Ticket #4470: password-strength-meter-revised2.diff
| File password-strength-meter-revised2.diff, 18.2 KB (added by JDTrower, 4 years ago) |
|---|
-
wp-admin/includes/user.php
101 101 /* checking the password has been typed twice the same */ 102 102 if ( $pass1 != $pass2 ) 103 103 $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) ); 104 105 /* Check password strength */ 106 if ( get_option("strong_passwords") == 1 && wp_test_password($pass1) != "") $errors->add( 'pass', __('<strong>ERROR</strong>: ') .wp_test_password($pass1), array( 'form-field' => 'pass1' ) ); 104 107 105 108 if (!empty ( $pass1 )) 106 109 $user->user_pass = $pass1; -
wp-admin/js/password-strength-meter.js
1 // Password strength meter 2 // This jQuery plugin is written by firas kassem [2007.04.05] 3 // Firas Kassem phiras.wordpress.com || phiras at gmail {dot} com 4 // for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/ 5 6 var shortPass = 'Too short' 7 var badPass = 'Bad' 8 var goodPass = 'Good' 9 var strongPass = 'Strong' 10 11 12 13 function passwordStrength(password,username) 1 function passwordStrength(password) 14 2 { 15 score = 0 16 17 //password < 4 18 if (password.length < 4 ) { return shortPass } 19 20 //password == username 21 if (password.toLowerCase()==username.toLowerCase()) return badPass 22 23 //password length 24 score += password.length * 4 25 score += ( checkRepetition(1,password).length - password.length ) * 1 26 score += ( checkRepetition(2,password).length - password.length ) * 1 27 score += ( checkRepetition(3,password).length - password.length ) * 1 28 score += ( checkRepetition(4,password).length - password.length ) * 1 3 var desc = new Array(); 4 desc[0] = "Too Short"; 5 desc[1] = "Very Weak"; 6 desc[2] = "Weak"; 7 desc[3] = "Medium"; 8 desc[4] = "Better"; 9 desc[5] = "Strong"; 10 desc[6] = "Very Strong"; 29 11 30 //password has 3 numbers 31 if (password.match(/(.*[0-9].*[0-9].*[0-9])/)) score += 5 32 33 //password has 2 sybols 34 if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5 35 36 //password has Upper and Lower chars 37 if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) score += 10 38 39 //password has number and chars 40 if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/)) score += 15 41 // 42 //password has number and symbol 43 if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/)) score += 15 44 45 //password has char and symbol 46 if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/)) score += 15 47 48 //password is just a nubers or chars 49 if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10 50 51 //verifing 0 < score < 100 52 if ( score < 0 ) score = 0 53 if ( score > 100 ) score = 100 54 55 if (score < 34 ) return badPass 56 if (score < 68 ) return goodPass 57 return strongPass 58 } 12 var strength = 100; 13 var score = 0; 14 15 if ( password.length <= 7 ) 16 strength -= ( password.length * 5 ); 17 18 if ( password.length > 7 ) 19 strength -= ( ( password.length * 10 ) - ( 7 * 5 ) ); 20 21 var characters = ""; 22 var nNumbers = 0; 23 var nLowercase = 0; 24 var nUppercase = 0; 25 var nSymbols = 0; 26 27 for ( i = 0; i < password.length; i++ ) 28 { 29 characters = password.charAt(i); 30 if ( characters >= "0" && characters <= "9" ) nNumbers++; 31 else if ( characters >= "a" && characters <= "z" ) nLowercase++; 32 else if ( characters >= "A" && characters <= "Z" ) nUppercase++; 33 else nSymbols++; 34 } 35 36 if ( nLowercase > 0 ) 37 strength -= ( nLowercase * 1 ); 38 39 if ( nUppercase >= 1 ) 40 strength -= ( nUppercase * 3 ); 41 42 if ( nNumbers >= 1 ) 43 strength -= ( nNumbers * 7 ); 44 45 if ( nSymbols >= 1 ) 46 strength -= ( nSymbols * 10 ); 47 48 //verifing 0 < strength < 100 49 if ( strength < 0 ) strength = 0; 50 if ( strength > 100 ) strength = 100; 59 51 52 var lca = password.match(/[a-z]/); 53 var uca = password.match(/[A-Z]/); 54 var nmb = password.match(/[0-9]/); 55 var smb = password.match(/[~,!,@,#,$,%,^,&,*,(,),\-,_,\=,\+,\[,\],\{,\},\;,\:,\,,\.,\/,\<,\>,?,\|,\',\",\`]/) 60 56 61 // checkRepetition(1,'aaaaaaabcbc') = 'abcbc' 62 // checkRepetition(2,'aaaaaaabcbc') = 'aabc' 63 // checkRepetition(2,'aaaaaaabcdbcd') = 'aabcd' 64 65 function checkRepetition(pLen,str) { 66 res = "" 67 for ( i=0; i<str.length ; i++ ) { 68 repeated=true 69 for (j=0;j < pLen && (j+i+pLen) < str.length;j++) 70 repeated=repeated && (str.charAt(j+i)==str.charAt(j+i+pLen)) 71 if (j<pLen) repeated=false 72 if (repeated) { 73 i+=pLen-1 74 repeated=false 75 } 76 else { 77 res+=str.charAt(i) 78 } 79 } 80 return res 81 } 82 // Password strength meter 83 // This jQuery plugin is written by firas kassem [2007.04.05] 84 // Firas Kassem phiras.wordpress.com || phiras at gmail {dot} com 85 // for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/ 86 87 var shortPass = 'Too short' 88 var badPass = 'Bad' 89 var goodPass = 'Good' 90 var strongPass = 'Strong' 91 92 93 94 function passwordStrength(password,username) 95 { 96 score = 0 97 98 //password < 4 99 if (password.length < 4 ) { return shortPass } 100 101 //password == username 102 if (password.toLowerCase()==username.toLowerCase()) return badPass 103 104 //password length 105 score += password.length * 4 106 score += ( checkRepetition(1,password).length - password.length ) * 1 107 score += ( checkRepetition(2,password).length - password.length ) * 1 108 score += ( checkRepetition(3,password).length - password.length ) * 1 109 score += ( checkRepetition(4,password).length - password.length ) * 1 110 111 //password has 3 numbers 112 if (password.match(/(.*[0-9].*[0-9].*[0-9])/)) score += 5 113 114 //password has 2 sybols 115 if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5 116 117 //password has Upper and Lower chars 118 if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) score += 10 119 120 //password has number and chars 121 if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/)) score += 15 122 // 123 //password has number and symbol 124 if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/)) score += 15 125 126 //password has char and symbol 127 if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/)) score += 15 128 129 //password is just a nubers or chars 130 if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10 131 132 //verifing 0 < score < 100 133 if ( score < 0 ) score = 0 134 if ( score > 100 ) score = 100 135 136 if (score < 34 ) return badPass 137 if (score < 68 ) return goodPass 138 return strongPass 139 } 140 141 142 // checkRepetition(1,'aaaaaaabcbc') = 'abcbc' 143 // checkRepetition(2,'aaaaaaabcbc') = 'aabc' 144 // checkRepetition(2,'aaaaaaabcdbcd') = 'aabcd' 145 146 function checkRepetition(pLen,str) { 147 res = "" 148 for ( i=0; i<str.length ; i++ ) { 149 repeated=true 150 for (j=0;j < pLen && (j+i+pLen) < str.length;j++) 151 repeated=repeated && (str.charAt(j+i)==str.charAt(j+i+pLen)) 152 if (j<pLen) repeated=false 153 if (repeated) { 154 i+=pLen-1 155 repeated=false 156 } 157 else { 158 res+=str.charAt(i) 159 } 160 } 161 return res 162 } 57 if ( ( strength <= 100 ) && ( ( lca ) || ( uca ) || ( nmb ) || ( smb ) ) ) score ++; 58 if ( ( strength <= 58 ) && ( ( ( lca ) && ( uca ) ) || ( ( lca ) && ( nmb ) ) || ( ( lca ) && ( smb ) ) || ( ( uca ) && ( nmb ) ) || ( ( uca ) && ( smb ) ) || ( ( nmb ) && ( smb ) ) ) ) score++; 59 if ( ( strength <= 54 ) && ( ( ( lca ) && ( uca ) && ( nmb ) ) || ( ( lca ) && ( uca ) && ( smb ) ) || ( ( lca ) && ( nmb ) && ( smb ) ) || ( ( uca ) && ( nmb ) && ( smb ) ) ) ) score++; 60 if ( ( strength <= 48 ) && ( password.length >= 7 ) && ( ( ( lca ) && ( uca ) && ( nmb ) ) || ( ( lca ) && ( uca ) && ( smb ) ) || ( ( lca ) && ( nmb ) && ( smb ) ) || ( ( uca ) && ( nmb ) && ( smb ) ) ) ) score++; 61 if ( ( strength <= 35 ) && ( password.length >= 7 ) && ( lca ) && ( uca ) && ( nmb ) && ( smb ) ) score++; 62 if ( ( strength <= 24 ) && ( password.length >= 12 ) && ( lca ) && ( uca ) && ( nmb ) && ( smb ) ) score++; 63 64 if ( ( password.length > 0 ) && ( score <= 3 ) ) 65 document.getElementById("submit").disabled = true; 66 else 67 document.getElementById("submit").disabled = false; 68 69 document.getElementById("passwordDescription").innerHTML = desc[score]; 70 document.getElementById("passwordStrength").className = "strength" + score; 71 } 72 No newline at end of file -
wp-admin/options-general.php
54 54 <select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select></label> 55 55 </td> 56 56 </tr> 57 <tr valign="top"> 58 <th scope="row"><?php _e('Security:') ?></th> 59 <td><label for="strong_passwords"> 60 <input name="strong_passwords" type="checkbox" id="strong_passwords" value="1" <?php checked('1', get_option('strong_passwords')); ?> /> 61 <?php _e('Enforce Strong Passwords') ?></label> 62 </td> 57 63 <tr> 58 64 <th scope="row"><?php _e('<abbr title="Coordinated Universal Time">UTC</abbr> time is:') ?> </th> 59 65 <td><code><?php echo gmdate(__('Y-m-d g:i:s a')); ?></code></td> … … 92 98 93 99 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options »') ?>" /> 94 100 <input type="hidden" name="action" value="update" /> 95 <input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role " />101 <input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role,strong_passwords" /> 96 102 </p> 97 103 </form> 98 104 -
wp-admin/user-edit.php
9 9 10 10 function profile_js ( ) { 11 11 ?> 12 <script type="text/javascript"> 13 function check_pass_strength ( ) { 14 15 var pass = jQuery('#pass1').val(); 16 var user = jQuery('#user_login').val(); 17 18 // get the result as an object, i'm tired of typing it 19 var res = jQuery('#pass-strength-result'); 20 21 var strength = passwordStrength(pass, user); 22 23 jQuery(res).removeClass('short bad good strong'); 24 25 if ( strength == 'Bad' ) { 26 jQuery(res).addClass('bad'); 27 jQuery(res).html( pwsL10n.bad ); 28 } 29 else if ( strength == 'Good' ) { 30 jQuery(res).addClass('good'); 31 jQuery(res).html( pwsL10n.good ); 32 } 33 else if ( strength == 'Strong' ) { 34 jQuery(res).addClass('strong'); 35 jQuery(res).html( pwsL10n.strong ); 