Index: wp-admin/includes/user.php =================================================================== --- wp-admin/includes/user.php (revision 6752) +++ wp-admin/includes/user.php (working copy) @@ -101,6 +101,9 @@ /* checking the password has been typed twice the same */ if ( $pass1 != $pass2 ) $errors->add( 'pass', __( 'ERROR: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) ); + + /* Check password strength */ + if ( get_option("strong_passwords") == 1 && wp_test_password($pass1) != "") $errors->add( 'pass', __('ERROR: ') .wp_test_password($pass1), array( 'form-field' => 'pass1' ) ); if (!empty ( $pass1 )) $user->user_pass = $pass1; Index: wp-admin/js/password-strength-meter.js =================================================================== --- wp-admin/js/password-strength-meter.js (revision 6752) +++ wp-admin/js/password-strength-meter.js (working copy) @@ -1,162 +1,71 @@ -// Password strength meter -// This jQuery plugin is written by firas kassem [2007.04.05] -// Firas Kassem phiras.wordpress.com || phiras at gmail {dot} com -// for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/ - -var shortPass = 'Too short' -var badPass = 'Bad' -var goodPass = 'Good' -var strongPass = 'Strong' - - - -function passwordStrength(password,username) +function passwordStrength(password) { - score = 0 - - //password < 4 - if (password.length < 4 ) { return shortPass } - - //password == username - if (password.toLowerCase()==username.toLowerCase()) return badPass - - //password length - score += password.length * 4 - score += ( checkRepetition(1,password).length - password.length ) * 1 - score += ( checkRepetition(2,password).length - password.length ) * 1 - score += ( checkRepetition(3,password).length - password.length ) * 1 - score += ( checkRepetition(4,password).length - password.length ) * 1 + var desc = new Array(); + desc[0] = "Too Short"; + desc[1] = "Very Weak"; + desc[2] = "Weak"; + desc[3] = "Medium"; + desc[4] = "Better"; + desc[5] = "Strong"; + desc[6] = "Very Strong"; - //password has 3 numbers - if (password.match(/(.*[0-9].*[0-9].*[0-9])/)) score += 5 - - //password has 2 sybols - if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5 - - //password has Upper and Lower chars - if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) score += 10 - - //password has number and chars - if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/)) score += 15 - // - //password has number and symbol - if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/)) score += 15 - - //password has char and symbol - if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/)) score += 15 - - //password is just a nubers or chars - if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10 - - //verifing 0 < score < 100 - if ( score < 0 ) score = 0 - if ( score > 100 ) score = 100 - - if (score < 34 ) return badPass - if (score < 68 ) return goodPass - return strongPass -} + var strength = 100; + var score = 0; + + if ( password.length <= 7 ) + strength -= ( password.length * 5 ); + + if ( password.length > 7 ) + strength -= ( ( password.length * 10 ) - ( 7 * 5 ) ); + + var characters = ""; + var nNumbers = 0; + var nLowercase = 0; + var nUppercase = 0; + var nSymbols = 0; + + for ( i = 0; i < password.length; i++ ) + { + characters = password.charAt(i); + if ( characters >= "0" && characters <= "9" ) nNumbers++; + else if ( characters >= "a" && characters <= "z" ) nLowercase++; + else if ( characters >= "A" && characters <= "Z" ) nUppercase++; + else nSymbols++; + } + + if ( nLowercase > 0 ) + strength -= ( nLowercase * 1 ); + + if ( nUppercase >= 1 ) + strength -= ( nUppercase * 3 ); + + if ( nNumbers >= 1 ) + strength -= ( nNumbers * 7 ); + + if ( nSymbols >= 1 ) + strength -= ( nSymbols * 10 ); + + //verifing 0 < strength < 100 + if ( strength < 0 ) strength = 0; + if ( strength > 100 ) strength = 100; + var lca = password.match(/[a-z]/); + var uca = password.match(/[A-Z]/); + var nmb = password.match(/[0-9]/); + var smb = password.match(/[~,!,@,#,$,%,^,&,*,(,),\-,_,\=,\+,\[,\],\{,\},\;,\:,\,,\.,\/,\<,\>,?,\|,\',\",\`]/) -// checkRepetition(1,'aaaaaaabcbc') = 'abcbc' -// checkRepetition(2,'aaaaaaabcbc') = 'aabc' -// checkRepetition(2,'aaaaaaabcdbcd') = 'aabcd' - -function checkRepetition(pLen,str) { - res = "" - for ( i=0; i 100 ) score = 100 - - if (score < 34 ) return badPass - if (score < 68 ) return goodPass - return strongPass -} - - -// checkRepetition(1,'aaaaaaabcbc') = 'abcbc' -// checkRepetition(2,'aaaaaaabcbc') = 'aabc' -// checkRepetition(2,'aaaaaaabcdbcd') = 'aabcd' - -function checkRepetition(pLen,str) { - res = "" - for ( i=0; i= 7 ) && ( ( ( lca ) && ( uca ) && ( nmb ) ) || ( ( lca ) && ( uca ) && ( smb ) ) || ( ( lca ) && ( nmb ) && ( smb ) ) || ( ( uca ) && ( nmb ) && ( smb ) ) ) ) score++; + if ( ( strength <= 35 ) && ( password.length >= 7 ) && ( lca ) && ( uca ) && ( nmb ) && ( smb ) ) score++; + if ( ( strength <= 24 ) && ( password.length >= 12 ) && ( lca ) && ( uca ) && ( nmb ) && ( smb ) ) score++; + + if ( ( password.length > 0 ) && ( score <= 3 ) ) + document.getElementById("submit").disabled = true; + else + document.getElementById("submit").disabled = false; + + document.getElementById("passwordDescription").innerHTML = desc[score]; + document.getElementById("passwordStrength").className = "strength" + score; +} \ No newline at end of file Index: wp-admin/options-general.php =================================================================== --- wp-admin/options-general.php (revision 6752) +++ wp-admin/options-general.php (working copy) @@ -54,6 +54,12 @@ + + + + UTC time is:') ?> @@ -92,7 +98,7 @@

