Commit 656b65fd authored by Alan Garcia's avatar Alan Garcia
Browse files

Tentative d'indication de la force des password. A débugger

Màj de jquery
Début d'intégration de la nouvelle structure de mail dans m_mail
parent 3eb248a8
......@@ -200,6 +200,7 @@ bureau/admin/images/orig/plus.png -text
bureau/admin/images/orig/quota.png -text
bureau/admin/images/orig/stat.png -text
bureau/admin/images/password.png -text
bureau/admin/images/passwordstrength.jpg -text
bureau/admin/images/plus.png -text
bureau/admin/images/quota.png -text
bureau/admin/images/stat.png -text
......@@ -227,6 +228,7 @@ bureau/admin/js/jquery_ui/js/jquery-ui-1.8.10.custom.min.js -text
bureau/admin/js/jquery_ui/js/jquery.ui.datepicker-de.js -text
bureau/admin/js/jquery_ui/js/jquery.ui.datepicker-es.js -text
bureau/admin/js/jquery_ui/js/jquery.ui.datepicker-fr.js -text
bureau/admin/js/passwordStrengthMeter.js -text
bureau/admin/js/prototype.js -text
bureau/admin/js/rico.js -text
bureau/admin/js/wz_dragdrop.js -text
......@@ -296,6 +298,7 @@ bureau/admin/sta2_doedit_raw.php -text
bureau/admin/sta2_edit_raw.php -text
bureau/admin/sta2_list.php -text
bureau/admin/stats_members.php -text
bureau/admin/styles/passwordStrengthMeter.css -text
bureau/admin/styles/style.css -text
bureau/admin/template.php -text
bureau/admin/trash_dateselect.php -text
......
......@@ -4,4 +4,4 @@
</table>
</div> <!-- div global -->
</body>
</html>
\ No newline at end of file
</html>
......@@ -35,6 +35,7 @@ if (!$charset) $charset="iso-8859-1";
<head>
<title>Bureau</title>
<link rel="stylesheet" href="styles/style.css" type="text/css" />
<link rel="stylesheet" href="styles/passwordStrengthMeter.css" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
<script type="text/javascript" src="js/alternc.js"></script>
<script type="text/javascript" src="js/wz_dragdrop.js"></script>
......@@ -46,6 +47,7 @@ if (file_exists($lang_date_picker))
echo "<script src=\"$lang_date_picker\" type=\"text/javascript\"></script>";
?>
<link href="js/jquery_ui/css/smoothness/jquery-ui-1.8.10.custom.css" rel="stylesheet" type="text/css" />
<script src="js/passwordStrengthMeter.js" type="text/javascript"></script>
</head>
<body>
<?
......
This diff is collapsed.
/* Intelligent Web NameSpace */
var IW = IW || {};
/**
* Password validator logic
*/
(function(IW) {
var secondsInADay = 86400;
function PasswordValidator() {
}
/**
* How long a password can be expected to last
*/
PasswordValidator.prototype.passwordLifeTimeInDays = 365;
/**
* An estimate of how many attempts could be made per second to guess a password
*/
PasswordValidator.prototype.passwordAttemptsPerSecond = 500;
/**
* An array of regular expressions to match against the password. Each is associated
* with the number of unique characters that each expression can match.
* @param password
*/
PasswordValidator.prototype.expressions = [
{
regex : /[A-Z]+/,
uniqueChars : 26
},
{
regex : /[a-z]+/,
uniqueChars : 26
},
{
regex : /[0-9]+/,
uniqueChars : 10
},
{
regex : /[!\?.;,\\@$#*()%~<>{}\[\]]+/,
uniqueChars : 17
}
];
/**
* Checks the supplied password
* @param {String} password
* @return The predicted lifetime of the password, as a percentage of the defined password lifetime.
*/
PasswordValidator.prototype.checkPassword = function(password) {
if (password == null) password="0"
var
expressions = this.expressions,
i,
l = expressions.length,
expression,
possibilitiesPerLetterInPassword = 0;
for (i = 0; i < l; i++) {
expression = expressions[i];
if (expression.regex.exec(password)) {
possibilitiesPerLetterInPassword += expression.uniqueChars;
}
}
var
totalCombinations = Math.pow(possibilitiesPerLetterInPassword, password.length),
// how long, on average, it would take to crack this (@ 200 attempts per second)
crackTime = ((totalCombinations / this.passwordAttemptsPerSecond) / 2) / secondsInADay,
// how close is the time to the projected time?
percentage = crackTime / this.passwordLifeTimeInDays;
return Math.min(Math.max(password.length * 5, percentage * 100), 100);
};
IW.PasswordValidator = new PasswordValidator();
})(IW);
/**
* jQuery plugin which allows you to add password validation to any
* form element.
