ci-bonfire /
Sprint
@@ -11,7 +11,7 @@ |
||
| 11 | 11 | $config['builds'] = [ |
| 12 | 12 | 'release' => 'SprintRelease', |
| 13 | 13 | 'postCreateProject' => 'InitialCleanup', |
| 14 | - 'publishSubTrees' => 'SubTreeSplit' |
|
| 14 | + 'publishSubTrees' => 'SubTreeSplit' |
|
| 15 | 15 | ]; |
| 16 | 16 | |
| 17 | 17 | //-------------------------------------------------------------------- |
@@ -12,7 +12,7 @@ discard block |
||
| 12 | 12 | |
| 13 | 13 | public function __construct($ci=null) |
| 14 | 14 | { |
| 15 | - $this->ci =& $ci; |
|
| 15 | + $this->ci =& $ci; |
|
| 16 | 16 | } |
| 17 | 17 | |
| 18 | 18 | //-------------------------------------------------------------------- |
@@ -57,10 +57,10 @@ discard block |
||
| 57 | 57 | */ |
| 58 | 58 | public function ensureFolder($path) |
| 59 | 59 | { |
| 60 | - if (is_dir($path)) |
|
| 61 | - { |
|
| 62 | - return true; |
|
| 63 | - } |
|
| 60 | + if (is_dir($path)) |
|
| 61 | + { |
|
| 62 | + return true; |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | 65 | return mkdir($path, 0777, true); |
| 66 | 66 | } |
@@ -17,7 +17,7 @@ |
||
| 17 | 17 | |
| 18 | 18 | public function __construct($destination) |
| 19 | 19 | { |
| 20 | - $this->source_path = realpath(BUILDBASE .'../'); |
|
| 20 | + $this->source_path = realpath(BUILDBASE .'../'); |
|
| 21 | 21 | |
| 22 | 22 | if (empty($this->source_path)) |
| 23 | 23 | { |
@@ -12,12 +12,12 @@ |
||
| 12 | 12 | */ |
| 13 | 13 | class SubTreeSplit extends BaseBuilder { |
| 14 | 14 | |
| 15 | - public function run() |
|
| 16 | - { |
|
| 15 | + public function run() |
|
| 16 | + { |
|
| 17 | 17 | |
| 18 | - } |
|
| 18 | + } |
|
| 19 | 19 | |
| 20 | - //-------------------------------------------------------------------- |
|
| 20 | + //-------------------------------------------------------------------- |
|
| 21 | 21 | |
| 22 | 22 | |
| 23 | 23 | } |
| 24 | 24 | \ No newline at end of file |
@@ -57,29 +57,29 @@ discard block |
||
| 57 | 57 | */ |
| 58 | 58 | $domain = ! empty($_SERVER['HTTP_HOST']) ? strtolower($_SERVER['HTTP_HOST']) : 'cli'; |
| 59 | 59 | |
| 60 | - /** |
|
| 61 | - * A simple method to automatically determine the environment that |
|
| 62 | - * the script is running on. Modify to support your needs. |
|
| 63 | - * |
|
| 64 | - * To handle Travis-ci testing, we check for an environment |
|
| 65 | - * variable called TRAVIS which is set in the .travis.yml file. |
|
| 66 | - * This allows a database-specific setup for Travis testing. |
|
| 67 | - */ |
|
| 68 | - if (isset($_ENV['TRAVIS'])) |
|
| 69 | - { |
|
| 70 | - define('ENVIRONMENT', 'travis'); |
|
| 71 | - } |
|
| 72 | - else if (isset($_ENV['TESTING'])) |
|
| 73 | - { |
|
| 74 | - define('ENVIRONMENT', 'testing'); |
|
| 75 | - } |
|
| 76 | - else if (strpos($domain, '.dev') !== false || $domain == 'cli') |
|
| 77 | - { |
|
| 78 | - define('ENVIRONMENT', 'development'); |
|
| 79 | - } |
|
| 80 | - else { |
|
| 81 | - define('ENVIRONMENT', 'production'); |
|
| 82 | - } |
|
| 60 | + /** |
|
| 61 | + * A simple method to automatically determine the environment that |
|
| 62 | + * the script is running on. Modify to support your needs. |
|
| 63 | + * |
|
| 64 | + * To handle Travis-ci testing, we check for an environment |
|
| 65 | + * variable called TRAVIS which is set in the .travis.yml file. |
|
| 66 | + * This allows a database-specific setup for Travis testing. |
|
| 67 | + */ |
|
| 68 | + if (isset($_ENV['TRAVIS'])) |
|
| 69 | + { |
|
| 70 | + define('ENVIRONMENT', 'travis'); |
|
| 71 | + } |
|
| 72 | + else if (isset($_ENV['TESTING'])) |
|
| 73 | + { |
|
| 74 | + define('ENVIRONMENT', 'testing'); |
|
| 75 | + } |
|
| 76 | + else if (strpos($domain, '.dev') !== false || $domain == 'cli') |
|
| 77 | + { |
|
| 78 | + define('ENVIRONMENT', 'development'); |
|
| 79 | + } |
|
| 80 | + else { |
|
| 81 | + define('ENVIRONMENT', 'production'); |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | 84 | /* |
| 85 | 85 | *--------------------------------------------------------------- |
@@ -92,7 +92,7 @@ discard block |
||
| 92 | 92 | switch (ENVIRONMENT) |
| 93 | 93 | { |
| 94 | 94 | case 'development': |
| 95 | - case 'travis': |
|
| 95 | + case 'travis': |
|
| 96 | 96 | case 'testing': |
| 97 | 97 | error_reporting(-1); |
| 98 | 98 | ini_set('display_errors', 1); |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | * Include the path if the folder is not in the same directory |
| 151 | 151 | * as this file. |
| 152 | 152 | */ |
| 153 | - $myth_folder = 'myth'; |
|
| 153 | + $myth_folder = 'myth'; |
|
| 154 | 154 | |
| 155 | 155 | /* |
| 156 | 156 | *--------------------------------------------------------------- |
@@ -267,8 +267,8 @@ discard block |
||
| 267 | 267 | // Name of the "system folder" |
| 268 | 268 | define('SYSDIR', trim(strrchr(trim(BASEPATH, '/'), '/'), '/')); |
| 269 | 269 | |
| 270 | - // Path to the myth folder |
|
| 271 | - define('MYTHPATH', rtrim( str_replace('\\', '/', $myth_folder), '/ ') .'/' ); |
|
