<optiontype>textarea</optiontype>
</option>
<!-- /message.censorship -->
- <option name="register_enable_password_security_check">
+ <option name="password_min_score">
<categoryname>user.password</categoryname>
- <optiontype>boolean</optiontype>
- <enableoptions>register_password_min_length,register_password_must_contain_lower_case,register_password_must_contain_upper_case,register_password_must_contain_digit,register_password_must_contain_special_char</enableoptions>
- </option>
- <option name="register_password_min_length">
- <categoryname>user.password</categoryname>
- <optiontype>integer</optiontype>
- <defaultvalue>8</defaultvalue>
- <minvalue>0</minvalue>
- <suffix>chars</suffix>
- </option>
- <option name="register_password_must_contain_lower_case">
- <categoryname>user.password</categoryname>
- <optiontype>boolean</optiontype>
- <defaultvalue>1</defaultvalue>
- </option>
- <option name="register_password_must_contain_upper_case">
- <categoryname>user.password</categoryname>
- <optiontype>boolean</optiontype>
- <defaultvalue>1</defaultvalue>
- </option>
- <option name="register_password_must_contain_digit">
- <categoryname>user.password</categoryname>
- <optiontype>boolean</optiontype>
- <defaultvalue>1</defaultvalue>
- </option>
- <option name="register_password_must_contain_special_char">
- <categoryname>user.password</categoryname>
- <optiontype>boolean</optiontype>
+ <optiontype>select</optiontype>
+ <selectoptions>0:wcf.acp.option.password_min_score.0
+1:wcf.acp.option.password_min_score.1
+2:wcf.acp.option.password_min_score.2</selectoptions>
<defaultvalue>1</defaultvalue>
</option>
<!-- /user.password -->
<delete>
<option name="attachment_enable_thumbnails" />
<option name="message_sidebar_enable_user_online_marking" />
+ <option name="register_enable_password_security_check" />
+ <option name="register_password_min_length" />
+ <option name="register_password_must_contain_lower_case" />
+ <option name="register_password_must_contain_upper_case" />
+ <option name="register_password_must_contain_digit" />
+ <option name="register_password_must_contain_special_char" />
</delete>
</data>
define('ENABLE_CENSORSHIP', 0);
define('CENSORED_WORDS', '');
define('REGISTER_ENABLE_PASSWORD_SECURITY_CHECK', 0);
-define('REGISTER_PASSWORD_MIN_LENGTH', 8);
-define('REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_DIGIT', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR', 1);
+define('PASSWORD_MIN_SCORE', 1);
define('REGISTER_FORBIDDEN_USERNAMES', '');
define('REGISTER_FORBIDDEN_EMAILS', '');
define('REGISTER_ALLOWED_EMAILS', '');
// https://github.com/WoltLab/WCF/issues/3330
define('MESSAGE_SIDEBAR_ENABLE_USER_ONLINE_MARKING', 1);
+ // Password strength configuration is deprecated since 5.3.
+ define('REGISTER_ENABLE_PASSWORD_SECURITY_CHECK', 0);
+ define('REGISTER_PASSWORD_MIN_LENGTH', 0);
+ define('REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE', 8);
+ define('REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE', 0);
+ define('REGISTER_PASSWORD_MUST_CONTAIN_DIGIT', 0);
+ define('REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR', 0);
+
$filename = WCF_DIR.'options.inc.php';
// create options file if doesn't exist
}
/**
- * Returns true if the given password is secure.
+ * Always returns true.
*
- * @param string $password
- * @return boolean
+ * @deprecated 5.3 - Take a look at the zxcvbn verdict from WoltLabSuite/Core/Ui/User/PasswordStrength.
*/
public static function isSecurePassword($password) {
- if (REGISTER_ENABLE_PASSWORD_SECURITY_CHECK) {
- if (mb_strlen($password) < REGISTER_PASSWORD_MIN_LENGTH) return false;
-
- if (REGISTER_PASSWORD_MUST_CONTAIN_DIGIT && !preg_match('![0-9]+!', $password)) return false;
- if (REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE && !preg_match('![a-z]+!', $password)) return false;
- if (REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE && !preg_match('![A-Z]+!', $password)) return false;
- if (REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR && !preg_match('![^A-Za-z0-9]+!', $password)) return false;
- }
-
return true;
}
* @return string
*/
public static function getPasswordRulesAttributeValue() {
- if (REGISTER_ENABLE_PASSWORD_SECURITY_CHECK) {
- $rules = '';
-
- if (REGISTER_PASSWORD_MIN_LENGTH) {
- $rules .= 'minlength:'.REGISTER_PASSWORD_MIN_LENGTH.';';
- }
-
- if (REGISTER_PASSWORD_MUST_CONTAIN_DIGIT) {
- $rules .= 'required:digit;';
- }
-
- if (REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE) {
- $rules .= 'required:lower;';
- }
-
- if (REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE) {
- $rules .= 'required:upper;';
- }
-
- if (REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR) {
- $rules .= 'required:special;';
- }
- }
- else {
- $rules = "minlength:8;";
- }
-
- return $rules;
+ return "minlength:8;";
}
/**
<item name="wcf.acp.option.module_user_rank"><![CDATA[Benutzerränge]]></item>
<item name="wcf.acp.option.module_user_signature"><![CDATA[Signaturen]]></item>
<item name="wcf.acp.option.module_team_page"><![CDATA[Team-Seite]]></item>
- <item name="wcf.acp.option.register_enable_password_security_check"><![CDATA[Sicherheitsüberprüfung aktivieren]]></item>
- <item name="wcf.acp.option.register_enable_password_security_check.description"><![CDATA[Kennwörter werden auf ihre Sicherheit geprüft. Unsichere Kennwörter werden abgelehnt.]]></item>
- <item name="wcf.acp.option.register_password_min_length"><![CDATA[Minimale Kennwortlänge]]></item>
- <item name="wcf.acp.option.register_password_must_contain_digit"><![CDATA[Kennwort muss Zahlen enthalten]]></item>
- <item name="wcf.acp.option.register_password_must_contain_lower_case"><![CDATA[Kennwort muss Kleinbuchstaben enthalten]]></item>
- <item name="wcf.acp.option.register_password_must_contain_special_char"><![CDATA[Kennwort muss Sonderzeichen enthalten]]></item>
- <item name="wcf.acp.option.register_password_must_contain_upper_case"><![CDATA[Kennwort muss Großbuchstaben enthalten]]></item>
+ <item name="wcf.acp.option.password_min_score"><![CDATA[Sicherheitslevel]]></item>
+ <item name="wcf.acp.option.password_min_score.description"><![CDATA[„Score“-Wert der <a href="https://github.com/dropbox/zxcvbn" class="externalURL">zxcvbn-Bibliothek</a>, den Kennwörter mindestens erreichen müssen.]]></item>
+ <item name="wcf.acp.option.password_min_score.0"><![CDATA[0: Deaktiviert]]></item>
+ <item name="wcf.acp.option.password_min_score.1"><![CDATA[1: Sehr leicht zu erraten (Eine Million Versuche)]]></item>
+ <item name="wcf.acp.option.password_min_score.2"><![CDATA[2: Leicht zu erraten (100 Millionen Versuche)]]></item>
<item name="wcf.acp.option.register_forbidden_usernames"><![CDATA[Reservierte Namen]]></item>
<item name="wcf.acp.option.register_forbidden_usernames.description"><![CDATA[Namen, die nicht als Benutzername verwendet werden dürfen. Ein Name pro Zeile]]></item>
<item name="wcf.acp.option.register_forbidden_emails"><![CDATA[Reservierte E-Mail-Adressen]]></item>
<item name="wcf.user.styles"><![CDATA[Stile]]></item>
<item name="wcf.user.style.description"><![CDATA[Stil der Benutzeroberfläche]]></item>
<item name="wcf.user.username.description"><![CDATA[Der Benutzername muss mindestens {REGISTER_USERNAME_MIN_LENGTH} und darf maximal {REGISTER_USERNAME_MAX_LENGTH} Zeichen lang sein.]]></item>
- <item name="wcf.user.password.description"><![CDATA[{if REGISTER_ENABLE_PASSWORD_SECURITY_CHECK}Das Kennwort muss aus Sicherheitsgründen mindestens {REGISTER_PASSWORD_MIN_LENGTH} Zeichen lang sein{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
