feed für den benutzerdefinierten Newsfeed"; $lng['serversettings']['dns_createhostnameentry'] = "Erstelle bind-Zone/Konfiguration für den System-Hostnamen"; +$lng['serversettings']['panel_password_alpha_lower']['title'] = 'Kleinbuchstaben'; +$lng['serversettings']['panel_password_alpha_lower']['description'] = 'Das Passwort muss mindestens einen Kleinbuchstaben (a-z) enthalten.'; +$lng['serversettings']['panel_password_alpha_upper']['title'] = 'Großbuchstaben'; +$lng['serversettings']['panel_password_alpha_upper']['description'] = 'Das Passwort muss mindestens einen Großbuchstaben (A-Z) enthalten.'; +$lng['serversettings']['panel_password_numeric']['title'] = 'Zahlen'; +$lng['serversettings']['panel_password_numeric']['description'] = 'Das Passwort muss mindestens eine Zahl (0-9) enhalten.'; +$lng['serversettings']['panel_password_special_char_required']['title'] = 'Sonderzeichen'; +$lng['serversettings']['panel_password_special_char_required']['description'] = 'Das Passwort muss mindestens eines der untenstehenden Sonderzeichen enthalten'; +$lng['serversettings']['panel_password_special_char']['title'] = 'Sonderzeichen-Liste'; +$lng['serversettings']['panel_password_special_char']['description'] = 'Mindestens eines dieser Sonderzeichen muss in dem Passwort vorkommen, sofern die Sonderzeichen-Option aktiviert ist.';