X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fpassword%2FPasswordPolicyChecks.php;h=b1098f5b842f4e34a45ddf885c133b04cc350611;hb=e53c515578be49fd950c7ced2728b12447c0e8ef;hp=eb4a9582dc3c3eb9aadb53084d003044fedebc3e;hpb=9aaf07951276b9169440fa229f6be23a025b2da3;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index eb4a9582dc..b1098f5b84 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -20,6 +20,8 @@
  * @file
  */
 
+use \Cdb\Reader as CdbReader;
+
 /**
  * Functions to check passwords against a policy requirement
  * @since 1.26
@@ -112,4 +114,50 @@ class PasswordPolicyChecks {
 		return $status;
 	}
 
+	/**
+	 * Ensure that password isn't in top X most popular passwords
+	 *
+	 * @param $policyVal int Cut off to use. Will automatically shrink to the max
+	 *   supported for error messages if set to more than max number of passwords on file,
+	 *   so you can use the PHP_INT_MAX constant here safely.
+	 * @param $user User
+	 * @param $password String
+	 * @since 1.27
+	 * @return Status
+	 */
+	public static function checkPopularPasswordBlacklist( $policyVal, User $user, $password ) {
+		global $wgPopularPasswordFile, $wgSitename;
+		$status = Status::newGood();
+		if ( $policyVal > 0 ) {
+			$langEn = Language::factory( 'en' );
+			$passwordKey = $langEn->lc( trim( $password ) );
+
+			// People often use the name of the current site, which won't be
+			// in the common password file. Also check '' for people who use
+			// just whitespace.
+			$sitename = $langEn->lc( trim( $wgSitename ) );
+			$hardcodedCommonPasswords = array( '', 'wiki', 'mediawiki', $sitename );
+			if ( in_array( $passwordKey, $hardcodedCommonPasswords ) ) {
+				$status->error( 'passwordtoopopular' );
+				return $status;
+			}
+
+			// This could throw an exception, but there's not a good way
+			// of failing gracefully, if say the file is missing, so just
+			// let the exception fall through.
+			// Format of cdb file is mapping password => popularity rank.
+			// See maintenance/createCommonPasswordCdb.php
+			$db = CdbReader::open( $wgPopularPasswordFile );
+
+			$res = $db->get( $passwordKey );
+			if ( $res && (int)$res <= $policyVal ) {
+				// Note: If you want to find the true number of common
+				// passwords stored (for reporting the error), you have to take
+				// the max of the policyVal and $db->get( '_TOTALENTRIES' ).
+				$status->error( 'passwordtoopopular' );
+			}
+		}
+		return $status;
+	}
+
 }