*/
(function(IW, jQuery) {
function updatePassword() {
var
percentage = IW.PasswordValidator.checkPassword(this.val()),
progressBar = this.parent().find(".passwordStrengthBar div");
progressBar
.removeClass("strong medium weak useless")
.stop()
.animate({"width": percentage + "%"});
if (percentage > 90) {
progressBar.addClass("strong");
} else if (percentage > 50) {
progressBar.addClass("medium")
} else if (percentage > 10) {
progressBar.addClass("weak");
} else {
progressBar.addClass("useless");
}
}
jQuery.fn.passwordValidate = function() {
this
.bind('keyup', jQuery.proxy(updatePassword, this))
.after("<div class='passwordStrengthBar'>" +
"<div></div>" +
"</div>");
updatePassword.apply(this);
return this; // for chaining
}
})(IW, jQuery);
/* Have all the password elements on the page validate */
jQuery("input[type='password']").passwordValidate();
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
.inbox { width:200px;border:solid 1px gray; }
.graybar { width:200px; background:#dddddd; height:3px; float:left; }
.colorbar {margin-top:-3px;width:1px;background-image:url(images/passwordstrength.jpg);height:3px; float:left;}
.percent {margin-top:0px;float:left;}
.result {color:green; font-family:Tahoma;font-size:11px;}
......@@ -74,9 +74,9 @@ class m_mail {
$db->query("select * from domaines where compte='$cuid' AND gesmx=1 order by domaine asc;");
$this->domains=array();
if ($db->num_rows()>0) {
while ($db->next_record()) {
$this->domains[]=$db->f("domaine");
}
while ($db->next_record()) {
$this->domains[]=$db->f("domaine");
}
}
}
return $this->domains;
......@@ -117,23 +117,23 @@ class m_mail {
global $err,$cuid,$db;
$err->log("mail","enum_doms_mails",$dom);
if($letter == "@")
$letter = "";
$letter = "";
else
$letter .= "%";
$letter .= "%";
$db->query("SELECT mail,pop,alias,expiration_date FROM mail_domain WHERE mail LIKE '".addslashes($letter)."@".addslashes($dom)."' AND uid='$cuid' AND type=0;");
$res=array(); $i=0;
while ($db->next_record()) {
if ($db->f("pop")) {
$size=0;
$size=0;
$r=mysql_query("SELECT size FROM size_mail WHERE alias='".str_replace("@","_",$db->f("mail"))."';");
list($size)=@mysql_fetch_array($r);
$size=$size*1024;
} else $size=0;
if ($db->f("pop")) {
$login=str_replace("@","_",$db->f("mail"));
$account=str_replace($login,"",$db->f("alias"));
$login=str_replace("@","_",$db->f("mail"));
$account=str_replace($login,"",$db->f("alias"));
} else {
$account=$db->f("alias");
$account=$db->f("alias");
}
$res[]=array("mail" => $db->f("mail"), "pop" => $db->f("pop"),
"alias"=>$account,"size"=>$size, "expiration_date"=>$db->f("expiration_date"));
......@@ -161,9 +161,9 @@ class m_mail {
$al = strtolower($a["pop"]);
$bl = strtolower($b["pop"]);
if ($al == $bl) {
$al = strtolower($a["mail"]);
$bl = strtolower($b["mail"]);
if ($al == $bl) return 0;
$al = strtolower($a["mail"]);
$bl = strtolower($b["mail"]);
if ($al == $bl) return 0;
}
return ($al > $bl) ? +1 : -1;
}
......@@ -209,7 +209,7 @@ class m_mail {
function available($mail) {
global $err,$db,$cuid;
$err->log("mail","available",$mail);
$db->query("SELECT mail FROM mail_domain WHERE mail='$mail';");
$db->query("SELECT address FROM address WHERE address='$mail';");
if ($db->next_record()) {
return false;
} else {
......@@ -258,25 +258,21 @@ class m_mail {
* @param string $pass New password
* @return boolean TRUE if the password has been changed, FALSE if an error occurred.