| 270 | + // Path to the myth folder |
|
| 271 | + define('MYTHPATH', rtrim( str_replace('\\', '/', $myth_folder), '/ ') .'/' ); |
|
| 272 | 272 | |
| 273 | 273 | // The path to the "application" folder |
| 274 | 274 | if (is_dir($application_folder)) |
@@ -74,7 +74,7 @@ discard block |
||
| 74 | 74 | */ |
| 75 | 75 | public function setRealm($realm) |
| 76 | 76 | { |
| 77 | - $this->realm = $realm; |
|
| 77 | + $this->realm = $realm; |
|
| 78 | 78 | return $this; |
| 79 | 79 | } |
| 80 | 80 | |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | 'password' => $password |
| 117 | 117 | ]; |
| 118 | 118 | |
| 119 | - $user = $this->validate($data, true); |
|
| 119 | + $user = $this->validate($data, true); |
|
| 120 | 120 | |
| 121 | 121 | $this->user = $user; |
| 122 | 122 | |
@@ -272,7 +272,7 @@ discard block |
||
| 272 | 272 | */ |
| 273 | 273 | public function checkIPBlacklist() |
| 274 | 274 | { |
| 275 | - $blacklist = explode(',', config_item('api.ip_blacklist')); |
|
| 275 | + $blacklist = explode(',', config_item('api.ip_blacklist')); |
|
| 276 | 276 | |
| 277 | 277 | array_walk($blacklist, function (&$item, $key) { |
| 278 | 278 | $item = trim($item); |
@@ -141,8 +141,8 @@ discard block |
||
| 141 | 141 | * @var array |
| 142 | 142 | */ |
| 143 | 143 | protected $codes = array( |
| 144 | - 'created' => 201, |
|
| 145 | - 'deleted' => 200, |
|
| 144 | + 'created' => 201, |
|
| 145 | + 'deleted' => 200, |
|
| 146 | 146 | 'invalid_request' => 400, |
| 147 | 147 | 'unsupported_response_type' => 400, |
| 148 | 148 | 'invalid_scope' => 400, |
@@ -166,32 +166,32 @@ discard block |
||
| 166 | 166 | 'not_implemented' => 501 |
| 167 | 167 | ); |
| 168 | 168 | |
| 169 | - /** |
|
| 170 | - * Convert common browser-sent langauge |
|
| 171 | - * strings to a folder name in the languages folder |
|
| 172 | - * that we want to use. |
|
| 173 | - * |
|
| 174 | - * Primarily used for converting to english when |
|
| 175 | - * viewing the API in a browser. |
|
| 176 | - * |
|
| 177 | - * @var array |
|
| 178 | - */ |
|
| 179 | - protected $lang_map = [ |
|
| 180 | - 'en-us' => 'english', |
|
| 181 | - 'en' => 'english', |
|
| 182 | - 'eng' => 'english', |
|
| 183 | - 'en-au' => 'english', |
|
| 184 | - 'en-nz' => 'english', |
|
| 185 | - 'en-za' => 'english', |
|
| 186 | - 'en-tt' => 'english', |
|
| 187 | - 'en-gb' => 'english', |
|
| 188 | - 'en-ca' => 'english', |
|
| 189 | - 'en-ie' => 'english', |
|
| 190 | - 'en-jm' => 'english', |
|
| 191 | - 'en-bz' => 'english', |
|
| 192 | - ]; |
|
| 193 | - |
|
| 194 | - /** |
|
| 169 | + /** |
|
| 170 | + * Convert common browser-sent langauge |
|
| 171 | + * strings to a folder name in the languages folder |
|
| 172 | + * that we want to use. |
|
| 173 | + * |
|
| 174 | + * Primarily used for converting to english when |
|
| 175 | + * viewing the API in a browser. |
|
| 176 | + * |
|
| 177 | + * @var array |
|
| 178 | + */ |
|
| 179 | + protected $lang_map = [ |
|
| 180 | + 'en-us' => 'english', |
|
| 181 | + 'en' => 'english', |
|
| 182 | + 'eng' => 'english', |
|
| 183 | + 'en-au' => 'english', |
|
| 184 | + 'en-nz' => 'english', |
|
| 185 | + 'en-za' => 'english', |
|
| 186 | + 'en-tt' => 'english', |
|
| 187 | + 'en-gb' => 'english', |
|
| 188 | + 'en-ca' => 'english', |
|
| 189 | + 'en-ie' => 'english', |
|
| 190 | + 'en-jm' => 'english', |
|
| 191 | + 'en-bz' => 'english', |
|
| 192 | + ]; |
|
| 193 | + |
|
| 194 | + /** |
|
| 195 | 195 | * If you wish to override the default authentication |
| 196 | 196 | * library used for authentication, set this to the |
| 197 | 197 | * fully namespaced class name. |
@@ -544,7 +544,7 @@ discard block |
||
| 544 | 544 | */ |
| 545 | 545 | public function grabVar($name) |
| 546 | 546 | { |
| 547 | - return array_key_exists($name, $this->vars) ? $this->vars[$name] : false; |
|
| 547 | + return array_key_exists($name, $this->vars) ? $this->vars[$name] : false; |
|
| 548 | 548 | } |
| 549 | 549 | |
| 550 | 550 | //-------------------------------------------------------------------- |
@@ -757,12 +757,12 @@ discard block |
||
| 757 | 757 | // Remove weight and strip space |
| 758 | 758 | list($lang) = explode(';', $lang); |
| 759 | 759 | |
| 760 | - $lang = strtolower(trim($lang)); |
|
| 760 | + $lang = strtolower(trim($lang)); |
|
| 761 | 761 | |
| 762 | - if (array_key_exists($lang, $this->lang_map)) |
|
| 763 | - { |
|
| 764 | - $lang = $this->lang_map[$lang]; |
|
| 765 | - } |
|
| 762 | + if (array_key_exists($lang, $this->lang_map)) |
|
| 763 | + { |
|
| 764 | + $lang = $this->lang_map[$lang]; |
|
| 765 | + } |
|
| 766 | 766 | |
| 767 | 767 | $return_langs[] = $lang; |
| 768 | 768 | } |
@@ -782,10 +782,10 @@ discard block |
||
| 782 | 782 | */ |
| 783 | 783 | public function detectFields() |
| 784 | 784 | { |
| 785 | - if (! array_key_exists('fields', $_GET)) |
|
| 786 | - { |
|
| 787 | - return; |
|
| 788 | - } |
|
| 785 | + if (! array_key_exists('fields', $_GET)) |
|
| 786 | + { |
|
| 787 | + return; |
|
| 788 | + } |
|
| 789 | 789 | |
| 790 | 790 | $fields = explode(',', $_GET['fields']); |
| 791 | 791 | |
@@ -814,7 +814,7 @@ discard block |
||
| 814 | 814 | return; |
| 815 | 815 | } |
| 816 | 816 | |
| 817 | - $model = new LogModel(); |
|
| 817 | + $model = new LogModel(); |
|
| 818 | 818 | |
| 819 | 819 | $data = [ |
| 820 | 820 | 'duration' => microtime(true) - $this->start_time, |
@@ -85,10 +85,10 @@ discard block |
||
| 85 | 85 | */ |
| 86 | 86 | public function addUserToGroup($user_id, $group_id) |
| 87 | 87 | { |
| 88 | - $data = [ |
|
| 89 | - 'user_id' => (int)$user_id, |
|
| 90 | - 'group_id' => (int)$group_id |
|
| 91 | - ]; |
|
| 88 | + $data = [ |
|
| 89 | + 'user_id' => (int)$user_id, |
|
| 90 | + 'group_id' => (int)$group_id |
|
| 91 | + ]; |
|
| 92 | 92 | |
| 93 | 93 | return $this->db->insert('auth_groups_users', $data); |
| 94 | 94 | } |
@@ -105,10 +105,10 @@ discard block |
||
| 105 | 105 | */ |
| 106 | 106 | public function removeUserFromGroup($user_id, $group_id) |
| 107 | 107 | { |
| 108 | - return $this->where([ |
|
| 109 | - 'user_id' => (int)$user_id, |
|
| 110 | - 'group_id' => (int)$group_id |
|
| 111 | - ])->delete('auth_groups_users'); |
|
| 108 | + return $this->where([ |
|
| 109 | + 'user_id' => (int)$user_id, |
|
| 110 | + 'group_id' => (int)$group_id |
|
| 111 | + ])->delete('auth_groups_users'); |
|
| 112 | 112 | } |
| 113 | 113 | |
| 114 | 114 | //-------------------------------------------------------------------- |
@@ -122,8 +122,8 @@ discard block |
||
| 122 | 122 | */ |
| 123 | 123 | public function removeUserFromAllGroups($user_id) |
| 124 | 124 | { |
| 125 | - return $this->db->where('user_id', (int)$user_id) |
|
| 126 | - ->delete('auth_groups_users'); |
|
| 125 | + return $this->db->where('user_id', (int)$user_id) |
|
| 126 | + ->delete('auth_groups_users'); |
|
| 127 | 127 | } |
| 128 | 128 | |
| 129 | 129 | //-------------------------------------------------------------------- |
@@ -137,11 +137,11 @@ discard block |
||
| 137 | 137 | */ |
| 138 | 138 | public function getGroupsForUser($user_id) |
| 139 | 139 | { |
| 140 | - return $this->select('auth_groups_users.*, auth_groups.name, auth_groups.description') |
|
| 141 | - ->join('auth_groups_users', 'auth_groups_users.group_id = auth_groups.id', 'left') |
|
| 142 | - ->where('user_id', $user_id) |
|
| 143 | - ->as_array() |
|
| 144 | - ->find_all(); |
|
| 140 | + return $this->select('auth_groups_users.*, auth_groups.name, auth_groups.description') |
|
| 141 | + ->join('auth_groups_users', 'auth_groups_users.group_id = auth_groups.id', 'left') |
|
| 142 | + ->where('user_id', $user_id) |
|
| 143 | + ->as_array() |
|
| 144 | + ->find_all(); |
|
| 145 | 145 | } |
| 146 | 146 | |
| 147 | 147 | //-------------------------------------------------------------------- |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | 'group_id' => (int)$group_id |
| 161 | 161 | ]; |
| 162 | 162 | |
| 163 | - return $this->db->insert('auth_groups_permissions', $data); |
|
| 163 | + return $this->db->insert('auth_groups_permissions', $data); |
|
| 164 | 164 | } |
| 165 | 165 | |
| 166 | 166 | //-------------------------------------------------------------------- |
@@ -176,10 +176,10 @@ discard block |
||
| 176 | 176 | */ |
| 177 | 177 | public function removePermissionFromGroup($permission_id, $group_id) |
| 178 | 178 | { |
| 179 | - return $this->db->where([ |
|
| 180 | - 'permission_id' => $permission_id, |
|
| 181 | - 'group_id' => $group_id |
|
| 182 | - ])->delete('auth_groups_permissions'); |
|
| 179 | + return $this->db->where([ |
|
| 180 | + 'permission_id' => $permission_id, |
|
| 181 | + 'group_id' => $group_id |
|
| 182 | + ])->delete('auth_groups_permissions'); |
|
| 183 | 183 | } |
| 184 | 184 | |
| 185 | 185 | //-------------------------------------------------------------------- |
@@ -193,8 +193,8 @@ discard block |
||
| 193 | 193 | */ |
| 194 | 194 | public function removePermissionFromAllGroups($permission_id) |
| 195 | 195 | { |
| 196 | - return $this->db->where('permission_id', $permission_id) |
|
| 197 | - ->delete('auth_groups_permissions'); |
|
| 196 | + return $this->db->where('permission_id', $permission_id) |
|
| 197 | + ->delete('auth_groups_permissions'); |
|
| 198 | 198 | } |
| 199 | 199 | |
| 200 | 200 | //-------------------------------------------------------------------- |
@@ -51,325 +51,325 @@ |
||
| 51 | 51 | */ |
| 52 | 52 | class Password { |
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * A standardized method for hasing a password before storing |
|
| 56 | - * in the database. |
|
| 57 | - * |
|
| 58 | - * @param $password |
|
| 59 | - * @return bool|mixed|string |
|
| 60 | - */ |
|
| 61 | - public static function hashPassword($password) |
|
| 62 | - { |
|
| 63 | - if (! config_item('auth.hash_cost')) |
|
| 64 | - { |
|
| 65 | - get_instance()->load->config('auth'); |
|
| 66 | - } |
|
| 67 | - |
|
| 68 | - return password_hash($password, PASSWORD_DEFAULT, ['cost' => config_item('auth.hash_cost')]); |
|
| 69 | - } |
|
| 70 | - |
|
| 71 | - //-------------------------------------------------------------------- |
|
| 72 | - |
|
| 73 | - /** |
|
| 74 | - * Determines the number of entropy bits a password has based on |
|
| 75 | - * |
|
| 76 | - * |
|
| 77 | - * @param $password |
|
| 78 | - * @param bool $repeatcalc |
|
| 79 | - * @return int |
|
| 80 | - */ |
|
| 81 | - public static function getNISTNumBits($password, $repeatcalc = false) |
|
| 82 | - { |
|
| 83 | - $y = strlen($password); |
|
| 84 | - if ($repeatcalc) |
|
| 85 | - { |
|
| 86 | - // Variant on NIST rules to reduce long sequences of repeated characters. |
|
| 87 | - $result = 0; |
|
| 88 | - $charmult = array_fill(0, 256, 1); |
|
| 89 | - for ($x = 0; $x < $y; $x++) |
|
| 90 | - { |
|
| 91 | - $tempchr = ord(substr($password, $x, 1)); |
|
| 92 | - if ($x > 19) $result += $charmult[$tempchr]; |
|
| 93 | - else if ($x > 7) $result += $charmult[$tempchr] * 1.5; |
|
| 94 | - else if ($x > 0) $result += $charmult[$tempchr] * 2; |
|
| 95 | - else $result += 4; |
|
| 96 | - |
|
| 97 | - $charmult[$tempchr] *= 0.75; |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - return $result; |
|
| 101 | - } |
|
| 102 | - else |
|
| 103 | - { |
|
| 104 | - if ($y > 20) return 4 + (7 * 2) + (12 * 1.5) + $y - 20; |
|
| 105 | - if ($y > 8) return 4 + (7 * 2) + (($y - 8) * 1.5); |
|
| 106 | - if ($y > 1) return 4 + (($y - 1) * 2); |
|
| 107 | - |
|
| 108 | - return ($y == 1 ? 4 : 0); |
|
| 109 | - } |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - //-------------------------------------------------------------------- |
|
| 113 | - |
|
| 114 | - /** |
|
| 115 | - * Determines whether a password is strong enough to use. You should check |
|
| 116 | - * the password against this method and reject it if the password is not |
|
| 117 | - * strong enough. |
|
| 118 | - * |
|
| 119 | - * The following guidelines come from the author's tests against 10.4 million actual passwords |
|
| 120 | - * ( see post: http://cubicspot.blogspot.com/2012/01/how-to-calculate-password-strength-part.html ) |
|
| 121 | - * and represents the suggested minimum entropy bits for different types of sites: |
|
| 122 | - * |
|
| 123 | - * - 18 bits of entropy = minimum for ANY website. |
|
| 124 | - * - 25 bits of entropy = minimum for a general purpose web service used relatively widely (e.g. Hotmail). |
|
| 125 | - * - 30 bits of entropy = minimum for a web service with business critical applications (e.g. SAAS). |
|
| 126 | - * - 40 bits of entropy = minimum for a bank or other financial service. |
|
| 127 | - * |
|
| 128 | - * The algorithm is based upon a modified version of the NIST rules which suggest the following: |
|
| 129 | - * |
|
| 130 | - * - The first byte counts as 4 bits. |
|
| 131 | - * - The next 7 bytes count as 2 bits each. |
|
| 132 | - * - The next 12 bytes count as 1.5 bits each. |
|
| 133 | - * - Anything beyond that counts as 1 bit each. |
|
| 134 | - * - Mixed case + non-alphanumeric = up to 6 extra bits. |
|
| 135 | - * |
|
| 136 | - * @param string $password - The password to check |
|
| 137 | - * @param int $minbits - Minimum "entropy bits" that is allowed |
|
| 138 | - * @param bool $usedict - Should we check the password against a 300,000 word English dictionary? |
|
| 139 | - * @param int $minwordlen - |
|
| 140 | - * @return bool |
|
| 141 | - */ |
|
| 142 | - public static function isStrongPassword($password, $minbits = 18, $usedict = false, $minwordlen = 4) |
|
| 143 | - { |
|
| 144 | - // NIST password strength rules allow up to 6 extra bits for mixed case and non-alphabetic. |
|
| 145 | - $upper = false; |
|
| 146 | - $lower = false; |
|
| 147 | - $numeric = false; |
|
| 148 | - $other = false; |
|
| 149 | - $space = false; |
|
| 150 | - $y = strlen($password); |
|
| 151 | - for ($x = 0; $x < $y; $x++) |
|
| 152 | - { |
|
| 153 | - $tempchr = ord(substr($password, $x, 1)); |
|
| 154 | - if ($tempchr >= ord("A") && $tempchr <= ord("Z")) $upper = true; |
|
| 155 | - else if ($tempchr >= ord("a") && $tempchr <= ord("z")) $lower = true; |
|
| 156 | - else if ($tempchr >= ord("0") && $tempchr <= ord("9")) $numeric = true; |
|
| 157 | - else if ($tempchr == ord(" ")) $space = true; |
|
| 158 | - else $other = true; |
|
| 159 | - } |
|
| 160 | - $extrabits = ($upper && $lower && $other ? ($numeric ? 6 : 5) : ($numeric && !$upper && !$lower ? ($other ? -2 : -6) : 0)); |
|
| 161 | - if (!$space) $extrabits -= 2; |
|
| 162 | - else if (count(explode(" ", preg_replace('/\s+/', " ", $password))) > 3) $extrabits++; |
|
| 163 | - $result = self::getNISTNumBits($password, true) + $extrabits; |
|
| 164 | - |
|
| 165 | - $password = strtolower($password); |
|
| 166 | - $revpassword = strrev($password); |
|
| 167 | - $numbits = self::getNISTNumBits($password) + $extrabits; |
|
| 168 | - if ($result > $numbits) $result = $numbits; |
|
| 169 | - |
|
| 170 | - // Remove QWERTY strings. |
|
| 171 | - $qwertystrs = array( |
|
