©
This document uses PHP Chinese website manual Release
(PECL crack >= 0.1)
crack_check — Performs an obscure check with the given password
$dictionary
, string $password
)$password
, string $username
= ""
, string $gecos
= ""
, resource $dictionary
= NULL
)Performs an obscure check with the given password on the specified dictionary. The alternative signature also takes into account the username and the GECOS information.
此函数是实验性的。此函数的表象,包括名称及其相关文档都可能在未来的 PHP 发布版本中未通知就被修改。使用本函数风险自担 。
dictionary
The crack lib dictionary. If not specified, the last opened dictionary is used.
password
The password to be checked.
username
The username of the account with the password.
gecos
The GECOS information associated with the user account.
Returns TRUE
if password
is strong, or FALSE
otherwise.
版本 | 说明 |
---|---|
0.3 |
The username , gecos and
dictionary parameters were added to the
alternative signature.
|
[#1] Anonymous [2010-02-25 13:16:32]
In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).
There is a third format for the function call which supplies these additional parameters:
bool crack_check (string $password, string $username, string $gecos, resource $dictionary)
This is true of PECL crack version 0.4, I'm not sure about earlier versions.
[#2] vkontakte at mralston dot com [2010-01-21 07:27:21]
If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
The $message variable will contain cracklib's complaint (if there is one)
You'll want to wrap your invocation of this function in a try...catch block.
<?php
function cracklibCheck($password, &$message)
{
// Clean up password
$password=str_replace("\r", "", $password);
$password=str_replace("\n", "", $password);
// Run password through cracklib-check
exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
// Check it ran properly
if($return_var==0)
{
if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
{
// Check response
if(strtoupper($matches[1])=="OK")
{
// Password is strong
$message="";
return(true);
}
else
{
// Cracklib doesn't like it
$message=$matches[1];
return(false);
}
}
else
{
// Badly formatted response from cracklib-check.
throw new Exception("Didn't understand cracklib-check response.");
}
}
else
{
// Some sort of execution error
throw new Exception("Failed to run cracklib-check.");
}
}
?>