*/
function change_password($mail,$pass) {
function change_password($mail,$pass) { // NEW OK
global $err,$db,$cuid;
$err->log("mail","change_password",$mail);
$t=explode("@",$mail);
$email=$t[0];
$dom=$t[1];
$db->query("SELECT mail,alias,pop FROM mail_domain WHERE mail='$mail' AND uid='$cuid';");
$db->query("SELECT address FROM address WHERE address='$mail' AND uid='$cuid';");
if (!$db->next_record()) {
$err->raise("mail",3,$mail);
return false;
}
if (!$db->f("pop")) {
$err->raise("mail",15);
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("pop",$email."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
return false; // The error has been raised by checkPolicy()
}
}
if (!$this->_updatepop($email,$dom,$pass)) {
......@@ -318,17 +314,17 @@ class m_mail {
if ($alias){
$a=explode("\n",$alias);
if (count($a)>0) {
reset($a);
for ($i=0;$i<count($a);$i++){
$a[$i]=trim($a[$i]); // remove spaces
if ($a[$i]){
if(checkmail($a[$i])>1){
$err->raise("mail",14);
return false;
}
}
$account[]=$a[$i];
}
reset($a);
for ($i=0;$i<count($a);$i++){
$a[$i]=trim($a[$i]); // remove spaces
if ($a[$i]){
if(checkmail($a[$i])>1){
$err->raise("mail",14);
return false;
}
}
$account[]=$a[$i];
}
}
}
......@@ -341,14 +337,14 @@ class m_mail {
// When we CREATE a pop account, we MUST give a password
if ($pop=="1" && $oldpop!=1) {
if (!$pass) {
$err->raise("mail",4);
return false;
$err->raise("mail",4);
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("pop",$email."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
if (!$admin->checkPolicy("pop",$email."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
}
}
......@@ -357,23 +353,23 @@ class m_mail {
if ($pop=="1" && $oldpop!=1) { /* POP Creation */
if (!$this->_createpop($email,$dom,$pass)) {
return false;
return false;
}
}
if ($pop!="1" && $oldpop==1) { /* POP Destruction */
if (!$this->_deletepop($email,$dom)) {
return false;
return false;
}
}
if ($pop=="1" && $oldpop==1 && $pass!="") { /* POP Account Edition */
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("pop",$email."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
if (!$admin->checkPolicy("pop",$email."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
}
if (!$this->_updatepop($email,$dom,$pass)) {
return false;
return false;
}
}
return true;
......@@ -396,8 +392,8 @@ class m_mail {
if ($pop) $pop="1"; else $pop="0";
if ($mail || $dom==$L_FQDN) {
if (!checkloginmail($mail)) {
$err->raise("mail",13);
return false;
$err->raise("mail",13);
return false;
}
}
......@@ -409,9 +405,9 @@ class m_mail {
if ($pop=="1") {
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("pop",$mail."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
if (!$admin->checkPolicy("pop",$mail."@".$dom,$pass)) {
return false; // The error has been raised by checkPolicy()
}
}
}
......@@ -422,17 +418,17 @@ class m_mail {
if ($alias){
$a=explode("\n",$alias);
if (count($a)>0) {
reset($a);
for ($i=0;$i<count($a);$i++){
$a[$i]=trim($a[$i]);
if ($a[$i]){
if(checkmail($a[$i])>1){
$err->raise("mail",14);
return false;
}
}
$account[]=$a[$i];
}
reset($a);
for ($i=0;$i<count($a);$i++){
$a[$i]=trim($a[$i]);
if ($a[$i]){
if(checkmail($a[$i])>1){
$err->raise("mail",14);
return false;
}
}
$account[]=$a[$i];
}
}
}
......@@ -458,7 +454,7 @@ class m_mail {
if ($pop=="1") {
if (!$this->_createpop($mail,$dom,$pass))
return false;
return false;
}
return true;
}
......@@ -487,7 +483,7 @@ class m_mail {
if ($pop=="1") {
if (!$this->_deletepop($mdom,$dom)) {
return false;
return false;
}
}
return true;
......@@ -601,9 +597,9 @@ class m_mail {
fputs($f,"email_address=$mail@$dom\nchosen_theme=default_theme.php\n");
if ($g) {
while ($s=fgets($g,1024)) {
if (substr($s,0,14)!="email_address=" && substr($s,0,13)!="chosen_theme=") {
fputs($f,$s);
}
if (substr($s,0,14)!="email_address=" && substr($s,0,13)!="chosen_theme=") {
fputs($f,$s);
}
}
fclose($g);
}
......@@ -622,12 +618,12 @@ class m_mail {
* @return boolean TRUE si le compte pop a bien t modifi, FALSE si une erreur s'est produite.
* @access private
*/
function _updatepop($mail,$dom,$pass) {
function _updatepop($mail,$dom,$pass) { // NEW OK
global $err,$cuid,$db;
$err->log("mail","_updatepop",$mail."@".$dom);
$m=substr($mail,0,1);
$gecos=$mail;
$db->query("UPDATE mail_users SET password='"._md5cr($pass)."' WHERE ( alias='". $mail."_".$dom."' OR alias='". $mail."@".$dom."' ) AND uid='$cuid';");
$db->query("UPDATE address SET password='"._md5cr($pass)."' WHERE address='". $mail."@".$dom."' AND uid='$cuid';");
return true;
}
......@@ -679,10 +675,10 @@ class m_mail {
if (is_array($a)) {
reset($a);
for($i=0;$i<$a["count"];$i++) {
$val=$a[$i];
if (!$this->del_mail($val["mail"])) {
$err->raise("mail",5);
}
$val=$a[$i];
if (!$this->del_mail($val["mail"])) {
$err->raise("mail",5);
}
}
}
/* Effacement du domaine himself */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment