forked from phalcon/incubator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
PasswordStrength.php
110 lines (93 loc) · 3.46 KB
/
PasswordStrength.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
/*
+------------------------------------------------------------------------+
| Phalcon Framework |
+------------------------------------------------------------------------+
| Copyright (c) 2011-2016 Phalcon Team (http://www.phalconphp.com) |
+------------------------------------------------------------------------+
| This source file is subject to the New BSD License that is bundled |
| with this package in the file docs/LICENSE.txt. |
| |
| If you did not receive a copy of the license and are unable to |
| obtain it through the world-wide-web, please send an email |
| to [email protected] so we can send you a copy immediately. |
+------------------------------------------------------------------------+
| Authors: David Hubner <[email protected]> |
+------------------------------------------------------------------------+
*/
namespace Phalcon\Validation\Validator;
use Phalcon\Validation;
/**
* Validates password strength
*
* <code>
* new \Phalcon\Validation\Validator\PasswordStrength([
* 'minScore' => {[1-4] - minimal password score},
* 'message' => {string - validation message},
* 'allowEmpty' => {bool - allow empty value}
* ])
* </code>
*
* @package Phalcon\Validation\Validator
*/
class PasswordStrength extends Validation\Validator
{
const MIN_VALID_SCORE = 2;
/**
* Value validation
*
* @param \Phalcon\Validation $validation - validation object
* @param string $attribute - validated attribute
* @return bool
*/
public function validate(Validation $validation, $attribute)
{
$allowEmpty = $this->getOption('allowEmpty');
$value = $validation->getValue($attribute);
if ($allowEmpty && ((is_scalar($value) && (string) $value === '') || is_null($value))) {
return true;
}
$minScore = ($this->hasOption('minScore') ? $this->getOption('minScore') : self::MIN_VALID_SCORE);
if (is_string($value) && $this->countScore($value) >= $minScore) {
return true;
}
$message = ($this->hasOption('message') ? $this->getOption('message') : 'Password too weak');
$validation->appendMessage(
new Validation\Message($message, $attribute, 'PasswordStrengthValidator')
);
return false;
}
/**
* Calculates password strength score
*
* @param string $value - password
* @return int (1 = very weak, 2 = weak, 3 = medium, 4+ = strong)
*/
private function countScore($value)
{
$score = 0;
$hasLower = preg_match('![a-z]!', $value);
$hasUpper = preg_match('![A-Z]!', $value);
$hasNumber = preg_match('![0-9]!', $value);
if ($hasLower && $hasUpper) {
++$score;
}
if (($hasNumber && $hasLower) || ($hasNumber && $hasUpper)) {
++$score;
}
if (preg_match('![^0-9a-zA-Z]!', $value)) {
++$score;
}
$length = mb_strlen($value);
if ($length >= 16) {
$score += 2;
} elseif ($length >= 8) {
++$score;
} elseif ($length <= 4 && $score > 1) {
--$score;
} elseif ($length > 0 && $score === 0) {
++$score;
}
return $score;
}
}