remove password-suggestion if a custom regex is defined; added password-complexity-settings for non-regex users to define what generated passwords should contain, thx to Marco Vogt; fixes #1216

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/110.accounts.php

@@ -70,6 +70,46 @@ return array(
 					'default' => 0,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_password_alpha_lower' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_lower'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_lower',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_alpha_upper' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_upper'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_upper',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_numeric' => array(
+					'label' => $lng['serversettings']['panel_password_numeric'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_numeric',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char_required' => array(
+					'label' => $lng['serversettings']['panel_password_special_char_required'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char_required',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char' => array(
+					'label' => $lng['serversettings']['panel_password_special_char'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char',
+					'type' => 'string',
+					'default' => '!?<>§$%&+#=@',
+					'save_method' => 'storeSettingField',
+					),
 				'panel_password_regex' => array(
 					'label' => $lng['serversettings']['panel_password_regex'],
 					'settinggroup' => 'panel',
@@ -150,4 +190,4 @@ return array(
 		),
 	);
 
-?>
+?>

install/froxlor.sql

@@ -529,7 +529,12 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'phpconfigs_hidestdsubdomain', '0'),
 	('panel', 'allow_theme_change_admin', '1'),
 	('panel', 'allow_theme_change_customer', '1'),
-	('panel', 'version', '0.9.33-dev2');
+	('panel', 'password_alpha_lower', '1'),
+	('panel', 'password_alpha_upper', '1'),
+	('panel', 'password_numeric', '0'),
+	('panel', 'password_special_char_required', '0'),
+	('panel', 'password_special_char', '!?<>§$%&+#=@'),
+	('panel', 'version', '0.9.33-dev3');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2791,3 +2791,17 @@ if (isFroxlorVersion('0.9.33-dev1')) {
 
 	updateToVersion('0.9.33-dev2');
 }
+
+if (isFroxlorVersion('0.9.33-dev2')) {
+	showUpdateStep("Updating from 0.9.33-dev2 to 0.9.33-dev3", false);
+
+	showUpdateStep("Adding settings for password-generation options");
+	Settings::AddNew("panel.password_alpha_lower", '1');
+	Settings::AddNew("panel.password_alpha_upper", '1');
+	Settings::AddNew("panel.password_numeric", '0');
+	Settings::AddNew("panel.password_special_char_required", '0');
+	Settings::AddNew("panel.password_special_char", '!?<>§$%&+#=@');
+	lastStepStatus(0);
+
+	updateToVersion('0.9.33-dev3');
+}

lib/formfields/admin/admin/formfield.admin_add.php

@@ -38,6 +38,7 @@ return array(
 					'admin_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'def_language' => array(

lib/formfields/admin/admin/formfield.admin_edit.php

@@ -47,6 +47,7 @@ return array(
 					'admin_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 						'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true)
 					),

lib/formfields/admin/customer/formfield.customer_add.php

@@ -52,6 +52,7 @@ return array(
 					'new_customer_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendpassword' => array(

lib/formfields/admin/customer/formfield.customer_edit.php

@@ -58,6 +58,7 @@ return array(
 					'new_customer_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'def_language' => array(

lib/formfields/customer/email/formfield.emails_accountchangepasswd.php

@@ -37,6 +37,7 @@ return array(
 					'email_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/formfields/customer/email/formfield.emails_addaccount.php

@@ -37,6 +37,7 @@ return array(
 					'email_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'email_quota' => array(

lib/formfields/customer/extras/formfield.htpasswd_add.php

@@ -43,6 +43,7 @@ return array(
 					'directory_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'directory_authname' => array(

lib/formfields/customer/extras/formfield.htpasswd_edit.php

@@ -42,6 +42,7 @@ return array(
 					'directory_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'directory_authname' => array(

lib/formfields/customer/ftp/formfield.ftp_add.php

@@ -53,6 +53,7 @@ return array(
 					'ftp_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendinfomail' => array(

lib/formfields/customer/ftp/formfield.ftp_edit.php

@@ -49,6 +49,7 @@ return array(
 					'ftp_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/formfields/customer/mysql/formfield.mysql_add.php

@@ -41,6 +41,7 @@ return array(
 					'mysql_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendinfomail' => array(

lib/formfields/customer/mysql/formfield.mysql_edit.php

@@ -47,6 +47,7 @@ return array(
 					'mysql_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/functions/froxlor/function.generatePassword.php

@@ -19,8 +19,28 @@
  * Generates a random password
  */
 function generatePassword() {
-	return substr(
-		base64_encode(sha1(md5(uniqid(microtime(), 1))).md5(uniqid(microtime(), 1)).sha1(md5(uniqid(microtime(), 1)))),
-		rand(5, 50), (Settings::Get('panel.password_min_length') > 0 ? Settings::Get('panel.password_min_length') : 10)
-	);
+	$alpha_lower = 'abcdefghijklmnopqrstuvwxyz';
+	$alpha_upper = strtoupper($alpha_lower);
+	$numeric = '0123456789';
+	$special = Settings::Get('panel.password_special_char');
+	$length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10;
+
+	$pw = str_shuffle($alpha_lower);
+	$n = floor(($length)/4);
+
+	if (Settings::Get('panel.password_alpha_upper')) {
+		$pw .= substr(str_shuffle($alpha_upper), 0, $n);
+	}
+
+	if (Settings::Get('panel.password_numeric')) {
+		$pw .= substr(str_shuffle($numeric), 0, $n);
+	}
+
+	if (Settings::Get('panel.password_special_char_required')) {
+		$pw .= substr(str_shuffle($special), 0, $n);
+	}
+
+	$pw = substr($pw, -$length);
+
+	return str_shuffle($pw);
 }

