From 8a285f7fa7f09ae969e12cf4b7bda0f5123bb0fb Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 9 Jun 2013 02:29:27 +0200
Subject: [PATCH] AUTH_PASSWORD_GENERATE event added
This is needed to replace the password generator by a plugin
implementation. Related to PR #166 and FS#2147
---
inc/auth.php | 45 ++++++++++++++++++++-----------
lib/plugins/usermanager/admin.php | 4 +--
2 files changed, 31 insertions(+), 18 deletions(-)
diff --git a/inc/auth.php b/inc/auth.php
index 1f8489f03..82a6b46cd 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -678,27 +678,40 @@ function auth_nameencode($name, $skip_group = false) {
/**
* Create a pronouncable password
*
+ * The $foruser variable might be used by plugins to run additional password
+ * policy checks, but is not used by the default implementation
+ *
* @author Andreas Gohr <andi@splitbrain.org>
* @link http://www.phpbuilder.com/annotate/message.php3?id=1014451
+ * @triggers AUTH_PASSWORD_GENERATE
*
+ * @param string $foruser username for which the password is generated
* @return string pronouncable password
*/
-function auth_pwgen() {
- $pw = '';
- $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
- $v = 'aeiou'; //vowels
- $a = $c.$v; //both
-
- //use two syllables...
- for($i = 0; $i < 2; $i++) {
- $pw .= $c[rand(0, strlen($c) - 1)];
- $pw .= $v[rand(0, strlen($v) - 1)];
- $pw .= $a[rand(0, strlen($a) - 1)];
+function auth_pwgen($foruser='') {
+ $data = array(
+ 'password' = '',
+ 'foruser' = $foruser
+ );
+
+ $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data);
+ if($evt->advise_before(true)) {
+ $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
+ $v = 'aeiou'; //vowels
+ $a = $c.$v; //both
+
+ //use two syllables...
+ for($i = 0; $i < 2; $i++) {
+ $data['password'] .= $c[rand(0, strlen($c) - 1)];
+ $data['password'] .= $v[rand(0, strlen($v) - 1)];
+ $data['password'] .= $a[rand(0, strlen($a) - 1)];
+ }
+ //... and add a nice number
+ $data['password'] .= rand(10, 99);
}
- //... and add a nice number
- $pw .= rand(10, 99);
+ $evt->advise_after();
- return $pw;
+ return $data['password'];
}
/**
@@ -765,7 +778,7 @@ function register() {
}
if($conf['autopasswd']) {
- $pass = auth_pwgen(); // automatically generate password
+ $pass = auth_pwgen($login); // automatically generate password
} elseif(empty($pass) || empty($passchk)) {
msg($lang['regmissing'], -1); // complain about missing passwords
return false;
@@ -958,7 +971,7 @@ function act_resendpwd() {
} else { // autogenerate the password and send by mail
- $pass = auth_pwgen();
+ $pass = auth_pwgen($user);
if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
msg('error modifying user data', -1);
return false;
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 01f4a4cdb..445836a50 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -355,7 +355,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
if ($this->_auth->canDo('modPass')){
if (empty($pass)){
if($INPUT->has('usernotify')){
- $pass = auth_pwgen();
+ $pass = auth_pwgen($user);
} else {
msg($this->lang['add_fail'], -1);
return false;
@@ -496,7 +496,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
// generate password if left empty and notification is on
if($INPUT->has('usernotify') && empty($newpass)){
- $newpass = auth_pwgen();
+ $newpass = auth_pwgen($olduser);
}
if (!empty($newpass) && $this->_auth->canDo('modPass'))
--
GitLab