includes/clientside/static/pwstrength.js
author Dan
Sat, 03 Jan 2009 18:11:18 -0500
changeset 800 9cdfe82c56cd
parent 586 234ddd896555
child 1227 bdac73ed481e
permissions -rw-r--r--
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     1
/*
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     2
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     3
 * Copyright (C) 2006-2007 Dan Fuhry
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     4
 * pwstrength - Password evaluation and strength testing algorithm
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     5
 *
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     6
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     7
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     8
 *
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
     9
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    10
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    11
 */
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    12
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    13
function password_score_len(password)
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    14
{
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    15
  if ( typeof(password) != "string" )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    16
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    17
    return -10;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    18
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    19
  var len = password.length;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    20
  var score = len - 7;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    21
  return score;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    22
}
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    23
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    24
function password_score(password)
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    25
{
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    26
  if ( typeof(password) != "string" )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    27
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    28
    return -10;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    29
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    30
  var score = 0;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    31
  var debug = [];
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    32
  // length check
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    33
  var lenscore = password_score_len(password);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    34
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    35
  debug.push(''+lenscore+' points for length');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    36
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    37
  score += lenscore;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    38
    
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    39
  var has_upper_lower = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    40
  var has_symbols     = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    41
  var has_numbers     = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    42
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    43
  // contains uppercase and lowercase
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    44
  if ( password.match(/[A-z]+/) && password.toLowerCase() != password )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    45
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    46
    score += 1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    47
    has_upper_lower = true;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    48
    debug.push('1 point for having uppercase and lowercase');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    49
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    50
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    51
  // contains symbols
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    52
  if ( password.match(/[^A-z0-9]+/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    53
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    54
    score += 1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    55
    has_symbols = true;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    56
    debug.push('1 point for having nonalphanumeric characters (matching /[^A-z0-9]+/)');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    57
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    58
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    59
  // contains numbers
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    60
  if ( password.match(/[0-9]+/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    61
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    62
    score += 1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    63
    has_numbers = true;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    64
    debug.push('1 point for having numbers');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    65
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    66
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    67
  if ( has_upper_lower && has_symbols && has_numbers && password.length >= 9 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    68
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    69
    // if it has uppercase and lowercase letters, symbols, and numbers, and is of considerable length, add some serious points
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    70
    score += 4;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    71
    debug.push('4 points for having uppercase and lowercase, numbers, and nonalphanumeric and being more than 8 characters');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    72
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    73
  else if ( has_upper_lower && has_symbols && has_numbers && password.length >= 6 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    74
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    75
    // still give some points for passing complexity check
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    76
    score += 2;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    77
    debug.push('2 points for having uppercase and lowercase, numbers, and nonalphanumeric');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    78
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    79
  else if(( ( has_upper_lower && has_symbols ) ||
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    80
            ( has_upper_lower && has_numbers ) ||
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    81
            ( has_symbols && has_numbers ) ) && password.length >= 6 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    82
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    83
    // if 2 of the three main complexity checks passed, add a point
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    84
    score += 1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    85
    debug.push('1 point for having 2 of 3 complexity checks');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    86
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    87
  else if ( ( !has_upper_lower && !has_numbers && has_symbols ) ||
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    88
            ( !has_upper_lower && !has_symbols && has_numbers ) ||
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    89
            ( !has_numbers && !has_symbols && has_upper_lower ) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    90
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    91
    score += -2;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    92
    debug.push('-2 points for only meeting 1 complexity check');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    93
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    94
  else if ( password.match(/^[0-9]*?([a-z]+)[0-9]?$/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    95
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    96
    // password is something like magnum1 which will be cracked in seconds
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    97
    score += -4;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    98
    debug.push('-4 points for being of the form [number][word][number], which is easily cracked');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
    99
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   100
  else if ( !has_upper_lower && !has_numbers && !has_symbols )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   101