- *} und {*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}kleine Buchstaben{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}große Buchstaben{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}Zahlen{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} und {/if}Sonderzeichen{/if} {*
- *}enthalten{/if}.{else}Ein sicheres Kennwort sollte mindestens 8 Zeichen lang sein.{/if}]]></item>
+ <item name="wcf.user.password.description"><![CDATA[Ein sicheres Kennwort sollte mindestens 10 Zeichen lang sein.]]></item>
<item name="wcf.user.lostPassword"><![CDATA[Kennwort vergessen]]></item>
<item name="wcf.user.lostPassword.description"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Wenn du dein Kennwort vergessen hast, musst du entweder den Benutzernamen oder die E-Mail-Adresse angeben, die du in deinem Profil hinterlegt hast. Du kannst dabei nur eines der beiden Felder ausfüllen. Wenn du beide Daten nicht mehr weißt, wende dich bitte an den Administrator.{else}Wenn Sie Ihr Kennwort vergessen haben, müssen Sie entweder den Benutzernamen oder die E-Mail-Adresse angeben, die Sie in Ihrem Profil hinterlegt haben. Sie können dabei nur eines der beiden Felder ausfüllen. Wenn Sie beide Daten nicht mehr wissen, wenden Sie sich bitte an den Administrator.{/if}]]></item>
<item name="wcf.user.lostPassword.email.error.notFound"><![CDATA[Es wurde kein Benutzer mit der E-Mail-Adresse: „{$email}“ gefunden.]]></item>
<item name="wcf.user.quit.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Dein{else}Ihr{/if} Benutzerkonto wird am {TIME_NOW+7*86400|date} gelöscht. Bis dahin {if LANGUAGE_USE_INFORMAL_VARIANT}kannst du{else}können Sie{/if} die Löschung auf dieser Seite abbrechen.]]></item>
<item name="wcf.user.quit.cancel.success"><![CDATA[Die Löschung {if LANGUAGE_USE_INFORMAL_VARIANT}deines{else}Ihres{/if} Benutzerkontos wurde erfolgreich abgebrochen.]]></item>
<item name="wcf.user.emailActivation"><![CDATA[Neue E-Mail-Adresse aktivieren]]></item>
- <item name="wcf.user.password.error.notSecure"><![CDATA[Das Kennwort muss aus Sicherheitsgründen mindestens {REGISTER_PASSWORD_MIN_LENGTH} Zeichen lang sein{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
- *} und {*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}kleine Buchstaben{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}große Buchstaben{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}Zahlen{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} und {/if}Sonderzeichen{/if} {*
- *}enthalten{/if}.]]></item>
+ <item name="wcf.user.password.error.notSecure"><![CDATA[Bitte {if LANGUAGE_USE_INFORMAL_VARIANT}wähle{else}wählen Sie{/if} ein sichereres Kennwort aus.]]></item>
<item name="wcf.user.changeUsername.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Dein{else}Ihr{/if} Benutzername wurde erfolgreich geändert.]]></item>
<item name="wcf.user.changeEmail.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Deine{else}Ihre{/if} E-Mail-Adresse wurde erfolgreich geändert.]]></item>
<item name="wcf.user.changeEmail.needReactivation"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Deine{else}Ihre{/if} neue E-Mail-Adresse{if $newEmail|isset} („{$newEmail}“){/if} muss noch aktiviert werden. Dazu wurde eine E-Mail mit einem Aktivierungslink an die neue Adresse gesandt. {if LANGUAGE_USE_INFORMAL_VARIANT}Du musst{else}Sie müssen{/if} diesen Aktivierungslink aufrufen, um die neue E-Mail-Adresse zu aktivieren.]]></item>
<item name="wcf.acp.option.module_user_rank"><![CDATA[User ranks]]></item>
<item name="wcf.acp.option.module_user_signature"><![CDATA[Signatures]]></item>
<item name="wcf.acp.option.module_team_page"><![CDATA[Staff list]]></item>
- <item name="wcf.acp.option.register_enable_password_security_check"><![CDATA[Enable password validation]]></item>
- <item name="wcf.acp.option.register_enable_password_security_check.description"><![CDATA[Password complexity will be validated, unsafe passwords will be rejected.]]></item>
- <item name="wcf.acp.option.register_password_min_length"><![CDATA[Minimum Password Length]]></item>
- <item name="wcf.acp.option.register_password_must_contain_digit"><![CDATA[Password must contain digits]]></item>
- <item name="wcf.acp.option.register_password_must_contain_lower_case"><![CDATA[Password must contain lowercase characters]]></item>