36 } 37 else { 38 // this catches 'Too short' and the off chance anything else comes along 39 jQuery(res).addClass('short'); 40 jQuery(res).html( pwsL10n.short ); 41 } 42 43 } 44 45 jQuery(document).ready( function() { jQuery('#pass1').keyup( check_pass_strength ) } ); 12 <script type="text/javascript"> 13 function check_pass_strength ( ) { 14 15 var pass = jQuery('#pass1').val(); 16 var user = jQuery('#user_login').val(); 17 18 // get the result as an object, i'm tired of typing it 19 var res = jQuery('#pass-strength-result'); 20 21 var strength = passwordStrength(pass, user); 22 23 jQuery(res).removeClass('short vweak weak medium better strong vstrong'); 24 25 if ( strength == 'Very Weak' ) { 26 jQuery(res).addClass('vweak'); 27 jQuery(res).html( pwsL10n.vweak ); 28 } 29 else if ( strength == 'Weak' ) { 30 jQuery(res).addClass('weak'); 31 jQuery(res).html( pwsL10n.weak ); 32 } 33 else if ( strength == 'Medium' ) { 34 jQuery(res).addClass('medium'); 35 jQuery(res).html( pwsL10n.medium ); 36 } 37 else if ( strength == 'Better' ) { 38 jQuery(res).addClass('better'); 39 jQuery(res).html( pwsL10n.better ); 40 } 41 else if ( strength == 'Strong' ) { 42 jQuery(res).addClass('strong'); 43 jQuery(res).html( pwsL10n.strong ); 44 } 45 else if ( strength == 'Very Strong' ) { 46 jQuery(res).addClass('vstrong'); 47 jQuery(res).html( pwsL10n.vstrong ); 48 } 49 else { 50 // this catches 'Too short' and the off chance anything else comes along 51 jQuery(res).addClass('short'); 52 jQuery(res).html( pwsL10n.short ); 53 } 54 55 } 56 57 jQuery(document).ready( function() { jQuery('#pass1').keyup( check_pass_strength ) } ); 46 58 </script> 47 59 <?php 48 60 } … … 261 273 </label></p> 262 274 <?php if ( $is_profile_page ): ?> 263 275 <p><strong><?php _e('Password Strength:'); ?></strong></p> 264 <div id="pass-strength-result"><?php _e('Too short'); ?></div> 265 <p><?php _e('Hint: Use upper and lower case characters, numbers and symbols like !"?$%^&( in your password.'); ?></p> 276 <p><div id="passwordDescription">Password not entered</div> 277 <div id="passwordStrength" class="strength0"></div></p> 278 <p><?php _e('Hint: You must use upper and lower case characters as well as numbers and/or symbols in your password with a minimum password length of 7 characters.'); ?></p> 279 <p><?php _e('You <strong>MUST</strong> have a strength of "Better," "Strong," or "Very Strong" to change your password.'); ?></p> 266 280 <?php endif; ?> 267 281 </fieldset> 268 282 <?php endif; ?> … … 300 314 <p class="submit"> 301 315 <input type="hidden" name="action" value="update" /> 302 316 <input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" /> 303 <input type="submit" value="<?php $is_profile_page? _e('Update Profile »') : _e('Update User »') ?>" name="submit" />317 <input type="submit" value="<?php $is_profile_page? _e('Update Profile »') : _e('Update User »') ?>" name="submit" id="submit" /> 304 318 </p> 305 319 </form> 306 320 </div> -
wp-admin/wp-admin.css
