You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 253 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Password strength checker in Your Account [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Wed May 03, 2006 9:51 pm Reply with quoteBack to top

Hi there, I was wondering if I could implement a password strength check upon new user signup. Many of my users have set easy-to-guess passwords and I want to prevent them from setting passwords such as 111 or aaa. I looked on the net in order to find some cute scripts, but there weren't any for Nuke, so I considered asking here. The script I found is listed below:

Code:
<script language="JavaScript1.1">
<!-- Begin
/* ************************************************************
Created: 20060120
Author:  Steve Moitozo <god at zilla dot us>
Description: This is a quick and dirty password quality meter
       written in JavaScript so that the password does
       not pass over the network
Revision Author: Dick Ervasti (dick dot ervasti at quty dot com)
Revision Description: Exchanged text based prompts for a graphic thermometer

Password Strength Factors and Weightings

password length:
level 0 (3 point): less than 4 characters
level 1 (6 points): between 5 and 7 characters
level 2 (12 points): between 8 and 15 characters
level 3 (18 points): 16 or more characters

letters:
level 0 (0 points): no letters
level 1 (5 points): all letters are lower case
level 2 (7 points): letters are mixed case

numbers:
level 0 (0 points): no numbers exist
level 1 (5 points): one number exists
level 1 (7 points): 3 or more numbers exists

special characters:
level 0 (0 points): no special characters
level 1 (5 points): one special character exists
level 2 (10 points): more than one special character exists

combinatons:
level 0 (1 points): letters and numbers exist
level 1 (1 points): mixed case letters
level 1 (2 points): letters, numbers and special characters
               exist
level 1 (2 points): mixed case letters, numbers and special
               characters exist


NOTE: Because I suck at regex the code below is incomplete and
     does not accurately assess the strength of passwords
     according to the above factors and weightings
    
NOTE: Instead of putting out all the logging information,
     the score, and the verdict it would be nicer to stretch
     a graphic as a method of presenting a visual strength
     guage.

************************************************************ */
function testPassword(passwd)
{
var description = new Array();
description[0] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=30 bgcolor=#ff0000></td><td height=4 width=120 bgcolor=tan></td></tr></table></td><td> &nbsp;&nbsp;<b>Weakest</b></td></tr></table>";
description[1] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=60 bgcolor=#990000></td><td height=4 width=90 bgcolor=tan></td></tr></table></td><td> &nbsp;&nbsp;<b>Weak</b></td></tr></table>";
description[2] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=90 bgcolor=#990099></td><td height=4 width=60 bgcolor=tan></td></tr></table></td><td> &nbsp;&nbsp;<b>Improving</b></td></tr></table>";
description[3] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=120 bgcolor=#000099></td><td height=4 width=30 bgcolor=tan></td></tr></table></td><td> &nbsp;&nbsp;<b>Strong</b></td></tr></table>";
description[4] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=#0000ff></td></tr></table></td><td> &nbsp;&nbsp;<b>Strongest</b></td></tr></table>";
description[5] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> &nbsp;&nbsp;<b>Begin Typing</b></td></tr></table>";

      var intScore   = 0
      var strVerdict = 0
      
      // PASSWORD LENGTH
      if (passwd.length==0 || !passwd.length)                         // length 0
      {
         intScore = -1
      }
      else if (passwd.length>0 && passwd.length<5) // length between 1 and 4
      {
         intScore = (intScore+3)
      }
      else if (passwd.length>4 && passwd.length<8) // length between 5 and 7
      {
         intScore = (intScore+6)
      }
      else if (passwd.length>7 && passwd.length<12)// length between 8 and 15
      {
         intScore = (intScore+12)
      }
      else if (passwd.length>11)                    // length 16 or more
      {
         intScore = (intScore+18)
      }
      
      
      // LETTERS (Not exactly implemented as dictacted above because of my limited understanding of Regex)
      if (passwd.match(/[a-z]/))                              // [verified] at least one lower case letter
      {
         intScore = (intScore+1)
      }
      
      if (passwd.match(/[A-Z]/))                              // [verified] at least one upper case letter
      {
         intScore = (intScore+5)
      }
      
      // NUMBERS
      if (passwd.match(/\d+/))                                 // [verified] at least one number
      {
         intScore = (intScore+5)
      }
      
      if (passwd.match(/(.*[0-9].*[0-9].*[0-9])/))             // [verified] at least three numbers
      {
         intScore = (intScore+5)
      }
      
      
      // SPECIAL CHAR
      if (passwd.match(/.[!,@,#,$,%,^,&,*,?,_,~]/))            // [verified] at least one special character
      {
         intScore = (intScore+5)
      }
      
                                                 // [verified] at least two special characters
      if (passwd.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/))
      {
         intScore = (intScore+5)
      }
   
      
      // COMBOS
      if (passwd.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/))        // [verified] both upper and lower case
      {
         intScore = (intScore+2)
      }

      if (passwd.match(/(\d.*\D)|(\D.*\d)/))                    // [FAILED] both letters and numbers, almost works because an additional character is required
      {
         intScore = (intScore+2)
      }
 
                                                  // [verified] letters, numbers, and special characters
      if (passwd.match(/([a-zA-Z0-9].*[!,@,#,$,%,^,&,*,?,_,~])|([!,@,#,$,%,^,&,*,?,_,~].*[a-zA-Z0-9])/))
      {
         intScore = (intScore+2)
      }
   
   
      if(intScore == -1)
      {
         strVerdict = description[5];
      }
      else if(intScore > -1 && intScore < 16)
      {
         strVerdict = description[0];
      }
      else if (intScore > 15 && intScore < 25)
      {
         strVerdict = description[1];
      }
      else if (intScore > 24 && intScore < 35)
      {
         strVerdict = description[2];
      }
      else if (intScore > 34 && intScore < 45)
      {
         strVerdict = description[3];
      }
      else
      {
         strVerdict = description[4];
      }
   
   document.getElementById("Words").innerHTML= (strVerdict);
   
}
// End-->


Can anybody give me a hint? Thanks in advice!
Find all posts by sphynxView user's profileSend private message
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Thu May 04, 2006 11:20 am Reply with quoteBack to top

I tried to post the javascript for a password checker but it wouldnt let me post it so I have made it available for download at
Password Strength Indicator Javascript

Open includes/javascript.php and paste the javascript underneath the closing ?> tag right at the bottom after everything else.

Next in modules/Your_Account/index.php find in the new_user function:
Code:
       ."<tr><td>"._RETYPEPASSWORD.":</td><td><input type=\"password\" name=\"user_password2\" size=\"11\" maxlength=\"40\"><br><font class=\"tiny\">("._BLANKFORAUTO.")</font></td></tr>\n";


and underneath add:
Code:
       echo "<tr><TABLE style=\"BORDER-RIGHT: black thin solid; BORDER-TOP: black thin solid; FONT-SIZE: 75%; BORDER-LEFT: black thin solid; BORDER-BOTTOM: black thin solid\" cellSpacing=\"0\" cellPadding=\"0\" width=\"100%\">";      
      echo "<TR><TD id=\"pwWeak\" style=\"BORDER-RIGHT: black thin solid\" align=\"center\" width=\"34%\" title=\"Has at least six characters\">Weak Password</TD>";
      echo "<TD id=\"pwMedium\" style=\"BORDER-RIGHT: black thin solid\" align=\"center\" width=\"33%\" title=\"Has a mix of numbers, lower & upper case characters.\">Medium Password</TD>";
      echo "<TD id=\"pwStrong\" align=\"center\" width=\"33%\" title=\"Has numbers, special characters, lower & upper case characters.\">Strong Password</TD></TR></TABLE></tr>\n";


next in same function find:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input type=\"password\" name=\"user_password\" size=\"11\" maxlength=\"40\"></td></tr>\n"


and change to:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input onKeyUp=\"passwordChanged()\" type=\"password\" name=\"user_password\" size=\"11\" maxlength=\"40\"></td></tr>\n"


Thats it. Displays a meter underneath the password which shows the strength of the password and which changes as the user types it in. It wont prevent them from setting a weak password but will help them to choose a stronger one.

The script and code are adapted from the following http://thoughtlabs.net/andrew/tipsandtricks/2005/06/password-strength-indicator.html

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Fri May 05, 2006 2:10 am Reply with quoteBack to top

This is awesome. It works absolutely great in IE. One problem though: it seems not to work under Mozilla Firefox. It surely is the JavaScript's "fault". I know most of this forum's members are PHP guys and not JavaScript developers, so I won't insist on this topic. Still, if anybody can help, I'd appreciate it.

P.S. Sorry for my English. I'm not a native speaker Sad
Find all posts by sphynxView user's profileSend private message
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Fri May 05, 2006 4:46 am Reply with quoteBack to top

For Firefox compatibility, in modules/Your_Account/index.php in the new_user function find:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input onKeyUp=\"passwordChanged()\" type=\"password\" name=\"user_password\" size=\"11\" maxlength=\"40\"></td></tr>\n"


and change to:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input onKeyUp=\"passwordChanged()\" type=\"password\" id=\"user_password\" name=\"user_password\" size=\"11\" maxlength=\"40\"></td></tr>\n"


Basically I have added id=\"user_password\" to the attributes of the password input. This is to comply with DOM level 1 (Firefox) standard

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Fri May 05, 2006 4:51 am Reply with quoteBack to top

I have installed the checker on my own site. If you want to see it working, go to registration at http://www.ulsoft.scarbridge.co.uk

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Fri May 05, 2006 11:33 am Reply with quoteBack to top

Exquisite! Well, it now works under Mozilla FF, too! Good job. Keep it up!
Find all posts by sphynxView user's profileSend private message
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Fri May 05, 2006 12:38 pm Reply with quoteBack to top

Well, although you provided me a good example of how to fulfill the task, I kept on searching on the net (no offense, I'm lind of curious) and I stumbled upon Microsoft's Password Strength Tester located here. I read the source, as I was more and more curious and found this script (cannot post as text, but the link is
here).

The JavaScript event is:

Code:
onKeyUp="EvalPwdStrength(document.forms[0],this.value);"


Can this be ported into the CNB Your Account module?
Find all posts by sphynxView user's profileSend private message
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Sat May 06, 2006 4:46 am Reply with quoteBack to top

Well the Microsoft Password Strength checker is far more complicated than the last one I reported. However, I have managed to port it for PHP-Nuke Your_Account. It needs an additional stylesheet which Microsoft kindly allowed me to download (not like them Very Happy ). It is installed on the registration page at http://www.ulsoft.scarbridge.co.uk if anyone cares to check it out. The strength checking algorithms seem much more robust for this version than for the previous example.

The checker should be able to be ported for CNBYA quite simply.

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Sat May 06, 2006 4:59 am Reply with quoteBack to top

I care Very Happy. Could you share the code? Please?
Find all posts by sphynxView user's profileSend private message
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Sat May 06, 2006 9:08 am Reply with quoteBack to top

Download passwdcheck.js. Copy and paste the javascript to includes/javascript.php right underneath the closing ?> tag. That is underneath any existing code. Download passwdcheck.css and upload the complete file to themes/yourtheme/style and do this for each theme you have on your site.

Next in includes/custom_files/custom_head.php add the following above the final ?> tag:
Code:
echo "<link rel=\"stylesheet\" type=\"text/css\" media=\"screen\" href=\"themes/$ThemeSel/style/passwdcheck.css\">\n";


If you have an older version of PHP-Nuke then the previous will go in includes/my_header.php

Next in modules/Your_Account/index.php find in the new_user function:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input type=\"password\" name=\"user_password\" size=\"11\" maxlength=\"40\"></td></tr>\n"


and change to:
Code:
echo "<tr><td>"._PASSWORD.":</td><td><input onKeyUp=\"EvalPwdStrength(document.forms[0],this.value);\" type=\"password\" id=\"inputPC\" name=\"user_password\" size=\"40\" maxlength=\"40\"></td></tr>\n"


Next in same file and function find:
Code:
   if (extension_loaded("gd") AND ($gfx_chk == 3 OR $gfx_chk == 4 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
         echo "<tr><td>"._SECURITYCODE.":</td><td><img src='?gfx=gfx&amp;random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"
           ."<tr><td>"._TYPESECCODE.":</td><td><input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>\n"
           ."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
   }


and underneath add:
Code:
   echo "<tr><td class=\"pwdChkTd1\" align=\"right\">Password Strength:</td><td valign=\"top\" class=\"pwdChkTd2\"><table cellpadding=\"0\" cellspacing=\"0\" class=\"pwdChkTbl2\"><tr><td id=\"idSM1\" width=\"25%\" class=\"pwdChkCon0\" align=\"center\"><span style=\"font-size:1px\"></span><span id=\"idSMT1\" style=\"display:none;\">Weak</span></td><td id=\"idSM2\" width=\"25%\" class=\"pwdChkCon0\" align=\"center\" style=\"border-left:solid 1px #fff\"><span style=\"font-size:1px\"> </span><span id=\"idSMT0\" style=\"display:inline;font-weight:normal;color:#666\">Not rated</span><span id=\"idSMT2\" style=\"display:none;\">Medium</span></td><td id=\"idSM3\" width=\"25%\" class=\"pwdChkCon0\" align=\"center\" style=\"border-left:solid 1px #fff\"><span style=\"font-size:1px\"></span><span id=\"idSMT3\" style=\"display:none;\">Strong</span></td><td id=\"idSM4\" width=\"25%\" class=\"pwdChkCon0\" align=\"center\" style=\"border-left:solid 1px #fff\"><span style=\"font-size:1px\"></span><span id=\"idSMT4\" style=\"display:none;\">BEST</span></td></tr></table></td></tr>";


The last two code changes will be made in modules/Your_Account/public/new_user1.php, new_user2.php and new_user3.php for CNBYA

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
sphynx
Nuke Soldier
Nuke Soldier


Joined: Mar 18, 2005
Posts: 10


PostPosted: Sun May 07, 2006 12:12 am Reply with quoteBack to top

Well, it works. I am curious if site admins would include the script from now on. It seems a good tool to me, and most important, would make users aware of the weakness/strength of their passwords. This is a concept people should get used to.

Well, this might be the last post in the topic. I want you to know that I appreciate your help and promptitude im solving this issue.

All the best,
Sphynx.
Find all posts by sphynxView user's profileSend private message
Dauthus
Sergeant
Sergeant


Joined: Feb 12, 2003
Posts: 82

Location: USA

PostPosted: Tue May 16, 2006 8:00 pm Reply with quoteBack to top

Works perfectly, but for some reason it is almost hidden in my forums. Guess I will try and tweak the css and see what I come up with.

_________________
Image
Vivere disce, cogita mori
Find all posts by DauthusView user's profileSend private messageVisit poster's website
TAC_Double
Nuke Soldier
Nuke Soldier


Joined: Nov 08, 2003
Posts: 11


PostPosted: Tue Jan 23, 2007 11:29 am Reply with quoteBack to top

Is there a wat to add this into 7.9? I do not have a file called custom_head.php or my_header.php. Would love to add this to my site
Find all posts by TAC_DoubleView user's profileSend private message
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Sat Jan 27, 2007 2:57 am Reply with quoteBack to top

Here is a blank custom_head.php. Make your mods in this file and upload to the includes/custom_files directory of your site.

Code:
<?php

/************************************************************************/
/* PHP-NUKE: Web Portal System                                          */
/* ===========================                                          */
/*                                                                      */
/* Copyright (c) 2004 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/

if (stristr(htmlentities($_SERVER['PHP_SELF']), "custom_head.php")) {
    Header("Location: ../index.php");
    die();
}

/*
   This file is to customize whatever stuff you need to include in your site
   when the header loads. This can be used for third party banners, custom
   javascript, popup windows, etc. With this file you don't need to edit
   system code each time you upgrade to a new version. Just remember, in case
   you add code here to not overwrite this file when updating!
   Whatever you put here will be between <head> and </head> tags.
*/

?>


A word of WARNING. The copy/paste process seems to add invisible blank characters to the ends of codelines. These MUST be removed using a decent text editor before uploading modified files to your site. I use Crimson Editor

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
TAC_Double
Nuke Soldier
Nuke Soldier


Joined: Nov 08, 2003
Posts: 11


PostPosted: Sat Jan 27, 2007 6:06 am Reply with quoteBack to top

Thanks for the code.... I will check it out tonight.
Find all posts by TAC_DoubleView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.078 Seconds - 365 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::