| 172 | - "1234567890-qwertyuiopasdfghjkl;zxcvbnm,./", |
|
| 173 | - "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]:?_{\"+}", |
|
| 174 | - "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p", |
|
| 175 | - "qazwsxedcrfvtgbyhnujmik,ol.p;/-['=]:?_{\"+}", |
|
| 176 | - "qazwsxedcrfvtgbyhnujmikolp", |
|
| 177 | - "]\"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1", |
|
| 178 | - "pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1", |
|
| 179 | - "]\"/[;.pl,okmijnuhbygvtfcrdxeszwaq", |
|
| 180 | - "plokmijnuhbygvtfcrdxeszwaq", |
|
| 181 | - "014725836914702583697894561230258/369*+-*/", |
|
| 182 | - "abcdefghijklmnopqrstuvwxyz" |
|
| 183 | - ); |
|
| 184 | - foreach ($qwertystrs as $qwertystr) |
|
| 185 | - { |
|
| 186 | - $qpassword = $password; |
|
| 187 | - $qrevpassword = $revpassword; |
|
| 188 | - $z = 6; |
|
| 189 | - do |
|
| 190 | - { |
|
| 191 | - $y = strlen($qwertystr) - $z; |
|
| 192 | - for ($x = 0; $x < $y; $x++) |
|
| 193 | - { |
|
| 194 | - $str = substr($qwertystr, $x, $z); |
|
| 195 | - $qpassword = str_replace($str, "*", $qpassword); |
|
| 196 | - $qrevpassword = str_replace($str, "*", $qrevpassword); |
|
| 197 | - } |
|
| 198 | - |
|
| 199 | - $z--; |
|
| 200 | - } while ($z > 2); |
|
| 201 | - |
|
| 202 | - $numbits = self::getNISTNumBits($qpassword) + $extrabits; |
|
| 203 | - if ($result > $numbits) $result = $numbits; |
|
| 204 | - $numbits = self::getNISTNumBits($qrevpassword) + $extrabits; |
|
| 205 | - if ($result > $numbits) $result = $numbits; |
|
| 206 | - |
|
| 207 | - if ($result < $minbits) return false; |
|
| 208 | - } |
|
| 209 | - |
|
| 210 | - if ($usedict && $result >= $minbits) |
|
| 211 | - { |
|
| 212 | - $passwords = array(); |
|
| 213 | - |
|
| 214 | - // Add keyboard shifting password variants. |
|
| 215 | - $keyboardmap_down_noshift = array( |
|
| 216 | - "z" => "", "x" => "", "c" => "", "v" => "", "b" => "", "n" => "", "m" => "", "," => "", "." => "", "/" => "", "<" => "", ">" => "", "?" => "" |
|
| 217 | - ); |
|
| 218 | - if ($password == str_replace(array_keys($keyboardmap_down_noshift), array_values($keyboardmap_down_noshift), $password)) |
|
| 219 | - { |
|
| 220 | - $keyboardmap_downright = array( |
|
| 221 | - "a" => "z", |
|
| 222 | - "q" => "a", |
|
| 223 | - "1" => "q", |
|
| 224 | - "s" => "x", |
|
| 225 | - "w" => "s", |
|
| 226 | - "2" => "w", |
|
| 227 | - "d" => "c", |
|
| 228 | - "e" => "d", |
|
| 229 | - "3" => "e", |
|
| 230 | - "f" => "v", |
|
| 231 | - "r" => "f", |
|
| 232 | - "4" => "r", |
|
| 233 | - "g" => "b", |
|
| 234 | - "t" => "g", |
|
| 235 | - "5" => "t", |
|
| 236 | - "h" => "n", |
|
| 237 | - "y" => "h", |
|
| 238 | - "6" => "y", |
|
| 239 | - "j" => "m", |
|
| 240 | - "u" => "j", |
|
| 241 | - "7" => "u", |
|
| 242 | - "i" => "k", |
|
| 243 | - "8" => "i", |
|
| 244 | - "o" => "l", |
|
| 245 | - "9" => "o", |
|
| 246 | - "0" => "p", |
|
| 247 | - ); |
|
| 248 | - |
|
| 249 | - $keyboardmap_downleft = array( |
|
| 250 | - "2" => "q", |
|
| 251 | - "w" => "a", |
|
| 252 | - "3" => "w", |
|
| 253 | - "s" => "z", |
|
| 254 | - "e" => "s", |
|
| 255 | - "4" => "e", |
|
| 256 | - "d" => "x", |
|
| 257 | - "r" => "d", |
|
| 258 | - "5" => "r", |
|
| 259 | - "f" => "c", |
|
| 260 | - "t" => "f", |
|
| 261 | - "6" => "t", |
|
| 262 | - "g" => "v", |
|
| 263 | - "y" => "g", |
|
| 264 | - "7" => "y", |
|
| 265 | - "h" => "b", |
|
| 266 | - "u" => "h", |
|
| 267 | - "8" => "u", |
|
| 268 | - "j" => "n", |
|
| 269 | - "i" => "j", |
|
| 270 | - "9" => "i", |
|
| 271 | - "k" => "m", |
|
| 272 | - "o" => "k", |
|
| 273 | - "0" => "o", |
|
| 274 | - "p" => "l", |
|
| 275 | - "-" => "p", |
|
| 276 | - ); |
|
| 277 | - |
|
| 278 | - $password2 = str_replace(array_keys($keyboardmap_downright), array_values($keyboardmap_downright), $password); |
|
| 279 | - $passwords[] = $password2; |
|
| 280 | - $passwords[] = strrev($password2); |
|
| 281 | - |
|
| 282 | - $password2 = str_replace(array_keys($keyboardmap_downleft), array_values($keyboardmap_downleft), $password); |
|
| 283 | - $passwords[] = $password2; |
|
| 284 | - $passwords[] = strrev($password2); |
|
| 285 | - } |
|
| 286 | - |
|
| 287 | - // Deal with LEET-Speak substitutions. |
|
| 288 | - $leetspeakmap = array( |
|
| 289 | - "@" => "a", |
|
| 290 | - "!" => "i", |
|
| 291 | - "$" => "s", |
|
| 292 | - "1" => "i", |
|
| 293 | - "2" => "z", |
|
| 294 | - "3" => "e", |
|
| 295 | - "4" => "a", |
|
| 296 | - "5" => "s", |
|
| 297 | - "6" => "g", |
|
| 298 | - "7" => "t", |
|
| 299 | - "8" => "b", |
|
| 300 | - "9" => "g", |
|
| 301 | - "0" => "o" |
|
| 302 | - ); |
|
| 303 | - |
|
| 304 | - $password2 = str_replace(array_keys($leetspeakmap), array_values($leetspeakmap), $password); |
|
| 305 | - $passwords[] = $password2; |
|
| 306 | - $passwords[] = strrev($password2); |
|
| 307 | - |
|
| 308 | - $leetspeakmap["1"] = "l"; |
|
| 309 | - $password3 = str_replace(array_keys($leetspeakmap), array_values($leetspeakmap), $password); |
|
| 310 | - if ($password3 != $password2) |
|
| 311 | - { |
