*/
$wgLivePasswordStrengthChecks = false;
+/**
+ * List of weak passwords which shouldn't be allowed.
+ * The items should be in lowercase. The check is case insensitive.
+ */
+$wgWeakPasswords = array( 'password', 'passpass', 'passpass1' );
+
/**
* Maximum number of Unicode characters in signature
*/
* @return mixed: true on success, string of error message on failure
*/
function getPasswordValidity( $password ) {
- global $wgMinimalPasswordLength, $wgContLang;
+ global $wgMinimalPasswordLength, $wgWeakPasswords, $wgContLang;
$result = false; //init $result to false for the internal checks
if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
return $result;
+ $lcPassword = $wgContLang->lc( $password );
+
if ( $result === false ) {
if( strlen( $password ) < $wgMinimalPasswordLength ) {
return 'passwordtooshort';
- } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
+ } elseif ( $lcPassword == $wgContLang->lc( $this->mName ) ) {
return 'password-name-match';
+ } elseif ( in_array( $lcPassword, $wgWeakPasswords ) ) {
+ return 'password-too-weak';
} else {
//it seems weird returning true here, but this is because of the
//initialization of $result to false above. If the hook is never run or it
Please try again.',
'passwordtooshort' => 'Passwords must be at least {{PLURAL:$1|1 character|$1 characters}}.',
'password-name-match' => 'Your password must be different from your username.',
+'password-too-weak' => 'The provided password is too weak and cannot be used.',
'mailmypassword' => 'E-mail new password',
'passwordremindertitle' => 'New temporary password for {{SITENAME}}',
'passwordremindertext' => 'Someone (probably you, from IP address $1) requested a new