diff --git a/inc/auth.php b/inc/auth.php
index 1f8489f03fe8e195bb27974cc790e72db7b8aa2d..6107645cdcd232a3653d064bb575de71929e93b2 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -678,27 +678,41 @@ function auth_nameencode($name, $skip_group = false) {
/**
* Create a pronouncable password
*
- * @author Andreas Gohr <andi@splitbrain.org>
- * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451
+ * The $foruser variable might be used by plugins to run additional password
+ * policy checks, but is not used by the default implementation
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451
+ * @triggers AUTH_PASSWORD_GENERATE
*
+ * @param string $foruser username for which the password is generated
* @return string pronouncable password
*/
-function auth_pwgen() {
- $pw = '';
- $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
- $v = 'aeiou'; //vowels
- $a = $c.$v; //both
-
- //use two syllables...
- for($i = 0; $i < 2; $i++) {
- $pw .= $c[rand(0, strlen($c) - 1)];
- $pw .= $v[rand(0, strlen($v) - 1)];
- $pw .= $a[rand(0, strlen($a) - 1)];
+function auth_pwgen($foruser = '') {
+ $data = array(
+ 'password' => '',
+ 'foruser' => $foruser
+ );
+
+ $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data);
+ if($evt->advise_before(true)) {
+ $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
+ $v = 'aeiou'; //vowels
+ $a = $c.$v; //both
+ $s = '!$%&?+*~#-_:.;,'; // specials
+
+ //use thre syllables...
+ for($i = 0; $i < 3; $i++) {
+ $data['password'] .= $c[mt_rand(0, strlen($c) - 1)];
+ $data['password'] .= $v[mt_rand(0, strlen($v) - 1)];
+ $data['password'] .= $a[mt_rand(0, strlen($a) - 1)];
+ }
+ //... and add a nice number and special
+ $data['password'] .= mt_rand(10, 99).$s[mt_rand(0, strlen($s) - 1)];
}
- //... and add a nice number
- $pw .= rand(10, 99);
+ $evt->advise_after();
- return $pw;
+ return $data['password'];
}
/**
@@ -765,7 +779,7 @@ function register() {
}
if($conf['autopasswd']) {
- $pass = auth_pwgen(); // automatically generate password
+ $pass = auth_pwgen($login); // automatically generate password
} elseif(empty($pass) || empty($passchk)) {
msg($lang['regmissing'], -1); // complain about missing passwords
return false;
@@ -958,7 +972,7 @@ function act_resendpwd() {
} else { // autogenerate the password and send by mail
- $pass = auth_pwgen();
+ $pass = auth_pwgen($user);
if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
msg('error modifying user data', -1);
return false;
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 01f4a4cdb20be1ed6f84c3bbc3e7e92a66bf45f8..445836a50da8539a38be308c6d1432d8f03fe66b 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -355,7 +355,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
if ($this->_auth->canDo('modPass')){
if (empty($pass)){
if($INPUT->has('usernotify')){
- $pass = auth_pwgen();
+ $pass = auth_pwgen($user);
} else {
msg($this->lang['add_fail'], -1);
return false;
@@ -496,7 +496,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
// generate password if left empty and notification is on
if($INPUT->has('usernotify') && empty($newpass)){
- $newpass = auth_pwgen();
+ $newpass = auth_pwgen($olduser);
}
if (!empty($newpass) && $this->_auth->canDo('modPass'))