|
| 312 | - $passwords[] = $password3; |
|
| 313 | - $passwords[] = strrev($password3); |
|
| 314 | - } |
|
| 315 | - |
|
| 316 | - // Process the password, while looking for words in the dictionary. |
|
| 317 | - $a = ord("a"); |
|
| 318 | - $z = ord("z"); |
|
| 319 | - $data = file_get_contents(DICTIONARY_PATH); |
|
| 320 | - foreach ($passwords as $num => $password) |
|
| 321 | - { |
|
| 322 | - $y = strlen($password); |
|
| 323 | - for ($x = 0; $x < $y; $x++) |
|
| 324 | - { |
|
| 325 | - $tempchr = ord(substr($password, $x, 1)); |
|
| 326 | - if ($tempchr >= $a && $tempchr <= $z) |
|
| 327 | - { |
|
| 328 | - for ($x2 = $x + 1; $x2 < $y; $x2++) |
|
| 329 | - { |
|
| 330 | - $tempchr = ord(substr($password, $x2, 1)); |
|
| 331 | - if ($tempchr < $a || $tempchr > $z) break; |
|
| 332 | - } |
|
| 333 | - |
|
| 334 | - $found = false; |
|
| 335 | - while (!$found && $x2 - $x >= $minwordlen) |
|
| 336 | - { |
|
| 337 | - $word = "/\\n" . substr($password, $x, $minwordlen); |
|
| 338 | - for ($x3 = $x + $minwordlen; $x3 < $x2; $x3++) $word .= "(" . $password{$x3}; |
|
| 339 | - for ($x3 = $x + $minwordlen; $x3 < $x2; $x3++) $word .= ")?"; |
|
| 340 | - $word .= "\\n/"; |
|
| 341 | - |
|
| 342 | - preg_match_all($word, $data, $matches); |
|
| 343 | - if (!count($matches[0])) |
|
| 344 | - { |
|
| 345 | - $password{$x} = "*"; |
|
| 346 | - $x++; |
|
| 347 | - $numbits = self::getNISTNumBits(substr($password, 0, $x)) + $extrabits; |
|
| 348 | - if ($numbits >= $minbits) $found = true; |
|
| 349 | - } |
|
| 350 | - else |
|
| 351 | - { |
|
| 352 | - foreach ($matches[0] as $match) |
|
| 353 | - { |
|
| 354 | - $password2 = str_replace(trim($match), "*", $password); |
|
| 355 | - $numbits = self::getNISTNumBits($password2) + $extrabits; |
|
| 356 | - if ($result > $numbits) $result = $numbits; |
|
| 357 | - |
|
| 358 | - if ($result < $minbits) return false; |
|
| 359 | - } |
|
| 360 | - |
|
| 361 | - $found = true; |
|
| 362 | - } |
|
| 363 | - } |
|
| 364 | - |
|
| 365 | - if ($found) break; |
|
| 366 | - |
|
| 367 | - $x = $x2 - 1; |
|
| 368 | - } |
|
| 369 | - } |
|
| 370 | - } |
|
| 371 | - } |
|
| 372 | - |
|
| 373 | - return $result >= $minbits; |
|
| 374 | - } |
|
| 54 | + /** |
|
| 55 | + * A standardized method for hasing a password before storing |
|
| 56 | + * in the database. |
|
| 57 | + * |
|
| 58 | + * @param $password |
|
| 59 | + * @return bool|mixed|string |
|
| 60 | + */ |
|
| 61 | + public static function hashPassword($password) |
|
| 62 | + { |
|
| 63 | + if (! config_item('auth.hash_cost')) |
|
| 64 | + { |
|
| 65 | + get_instance()->load->config('auth'); |
|
| 66 | + } |
|
| 67 | + |
|
| 68 | + return password_hash($password, PASSWORD_DEFAULT, ['cost' => config_item('auth.hash_cost')]); |
|
| 69 | + } |
|
| 70 | + |
|
| 71 | + //-------------------------------------------------------------------- |
|
| 72 | + |
|
| 73 | + /** |
|
| 74 | + * Determines the number of entropy bits a password has based on |
|
| 75 | + * |
|
| 76 | + * |
|
| 77 | + * @param $password |
|
| 78 | + * @param bool $repeatcalc |
|
| 79 | + * @return int |
|
| 80 | + */ |
|
| 81 | + public static function getNISTNumBits($password, $repeatcalc = false) |
|
| 82 | + { |
|
| 83 | + $y = strlen($password); |
|
| 84 | + if ($repeatcalc) |
|
| 85 | + { |
|
| 86 | + // Variant on NIST rules to reduce long sequences of repeated characters. |
|
| 87 | + $result = 0; |
|
| 88 | + $charmult = array_fill(0, 256, 1); |
|
| 89 | + for ($x = 0; $x < $y; $x++) |
|
| 90 | + { |
|
| 91 | + $tempchr = ord(substr($password, $x, 1)); |
|
| 92 | + if ($x > 19) $result += $charmult[$tempchr]; |
|
| 93 | + else if ($x > 7) $result += $charmult[$tempchr] * 1.5; |
|
| 94 | + else if ($x > 0) $result += $charmult[$tempchr] * 2; |
|
| 95 | + else $result += 4; |
|
| 96 | + |
|
| 97 | + $charmult[$tempchr] *= 0.75; |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + return $result; |
|
| 101 | + } |
|
| 102 | + else |
|
| 103 | + { |
|
| 104 | + if ($y > 20) return 4 + (7 * 2) + (12 * 1.5) + $y - 20; |
|
| 105 | + if ($y > 8) return 4 + (7 * 2) + (($y - 8) * 1.5); |
|
| 106 | + if ($y > 1) return 4 + (($y - 1) * 2); |
|
| 107 | + |
|
| 108 | + return ($y == 1 ? 4 : 0); |
|
| 109 | + } |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + //-------------------------------------------------------------------- |
|
| 113 | + |
|
| 114 | + /** |
|
| 115 | + * Determines whether a password is strong enough to use. You should check |
|
| 116 | + * the password against this method and reject it if the password is not |
|
| 117 | + * strong enough. |
|
| 118 | + * |
|
| 119 | + * The following guidelines come from the author's tests against 10.4 million actual passwords |
|
| 120 | + * ( see post: http://cubicspot.blogspot.com/2012/01/how-to-calculate-password-strength-part.html ) |
|
| 121 | + * and represents the suggested minimum entropy bits for different types of sites: |
|
| 122 | + * |
|
| 123 | + * - 18 bits of entropy = minimum for ANY website. |