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   102
    // this is if somehow the user inputs a password that doesn't match the rule above, but still doesn't contain upper and lowercase, numbers, or symbols
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   103
    debug.push('-3 points for not meeting any complexity checks');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   104
    score += -3;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   105
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   106
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   107
  //
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   108
  // Repetition
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   109
  // Example: foobar12345 should be deducted points, where f1o2o3b4a5r should be given points
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   110
  // None of the positive ones kick in unless the length is at least 8
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   111
  //
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   112
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   113
  if ( password.match(/([A-Z][A-Z][A-Z][A-Z]|[a-z][a-z][a-z][a-z])/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   114
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   115
    debug.push('-2 points for having more than 4 letters of the same case in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   116
    score += -2;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   117
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   118
  else if ( password.match(/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   119
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   120
    debug.push('-1 points for having more than 3 letters of the same case in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   121
    score += -1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   122
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   123
  else if ( password.match(/[A-z]/) && !password.match(/([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])/) && password.length >= 8 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   124
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   125
    debug.push('1 point for never having more than 2 letters of the same case in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   126
    score += 1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   127
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   128
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   129
  if ( password.match(/[0-9][0-9][0-9][0-9]/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   130
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   131
    debug.push('-2 points for having 4 or more numbers in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   132
    score += -2;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   133
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   134
  else if ( password.match(/[0-9][0-9][0-9]/) )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   135
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   136
    debug.push('-1 points for having 3 or more numbers in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   137
    score += -1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   138
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   139
  else if ( has_numbers && !password.match(/[0-9][0-9][0-9]/) && password.length >= 8 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   140
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   141
    debug.push('1 point for never more than 2 numbers in a row');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   142
    score += -1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   143
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   144
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   145
  // make passwords like fooooooooooooooooooooooooooooooooooooo totally die by subtracting a point for each character repeated at least 3 times in a row
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   146
  var prev_char = '';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   147
  var warn = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   148
  var loss = 0;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   149
  for ( var i = 0; i < password.length; i++ )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   150
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   151
    var chr = password.substr(i, 1);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   152
    if ( chr == prev_char && warn )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   153
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   154
      loss += -1;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   155
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   156
    else if ( chr == prev_char && !warn )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   157
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   158
      warn = true;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   159
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   160
    else if ( chr != prev_char && warn )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   161
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   162
      warn = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   163
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   164
    prev_char = chr;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   165
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   166
  if ( loss < 0 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   167
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   168
    debug.push(''+loss+' points for immediate character repetition');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   169
    score += loss;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   170
    // this can bring the score below -10 sometimes
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   171
    if ( score < -10 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   172
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   173
      debug.push('Score set to -10 because it went below that floor');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   174
      score = -10;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   175
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   176
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   177
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   178
  var debug_txt = "<b>How this score was calculated</b>\nYour score was tallied up based on an extensive algorithm which outputted\nthe following scores based on traits of your password. Above you can see the\ncomposite score; your individual scores based on certain tests are below.\n\nThe scale is open-ended, with a minimum score of -10. 10 is very strong, 4\nis strong, 1 is good and -3 is fair. Below -3 scores \"Weak.\"\n\n";
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   179
  for ( var i = 0; i < debug.length; i++ )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   180
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   181
    debug_txt += debug[i] + "\n";
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   182
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   183
  
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   184
  // For users that really want to know why their password sucks.
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   185
  // Not localized because the feature is really only used for debugging the algorithm.
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   186
  if ( document.getElementById('passdebug') )
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   187
    document.getElementById('passdebug').innerHTML = debug_txt;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   188
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   189
  return score;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   190
}
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   191
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   192
function password_score_draw(score)
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   193
{
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   194
  if ( !$lang )
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   195
  {
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   196
    // $lang isn't initted yet, this happens sometimes on the usercp/emailpassword form.
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   197
    // Try to init it if we have ENANO_LANG_ID and enano_lang; if not, report an error.
586
234ddd896555 Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
parents: 504
diff changeset
   198
    load_component('l10n');
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   199
    if ( typeof(enano_lang) == 'object' && typeof(ENANO_LANG_ID) == 'number' )
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   200
    {
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   201
      language_onload();
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   202
    }
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   203
    else
460
3a1c99845ca8 Merging in changes from Nighthawk
Dan
parents: 362
diff changeset
   204
    {      
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   205
      return {
460
3a1c99845ca8 Merging in changes from Nighthawk
Dan
parents: 362
diff changeset
   206
        'color' : '#000000',
3a1c99845ca8 Merging in changes from Nighthawk
Dan
parents: 362
diff changeset
   207
        'fgcolor' : '#666666',
3a1c99845ca8 Merging in changes from Nighthawk
Dan
parents: 362
diff changeset
   208
        'str' : 'Language init failed'
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   209
      };
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   210
    }
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   211
  }
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   212
  // some colors are from the Gmail sign-up form
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   213
  if ( score >= 10 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   214
  {
504
bc8e0e9ee01d Added support for embedding language data into plugins; updated all version numbers on plugin files
Dan
parents: 460
diff changeset
   215
    var color = '#010101';
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   216
    var fgcolor = '#666666';
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   217
    var str = $lang.get('usercp_pwstrength_score_verystrong', { score: score });
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   218
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   219
  else if ( score > 3 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   220
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   221
    var color = '#008000';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   222
    var fgcolor = '#004000';
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   223
    var str = $lang.get('usercp_pwstrength_score_strong', { score: score });
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   224
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   225
  else if ( score >= 1 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   226
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   227
    var color = '#6699cc';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   228
    var fgcolor = '#4477aa';
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   229
    var str = $lang.get('usercp_pwstrength_score_good', { score: score });
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   230
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   231
  else if ( score >= -3 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   232
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   233
    var color = '#f5ac00';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   234
    var fgcolor = '#ffcc33';
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   235
    var str = $lang.get('usercp_pwstrength_score_fair', { score: score });
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   236
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   237
  else
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   238
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   239
    var color = '#aa0033';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   240
    var fgcolor = '#FF6060';
362
02d315d1cc58 Started localization on User CP. Localized pagination, password strength, and various other small widgets. Fixed bug in path manager causing return of fullpage from get_page_id_from_url() even when namespace is Special.
Dan
parents: 134
diff changeset
   241
    var str = $lang.get('usercp_pwstrength_score_weak', { score: score });
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   242
  }
504
bc8e0e9ee01d Added support for embedding language data into plugins; updated all version numbers on plugin files
Dan
parents: 460
diff changeset
   243
  var ret = {
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   244
    color: color,
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   245
    fgcolor: fgcolor,
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   246
    str: str
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   247
  };
504
bc8e0e9ee01d Added support for embedding language data into plugins; updated all version numbers on plugin files
Dan
parents: 460
diff changeset
   248
  return ret;
134
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   249
}
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   250
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   251
function password_score_field(field)
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   252
{
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   253
  var indicator = false;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   254
  if ( field.nextSibling )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   255
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   256
    if ( field.nextSibling.className == 'password-checker' )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   257
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   258
      indicator = field.nextSibling;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   259
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   260
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   261
  if ( !indicator )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   262
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   263
    var indicator = document.createElement('span');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   264
    indicator.className = 'password-checker';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   265
    if ( field.nextSibling )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   266
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   267
      field.parentNode.insertBefore(indicator, field.nextSibling);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   268
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   269
    else
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   270
    {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   271
      field.parentNode.appendChild(indicator);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   272
    }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   273
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   274
  var score = password_score(field.value);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   275
  var data = password_score_draw(score);
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   276
  indicator.style.color = data.color;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   277
  indicator.style.fontWeight = 'bold';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   278
  indicator.innerHTML = ' ' + data.str;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   279
  
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   280
  if ( document.getElementById('pwmeter') )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   281
  {
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   282
    var div = document.getElementById('pwmeter');
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   283
    div.style.width = '250px';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   284
    score += 10;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   285
    if ( score > 25 )
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   286
      score = 25;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   287
    div.style.backgroundColor = data.color;
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   288
    var width = Math.round( score * (250 / 25) );
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   289
    div.innerHTML = '<div style="width: '+width+'px; background-color: '+data.fgcolor+'; height: 8px;"></div>';
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   290
  }
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   291
}
175776498ef1 Oops - forgot to add pwstrength.js
Dan
parents:
diff changeset
   292