|
1
|
|
|
<?php |
|
|
|
|
|
|
2
|
|
|
/** |
|
3
|
|
|
* Create serialized/commonpasswords.cdb |
|
4
|
|
|
* |
|
5
|
|
|
* This program is free software; you can redistribute it and/or modify |
|
6
|
|
|
* it under the terms of the GNU General Public License as published by |
|
7
|
|
|
* the Free Software Foundation; either version 2 of the License, or |
|
8
|
|
|
* (at your option) any later version. |
|
9
|
|
|
* |
|
10
|
|
|
* This program is distributed in the hope that it will be useful, |
|
11
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13
|
|
|
* GNU General Public License for more details. |
|
14
|
|
|
* |
|
15
|
|
|
* You should have received a copy of the GNU General Public License along |
|
16
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc., |
|
17
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
18
|
|
|
* http://www.gnu.org/copyleft/gpl.html |
|
19
|
|
|
* |
|
20
|
|
|
* @file |
|
21
|
|
|
* @ingroup Maintenance |
|
22
|
|
|
*/ |
|
23
|
|
|
|
|
24
|
|
|
require_once __DIR__ . '/Maintenance.php'; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* Maintenance script to create common password cdb database. |
|
28
|
|
|
* |
|
29
|
|
|
* Meant to take a file like |
|
30
|
|
|
* https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt?raw=true |
|
31
|
|
|
* as input. |
|
32
|
|
|
* @see serialized/commonpasswords.cdb and PasswordPolicyChecks::checkPopularPasswordBlacklist |
|
33
|
|
|
* @since 1.27 |
|
34
|
|
|
* @ingroup Maintenance |
|
35
|
|
|
*/ |
|
36
|
|
|
class GenerateCommonPassword extends Maintenance { |
|
37
|
|
|
public function __construct() { |
|
38
|
|
|
global $IP; |
|
39
|
|
|
parent::__construct(); |
|
40
|
|
|
$this->addDescription( 'Generate CDB file of common passwords' ); |
|
41
|
|
|
$this->addOption( 'limit', "Max number of passwords to write", false, true, 'l' ); |
|
42
|
|
|
$this->addArg( 'inputfile', 'List of passwords (one per line) to use or - for stdin', true ); |
|
43
|
|
|
$this->addArg( |
|
44
|
|
|
'output', |
|
45
|
|
|
"Location to write CDB file to (Try $IP/serialized/commonpasswords.cdb)", |
|
46
|
|
|
true |
|
47
|
|
|
); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
public function execute() { |
|
51
|
|
|
$limit = (int)$this->getOption( 'limit', PHP_INT_MAX ); |
|
52
|
|
|
$langEn = Language::factory( 'en' ); |
|
53
|
|
|
|
|
54
|
|
|
$infile = $this->getArg( 0 ); |
|
55
|
|
|
if ( $infile === '-' ) { |
|
56
|
|
|
$infile = 'php://stdin'; |
|
57
|
|
|
} |
|
58
|
|
|
$outfile = $this->getArg( 1 ); |
|
59
|
|
|
|
|
60
|
|
|
if ( !is_readable( $infile ) && $infile !== 'php://stdin' ) { |
|
61
|
|
|
$this->error( "Cannot open input file $infile for reading", 1 ); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
$file = fopen( $infile, 'r' ); |
|
65
|
|
|
if ( $file === false ) { |
|
66
|
|
|
$this->error( "Cannot read input file $infile", 1 ); |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
try { |
|
70
|
|
|
$db = \Cdb\Writer::open( $outfile ); |
|
71
|
|
|
|
|
72
|
|
|
$alreadyWritten = []; |
|
73
|
|
|
$skipped = 0; |
|
74
|
|
|
for ( $i = 0; ( $i - $skipped ) < $limit; $i++ ) { |
|
75
|
|
|
if ( feof( $file ) ) { |
|
76
|
|
|
break; |
|
77
|
|
|
} |
|
78
|
|
|
$rawLine = fgets( $file ); |
|
79
|
|
|
|
|
80
|
|
|
if ( $rawLine === false ) { |
|
81
|
|
|
$this->error( "Error reading input file" ); |
|
82
|
|
|
break; |
|
83
|
|
|
} |
|
84
|
|
|
if ( substr( $rawLine, -1 ) !== "\n" && !feof( $file ) ) { |
|
85
|
|
|
// We're assuming that this just won't happen. |
|
86
|
|
|
$this->error( "fgets did not return whole line at $i??" ); |
|
87
|
|
|
} |
|
88
|
|
|
$line = $langEn->lc( trim( $rawLine ) ); |
|
89
|
|
|
if ( $line === '' ) { |
|
90
|
|
|
$this->error( "Line number " . ( $i + 1 ) . " is blank?" ); |
|
91
|
|
|
$skipped++; |
|
92
|
|
|
continue; |
|
93
|
|
|
} |
|
94
|
|
|
if ( isset( $alreadyWritten[$line] ) ) { |
|
95
|
|
|
$this->output( "Password '$line' already written (line " . ( $i + 1 ) .")\n" ); |
|
96
|
|
|
$skipped++; |
|
97
|
|
|
continue; |
|
98
|
|
|
} |
|
99
|
|
|
$alreadyWritten[$line] = true; |
|
100
|
|
|
$db->set( $line, $i + 1 - $skipped ); |
|
101
|
|
|
} |
|
102
|
|
|
// All caps, so cannot conflict with potential password |
|
103
|
|
|
$db->set( '_TOTALENTRIES', $i - $skipped ); |
|
104
|
|
|
$db->close(); |
|
105
|
|
|
|
|
106
|
|
|
$this->output( "Successfully wrote " . ( $i - $skipped ) . |
|
107
|
|
|
" (out of $i) passwords to $outfile\n" |
|
108
|
|
|
); |
|
109
|
|
|
} catch ( \Cdb\Exception $e ) { |
|
110
|
|
|
$this->error( "Error writing cdb file: " . $e->getMessage(), 2 ); |
|
111
|
|
|
} |
|
112
|
|
|
} |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
$maintClass = "GenerateCommonPassword"; |
|
116
|
|
|
require_once RUN_MAINTENANCE_IF_MAIN; |
|
117
|
|
|
|
wikimedia /
mediawiki
Brian Wolff
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.