lib/functions/validate/function.validatePassword.php

@@ -30,7 +30,7 @@ function validatePassword($password = null) {
 	
 	if (Settings::Get('panel.password_min_length') > 0) {
 		$password = validate(
-			$password, 
+			$password,
 			Settings::Get('panel.password_min_length'),
 			'/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D',
 			'notrequiredpasswordlength'
@@ -39,11 +39,44 @@ function validatePassword($password = null) {
 	
 	if (Settings::Get('panel.password_regex') != '') {
 		$password = validate(
-			$password, 
+			$password,
 			Settings::Get('panel.password_regex'),
 			Settings::Get('panel.password_regex'),
 			'notrequiredpasswordcomplexity'
 		);
+	} else {
+		if (Settings::Get('panel.password_alpha_lower')) {
+			$password = validate(
+				$password,
+				'/.*[a-z]+.*/',
+				'/.*[a-z]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_alpha_upper')) {
+			$password = validate(
+				$password,
+				'/.*[A-Z]+.*/',
+				'/.*[A-Z]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_numeric')) {
+			$password = validate(
+				$password,
+				'/.*[0-9]+.*/',
+				'/.*[0-9]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_special_char_required')) {
+			$password = validate(
+				$password,
+				'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
+				'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
 	}
 	
 	return $password;

lng/english.lng.php

@@ -1823,3 +1823,13 @@ $lng['error']['passwordshouldnotbeusername'] = 'The password should not be the s
 $lng['admin']['customer_show_news_feed'] = "Show custom newsfeed on customer-dashboard";
 $lng['admin']['customer_news_feed_url'] = "RSS-Feed for the custom newsfeed";
 $lng['serversettings']['dns_createhostnameentry'] = "Create bind-zone/config for system hostname";
+$lng['serversettings']['panel_password_alpha_lower']['title'] = 'Lowercase character';
+$lng['serversettings']['panel_password_alpha_lower']['description'] = 'Password must contain at least one lowercase letter (a-z).';
+$lng['serversettings']['panel_password_alpha_upper']['title'] = 'Uppercase character';
+$lng['serversettings']['panel_password_alpha_upper']['description'] = 'Password must contain at least one  uppercase letter (A-Z).';
+$lng['serversettings']['panel_password_numeric']['title'] = 'Numbers';
+$lng['serversettings']['panel_password_numeric']['description'] = 'Password must contain at least one number (0-9).';
+$lng['serversettings']['panel_password_special_char_required']['title'] = 'Special character';
+$lng['serversettings']['panel_password_special_char_required']['description'] = 'Password must contain at least one of the characters defined below.';
+$lng['serversettings']['panel_password_special_char']['title'] = 'Special characters list';
+$lng['serversettings']['panel_password_special_char']['description'] = 'One of these characters is required if the above option is set.';

lng/german.lng.php

@@ -1547,3 +1547,13 @@ $lng['error']['passwordshouldnotbeusername'] = 'Das Passwort sollte nicht mit de
 $lng['admin']['customer_show_news_feed'] = "Zeige benutzerdefinierten Newsfeed im Kunden-Dashboard";
 $lng['admin']['customer_news_feed_url'] = "RSS-Feed für den benutzerdefinierten Newsfeed";
 $lng['serversettings']['dns_createhostnameentry'] = "Erstelle bind-Zone/Konfiguration für den System-Hostnamen";
+$lng['serversettings']['panel_password_alpha_lower']['title'] = 'Kleinbuchstaben';
+$lng['serversettings']['panel_password_alpha_lower']['description'] = 'Das Passwort muss mindestens einen Kleinbuchstaben (a-z) enthalten.';
+$lng['serversettings']['panel_password_alpha_upper']['title'] = 'Großbuchstaben';
+$lng['serversettings']['panel_password_alpha_upper']['description'] = 'Das Passwort muss mindestens einen Großbuchstaben (A-Z) enthalten.';
+$lng['serversettings']['panel_password_numeric']['title'] = 'Zahlen';
+$lng['serversettings']['panel_password_numeric']['description'] = 'Das Passwort muss mindestens eine Zahl (0-9) enhalten.';
+$lng['serversettings']['panel_password_special_char_required']['title'] = 'Sonderzeichen';
+$lng['serversettings']['panel_password_special_char_required']['description'] = 'Das Passwort muss mindestens eines der untenstehenden Sonderzeichen enthalten';
+$lng['serversettings']['panel_password_special_char']['title'] = 'Sonderzeichen-Liste';
+$lng['serversettings']['panel_password_special_char']['description'] = 'Mindestens eines dieser Sonderzeichen muss in dem Passwort vorkommen, sofern die Sonderzeichen-Option aktiviert ist.';