|
| 124 | + * - 25 bits of entropy = minimum for a general purpose web service used relatively widely (e.g. Hotmail). |
|
| 125 | + * - 30 bits of entropy = minimum for a web service with business critical applications (e.g. SAAS). |
|
| 126 | + * - 40 bits of entropy = minimum for a bank or other financial service. |
|
| 127 | + * |
|
| 128 | + * The algorithm is based upon a modified version of the NIST rules which suggest the following: |
|
| 129 | + * |
|
| 130 | + * - The first byte counts as 4 bits. |
|
| 131 | + * - The next 7 bytes count as 2 bits each. |
|
| 132 | + * - The next 12 bytes count as 1.5 bits each. |
|
| 133 | + * - Anything beyond that counts as 1 bit each. |
|
| 134 | + * - Mixed case + non-alphanumeric = up to 6 extra bits. |
|
| 135 | + * |
|
| 136 | + * @param string $password - The password to check |
|
| 137 | + * @param int $minbits - Minimum "entropy bits" that is allowed |
|
| 138 | + * @param bool $usedict - Should we check the password against a 300,000 word English dictionary? |
|
| 139 | + * @param int $minwordlen - |
|
| 140 | + * @return bool |
|
| 141 | + */ |
|
| 142 | + public static function isStrongPassword($password, $minbits = 18, $usedict = false, $minwordlen = 4) |
|
| 143 | + { |
|
| 144 | + // NIST password strength rules allow up to 6 extra bits for mixed case and non-alphabetic. |
|
| 145 | + $upper = false; |
|
| 146 | + $lower = false; |
|
| 147 | + $numeric = false; |
|
| 148 | + $other = false; |
|
| 149 | + $space = false; |
|
| 150 | + $y = strlen($password); |
|
| 151 | + for ($x = 0; $x < $y; $x++) |
|
| 152 | + { |
|
| 153 | + $tempchr = ord(substr($password, $x, 1)); |
|
| 154 | + if ($tempchr >= ord("A") && $tempchr <= ord("Z")) $upper = true; |
|
| 155 | + else if ($tempchr >= ord("a") && $tempchr <= ord("z")) $lower = true; |
|
| 156 | + else if ($tempchr >= ord("0") && $tempchr <= ord("9")) $numeric = true; |
|
| 157 | + else if ($tempchr == ord(" ")) $space = true; |
|
| 158 | + else $other = true; |
|
| 159 | + } |
|
| 160 | + $extrabits = ($upper && $lower && $other ? ($numeric ? 6 : 5) : ($numeric && !$upper && !$lower ? ($other ? -2 : -6) : 0)); |
|
| 161 | + if (!$space) $extrabits -= 2; |
|
| 162 | + else if (count(explode(" ", preg_replace('/\s+/', " ", $password))) > 3) $extrabits++; |
|
| 163 | + $result = self::getNISTNumBits($password, true) + $extrabits; |
|
| 164 | + |
|
| 165 | + $password = strtolower($password); |
|
| 166 | + $revpassword = strrev($password); |
|
| 167 | + $numbits = self::getNISTNumBits($password) + $extrabits; |
|
| 168 | + if ($result > $numbits) $result = $numbits; |
|
| 169 | + |
|
| 170 | + // Remove QWERTY strings. |
|
| 171 | + $qwertystrs = array( |
|
| 172 | + "1234567890-qwertyuiopasdfghjkl;zxcvbnm,./", |
|
| 173 | + "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]:?_{\"+}", |
|
| 174 | + "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p", |
|
| 175 | + "qazwsxedcrfvtgbyhnujmik,ol.p;/-['=]:?_{\"+}", |
|
| 176 | + "qazwsxedcrfvtgbyhnujmikolp", |
|
| 177 | + "]\"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1", |
|
| 178 | + "pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1", |
|
| 179 | + "]\"/[;.pl,okmijnuhbygvtfcrdxeszwaq", |
|
| 180 | + "plokmijnuhbygvtfcrdxeszwaq", |
|
| 181 | + "014725836914702583697894561230258/369*+-*/", |
|
| 182 | + "abcdefghijklmnopqrstuvwxyz" |
|
| 183 | + ); |
|
| 184 | + foreach ($qwertystrs as $qwertystr) |
|
| 185 | + { |
|
| 186 | + $qpassword = $password; |
|
| 187 | + $qrevpassword = $revpassword; |
|
| 188 | + $z = 6; |
|
| 189 | + do |
|
| 190 | + { |
|
| 191 | + $y = strlen($qwertystr) - $z; |
|
| 192 | + for ($x = 0; $x < $y; $x++) |
|
| 193 | + { |
|
| 194 | + $str = substr($qwertystr, $x, $z); |
|
| 195 | + $qpassword = str_replace($str, "*", $qpassword); |
|
| 196 | + $qrevpassword = str_replace($str, "*", $qrevpassword); |
|
| 197 | + } |
|
| 198 | + |
|
| 199 | + $z--; |
|
| 200 | + } while ($z > 2); |
|
| 201 | + |
|
| 202 | + $numbits = self::getNISTNumBits($qpassword) + $extrabits; |
|
| 203 | + if ($result > $numbits) $result = $numbits; |
|
| 204 | + $numbits = self::getNISTNumBits($qrevpassword) + $extrabits; |
|
| 205 | + if ($result > $numbits) $result = $numbits; |
|
| 206 | + |
|
| 207 | + if ($result < $minbits) return false; |
|
| 208 | + } |
|
| 209 | + |
|
| 210 | + if ($usedict && $result >= $minbits) |
|
| 211 | + { |
|
| 212 | + $passwords = array(); |
|
| 213 | + |
|
| 214 | + // Add keyboard shifting password variants. |
|
| 215 | + $keyboardmap_down_noshift = array( |
|
| 216 | + "z" => "", "x" => "", "c" => "", "v" => "", "b" => "", "n" => "", "m" => "", "," => "", "." => "", "/" => "", "<" => "", ">" => "", "?" => "" |
|
| 217 | + ); |
|
| 218 | + if ($password == str_replace(array_keys($keyboardmap_down_noshift), array_values($keyboardmap_down_noshift), $password)) |
|
| 219 | + { |
|
| 220 | + $keyboardmap_downright = array( |
|
| 221 | + "a" => "z", |
|
| 222 | + "q" => "a", |