- <item name="wcf.acp.option.register_password_must_contain_special_char"><![CDATA[Password must contain special characters]]></item>
- <item name="wcf.acp.option.register_password_must_contain_upper_case"><![CDATA[Password must contain uppercase characters]]></item>
+ <item name="wcf.acp.option.password_min_score"><![CDATA[Security Level]]></item>
+ <item name="wcf.acp.option.password_min_score.description"><![CDATA[“Score” value of the <a href="https://github.com/dropbox/zxcvbn" class="externalURL">zxcvbn library</a> that passwords need to achive.]]></item>
+ <item name="wcf.acp.option.password_min_score.0"><![CDATA[0: Disabled]]></item>
+ <item name="wcf.acp.option.password_min_score.1"><![CDATA[1: Very guessable (1 million attempts)]]></item>
+ <item name="wcf.acp.option.password_min_score.2"><![CDATA[2: Somewhat guessable (100 million attempts)]]></item>
<item name="wcf.acp.option.register_forbidden_usernames"><![CDATA[Reserved Usernames]]></item>
<item name="wcf.acp.option.register_forbidden_usernames.description"><![CDATA[You can specify which usernames are unavailable for registration. Enter one username per line.]]></item>
<item name="wcf.acp.option.register_forbidden_emails"><![CDATA[Reserved Email Addresses]]></item>
<item name="wcf.user.styles"><![CDATA[Styles]]></item>
<item name="wcf.user.style.description"><![CDATA[Forces a specific style instead of the default one.]]></item>
<item name="wcf.user.username.description"><![CDATA[Username must be {REGISTER_USERNAME_MIN_LENGTH} up to {REGISTER_USERNAME_MAX_LENGTH} characters long.]]></item>
- <item name="wcf.user.password.description"><![CDATA[{if REGISTER_ENABLE_PASSWORD_SECURITY_CHECK}Due to security reasons every password must be at least {REGISTER_PASSWORD_MIN_LENGTH} characters long{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
- *} and contain {*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}lower-case letters{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}upper-case letters{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}digits{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} and {/if}special chars{/if}{/if}.{else}A secure password should be at least 8 characters long.{/if}]]></item>
+ <item name="wcf.user.password.description"><![CDATA[A secure password should be at least 10 characters long.]]></item>
<item name="wcf.user.lostPassword"><![CDATA[Lost Password]]></item>
<item name="wcf.user.lostPassword.description"><![CDATA[You must provide your username or email address to request a new password. Contact the site’s administrator if you need assistance.]]></item>
<item name="wcf.user.lostPassword.email.error.notFound"><![CDATA[“{$email}” is not used by any account.]]></item>
<item name="wcf.user.quit.success"><![CDATA[Your user account will be deleted on {TIME_NOW+7*86400|date}. During this time period you can abort the deletion on this page.]]></item>
<item name="wcf.user.quit.cancel.success"><![CDATA[The account deletion has been aborted.]]></item>
<item name="wcf.user.emailActivation"><![CDATA[Verify New Email Address]]></item>
- <item name="wcf.user.password.error.notSecure"><![CDATA[Due to security reasons, every password must be at least {REGISTER_PASSWORD_MIN_LENGTH} characters long{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
- *} and contain {*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}lower-case letters{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}upper-case letters{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}digits{/if}{*
- *}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} and {/if}special chars{/if}{/if}.]]></item>
+ <item name="wcf.user.password.error.notSecure"><![CDATA[Please select a more secure password.]]></item>
<item name="wcf.user.changeUsername.success"><![CDATA[The username has been changed.]]></item>
<item name="wcf.user.changeEmail.success"><![CDATA[The email address has been changed.]]></item>
<item name="wcf.user.changeEmail.needReactivation"><![CDATA[Your new email address{if $newEmail|isset} (“{$newEmail}”){/if} must be verified first. You should have received an email which was sent to your new email address containing an activation link. Open the link to verify your new email address.]]></item>
projects / GitHub / WoltLab / WCF.git / commitdiff