772 772 color: #036; 773 773 } 774 774 775 #pass-strength-result { 776 padding: 3px 5px 3px 5px; 777 margin-top: 3px; 778 text-align: center; 779 background-color: #e3e3e3; 780 border: 1px solid #000000; 775 #passwordStrength { 776 height:10px; 777 display:block; 778 float:left; 781 779 } 782 783 #pass-strength-result.short { 784 background-color: #e3e3e3;785 b order: 1px solid #000000;780 781 .strength0 { 782 width:102%; 783 background:#cccccc; 786 784 } 787 788 #pass-strength-result.bad { 789 background-color: #ffeff7;790 b order: 1px solid #cc6699;785 786 .strength1 { 787 width:17%; 788 background:#ff0000; 791 789 } 790 791 .strength2 { 792 width:34%; 793 background:#ff5f5f; 794 } 795 796 .strength3 { 797 width:51%; 798 background:#ffff66; 799 } 800 801 .strength4 { 802 width:68%; 803 background:#aefe36; 804 } 792 805 793 #pass-strength-result.good { 794 background -color: #effff4;795 border: 1px solid #66cc87;806 .strength5 { 807 background:#4dcd00; 808 width:85%; 796 809 } 797 810 798 #pass-strength-result.strong { 799 background -color: #59ef86;800 border: 1px solid #319f52;811 .strength6 { 812 background:#308000; 813 width:102%; 801 814 } 802 815 803 816 a.view-comment-post-link { -
wp-includes/pluggable.php
973 973 } 974 974 endif; 975 975 976 if ( !function_exists('wp_test_password') ) : 977 function wp_test_password($password) { 978 $error = ""; 979 980 // Check that the password containes lowercase and uppercase letters, numbers, and symbols 981 $lowercase = false; 982 $uppercase = false; 983 $numbers = false; 984 $symbols = false; 985 for($i=0;$i<strlen($password) && !($lowercase && $uppercase && $numbers && $symbols);$i++){ 986 $lowercase = $lowercase || (ord(substr($password,$i,1)) > 96 && ord(substr($password,$i,1)) < 123); 987 $uppercase = $uppercase || (ord(substr($password,$i,1)) > 64 && ord(substr($password,$i,1)) < 91); 988 $numbers = $numbers || (ord(substr($password,$i,1)) > 47 && ord(substr($password,$i,1)) < 58); 989 $symbols = $symbols || ((ord(substr($password,$i,1)) > 32 && ord(substr($password,$i,1)) < 48) || (ord(substr($password,$i,1)) > 57 && ord(substr($password,$i,1)) < 65) || (ord(substr($password,$i,1)) > 90 && ord(substr($password,$i,1)) < 97) || (ord(substr($password,$i,1)) > 122 && ord(substr($password,$i,1)) < 127)); 990 } 991 992 if (!($lowercase)) $error .= __("The password does not contain lowercase letters<br/>\n"); 993 if (!($uppercase)) $error .= __("The password does not contain uppercase letters<br/>\n"); 994 if (!($numbers)) $error .= __("The password does not contain numbers<br/>\n"); 995 if (!($symbols)) $error .= __("The password does not contain symbols<br/>\n"); 996 997 // Check password length 998 if(strlen($password) < 7) $error .= __("The password is not long enough<br/>\n"); 999 return $error; 1000 } 1001 endif; 1002 976 1003 if ( !function_exists('wp_salt') ) : 977 1004 /** 978 1005 * wp_salt() - Get salt to add to hashes to help prevent attacks -
wp-includes/script-loader.php
121 121 $this->add( 'password-strength-meter', '/wp-admin/js/password-strength-meter.js', array('jquery'), '20070405' ); 122 122 $this->localize( 'password-strength-meter', 'pwsL10n', array( 123 123 'short' => __('Too short'), 124 'bad' => __('Bad'), 125 'good' => __('Good'), 126 'strong' => __('Strong') 124 'vweak' => __('Very Weak'), 125 'weak' => __('Weak'), 126 'medium' => __('Medium'), 127 'better' => __('Better'), 128 'strong' => __('Strong'), 129 'vstrong' => __('Very Strong') 127 130 ) ); 128 131 $this->add( 'admin-comments', '/wp-admin/js/edit-comments.js', array('wp-lists'), '20071104' ); 129 132 $this->add( 'admin-posts', '/wp-admin/js/edit-posts.js', array('wp-lists'), '20071023' );