|
| 223 | + "1" => "q", |
|
| 224 | + "s" => "x", |
|
| 225 | + "w" => "s", |
|
| 226 | + "2" => "w", |
|
| 227 | + "d" => "c", |
|
| 228 | + "e" => "d", |
|
| 229 | + "3" => "e", |
|
| 230 | + "f" => "v", |
|
| 231 | + "r" => "f", |
|
| 232 | + "4" => "r", |
|
| 233 | + "g" => "b", |
|
| 234 | + "t" => "g", |
|
| 235 | + "5" => "t", |
|
| 236 | + "h" => "n", |
|
| 237 | + "y" => "h", |
|
| 238 | + "6" => "y", |
|
| 239 | + "j" => "m", |
|
| 240 | + "u" => "j", |
|
| 241 | + "7" => "u", |
|
| 242 | + "i" => "k", |
|
| 243 | + "8" => "i", |
|
| 244 | + "o" => "l", |
|
| 245 | + "9" => "o", |
|
| 246 | + "0" => "p", |
|
| 247 | + ); |
|
| 248 | + |
|
| 249 | + $keyboardmap_downleft = array( |
|
| 250 | + "2" => "q", |
|
| 251 | + "w" => "a", |
|
| 252 | + "3" => "w", |
|
| 253 | + "s" => "z", |
|
| 254 | + "e" => "s", |
|
| 255 | + "4" => "e", |
|
| 256 | + "d" => "x", |
|
| 257 | + "r" => "d", |
|
| 258 | + "5" => "r", |
|
| 259 | + "f" => "c", |
|
| 260 | + "t" => "f", |
|
| 261 | + "6" => "t", |
|
| 262 | + "g" => "v", |
|
| 263 | + "y" => "g", |
|
| 264 | + "7" => "y", |
|
| 265 | + "h" => "b", |
|
| 266 | + "u" => "h", |
|
| 267 | + "8" => "u", |
|
| 268 | + "j" => "n", |
|
| 269 | + "i" => "j", |
|
| 270 | + "9" => "i", |
|
| 271 | + "k" => "m", |
|
| 272 | + "o" => "k", |
|
| 273 | + "0" => "o", |
|
| 274 | + "p" => "l", |
|
| 275 | + "-" => "p", |
|
| 276 | + ); |
|
| 277 | + |
|
| 278 | + $password2 = str_replace(array_keys($keyboardmap_downright), array_values($keyboardmap_downright), $password); |
|
| 279 | + $passwords[] = $password2; |
|
| 280 | + $passwords[] = strrev($password2); |
|
| 281 | + |
|
| 282 | + $password2 = str_replace(array_keys($keyboardmap_downleft), array_values($keyboardmap_downleft), $password); |
|
| 283 | + $passwords[] = $password2; |
|
| 284 | + $passwords[] = strrev($password2); |
|
| 285 | + } |
|
| 286 | + |
|
| 287 | + // Deal with LEET-Speak substitutions. |
|
| 288 | + $leetspeakmap = array( |
|
| 289 | + "@" => "a", |
|
| 290 | + "!" => "i", |
|
| 291 | + "$" => "s", |
|
| 292 | + "1" => "i", |
|
| 293 | + "2" => "z", |
|
| 294 | + "3" => "e", |
|
| 295 | + "4" => "a", |
|
| 296 | + "5" => "s", |
|
| 297 | + "6" => "g", |
|
| 298 | + "7" => "t", |
|
| 299 | + "8" => "b", |
|
| 300 | + "9" => "g", |
|
| 301 | + "0" => "o" |
|
| 302 | + ); |
|
| 303 | + |
|
| 304 | + $password2 = str_replace(array_keys($leetspeakmap), array_values($leetspeakmap), $password); |
|
| 305 | + $passwords[] = $password2; |
|
| 306 | + $passwords[] = strrev($password2); |
|
| 307 | + |
|
| 308 | + $leetspeakmap["1"] = "l"; |
|
| 309 | + $password3 = str_replace(array_keys($leetspeakmap), array_values($leetspeakmap), $password); |
|
| 310 | + if ($password3 != $password2) |
|
| 311 | + { |
|
| 312 | + $passwords[] = $password3; |
|
| 313 | + $passwords[] = strrev($password3); |
|
| 314 | + } |
|
| 315 | + |
|
| 316 | + // Process the password, while looking for words in the dictionary. |
|
| 317 | + $a = ord("a"); |
|
| 318 | + $z = ord("z"); |
|
| 319 | + $data = file_get_contents(DICTIONARY_PATH); |
|
| 320 | + foreach ($passwords as $num => $password) |
|
| 321 | + { |
|
| 322 | + $y = strlen($password); |
|
| 323 | + for ($x = 0; $x < $y; $x++) |
|
| 324 | + { |
|
| 325 | + $tempchr = ord(substr($password, $x, 1)); |
|
| 326 | + if ($tempchr >= $a && $tempchr <= $z) |
|
| 327 | + { |
|
| 328 | + for ($x2 = $x + 1; $x2 < $y; $x2++) |
|
| 329 | + { |
|
| 330 | + $tempchr = ord(substr($password, $x2, 1)); |
|
| 331 | + if ($tempchr < $a || $tempchr > $z) break; |
|
| 332 | + } |
|
| 333 | + |
|
| 334 | + $found = false; |
|
| 335 | + while (!$found && $x2 - $x >= $minwordlen) |
|
| 336 | + { |
|
| 337 | + $word = "/\\n" . substr($password, $x, $minwordlen); |
|
| 338 | + for ($x3 = $x + $minwordlen; $x3 < $x2; $x3++) $word .= "(" . $password{$x3}; |
|
| 339 | + for ($x3 = $x + $minwordlen; $x3 < $x2; $x3++) $word .= ")?"; |
|
| 340 | + $word .= "\\n/"; |
|
| 341 | + |
|
| 342 | + preg_match_all($word, $data, $matches); |
|
| 343 | + if (!count($matches[0])) |
|
| 344 | + { |
|
| 345 | + $password{$x} = "*"; |
|
| 346 | + $x++; |
|
| 347 | + $numbits = self::getNISTNumBits(substr($password, 0, $x)) + $extrabits; |
|
| 348 | + if ($numbits >= $minbits) $found = true; |
|
| 349 | + } |
|
| 350 | + else |
|
| 351 | + { |
|
| 352 | + foreach ($matches[0] as $match) |
|
| 353 | + { |
|
| 354 | + $password2 = str_replace(trim($match), "*", $password); |
|
| 355 | + $numbits = self::getNISTNumBits($password2) + $extrabits; |
|
| 356 | + if ($result > $numbits) $result = $numbits; |
|
| 357 | + |
|
| 358 | + if ($result < $minbits) return false; |
|
| 359 | + } |
|
| 360 | + |
|
| 361 | + $found = true; |
|
| 362 | + } |
|
| 363 | + } |
|
| 364 | + |
|
| 365 | + if ($found) break; |
|
| 366 | + |
|
| 367 | + $x = $x2 - 1; |
|
| 368 | + } |
|
| 369 | + } |
|
| 370 | + } |
|
| 371 | + } |
|
| 372 | + |
|
| 373 | + return $result >= $minbits; |
|
| 374 | + } |
|
| 375 | 375 | } |