- +

Index: wp-admin/user-edit.php =================================================================== --- wp-admin/user-edit.php (revision 6752) +++ wp-admin/user-edit.php (working copy) @@ -9,40 +9,52 @@ function profile_js ( ) { ?> -

-
-

+

Password not entered
+

+

+

MUST have a strength of "Better," "Strong," or "Very Strong" to change your password.'); ?>

@@ -300,7 +314,7 @@

- +

Index: wp-admin/wp-admin.css =================================================================== --- wp-admin/wp-admin.css (revision 6752) +++ wp-admin/wp-admin.css (working copy) @@ -772,32 +772,45 @@ color: #036; } -#pass-strength-result { - padding: 3px 5px 3px 5px; - margin-top: 3px; - text-align: center; - background-color: #e3e3e3; - border: 1px solid #000000; +#passwordStrength { + height:10px; + display:block; + float:left; } - -#pass-strength-result.short { - background-color: #e3e3e3; - border: 1px solid #000000; + +.strength0 { + width:102%; + background:#cccccc; } - -#pass-strength-result.bad { - background-color: #ffeff7; - border: 1px solid #cc6699; + +.strength1 { + width:17%; + background:#ff0000; } + +.strength2 { + width:34%; + background:#ff5f5f; +} + +.strength3 { + width:51%; + background:#ffff66; +} + +.strength4 { + width:68%; + background:#aefe36; +} -#pass-strength-result.good { - background-color: #effff4; - border: 1px solid #66cc87; +.strength5 { + background:#4dcd00; + width:85%; } -#pass-strength-result.strong { - background-color: #59ef86; - border: 1px solid #319f52; +.strength6 { + background:#308000; + width:102%; } a.view-comment-post-link { Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 6752) +++ wp-includes/pluggable.php (working copy) @@ -973,6 +973,33 @@ } endif; +if ( !function_exists('wp_test_password') ) : +function wp_test_password($password) { + $error = ""; + + // Check that the password containes lowercase and uppercase letters, numbers, and symbols + $lowercase = false; + $uppercase = false; + $numbers = false; + $symbols = false; + for($i=0;$i 96 && ord(substr($password,$i,1)) < 123); + $uppercase = $uppercase || (ord(substr($password,$i,1)) > 64 && ord(substr($password,$i,1)) < 91); + $numbers = $numbers || (ord(substr($password,$i,1)) > 47 && ord(substr($password,$i,1)) < 58); + $symbols = $symbols || ((ord(substr($password,$i,1)) > 32 && ord(substr($password,$i,1)) < 48) || (ord(substr($password,$i,1)) > 57 && ord(substr($password,$i,1)) < 65) || (ord(substr($password,$i,1)) > 90 && ord(substr($password,$i,1)) < 97) || (ord(substr($password,$i,1)) > 122 && ord(substr($password,$i,1)) < 127)); + } + + if (!($lowercase)) $error .= __("The password does not contain lowercase letters
\n"); + if (!($uppercase)) $error .= __("The password does not contain uppercase letters
\n"); + if (!($numbers)) $error .= __("The password does not contain numbers
\n"); + if (!($symbols)) $error .= __("The password does not contain symbols
\n"); + + // Check password length + if(strlen($password) < 7) $error .= __("The password is not long enough
\n"); + return $error; +} +endif; + if ( !function_exists('wp_salt') ) : /** * wp_salt() - Get salt to add to hashes to help prevent attacks Index: wp-includes/script-loader.php =================================================================== --- wp-includes/script-loader.php (revision 6752) +++ wp-includes/script-loader.php (working copy) @@ -121,9 +121,12 @@ $this->add( 'password-strength-meter', '/wp-admin/js/password-strength-meter.js', array('jquery'), '20070405' ); $this->localize( 'password-strength-meter', 'pwsL10n', array( 'short' => __('Too short'), - 'bad' => __('Bad'), - 'good' => __('Good'), - 'strong' => __('Strong') + 'vweak' => __('Very Weak'), + 'weak' => __('Weak'), + 'medium' => __('Medium'), + 'better' => __('Better'), + 'strong' => __('Strong'), + 'vstrong' => __('Very Strong') ) ); $this->add( 'admin-comments', '/wp-admin/js/edit-comments.js', array('wp-lists'), '20071104' ); $this->add( 'admin-posts', '/wp-admin/js/edit-posts.js', array('wp-lists'), '20071023' );