}
// check password security
- if (mb_strlen($this->masterPassword) < 8) {
+ if (mb_strlen($this->masterPassword) < 12) {
throw new UserInputException('masterPassword', 'notSecure');
}
// digits
if (!Regex::compile('[A-Z]')->match($this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
- // special characters
- if (!Regex::compile('[^0-9a-zA-Z]')->match($this->masterPassword)) {
- throw new UserInputException('masterPassword', 'notSecure');
- }
// password equals username
if ($this->masterPassword == WCF::getUser()->username) {
WCF::getTPL()->assign(array(
'confirmMasterPassword' => $this->confirmMasterPassword,
- 'exampleMasterPassword' => PasswordUtil::getRandomPassword(12),
+ 'exampleMasterPassword' => PasswordUtil::getRandomPassword(16),
'relativeWcfDir' => RELATIVE_WCF_DIR
));
}
parent::save();
// generate new password
- $this->newPassword = PasswordUtil::getRandomPassword((REGISTER_PASSWORD_MIN_LENGTH > 9 ? REGISTER_PASSWORD_MIN_LENGTH : 9));
+ $this->newPassword = PasswordUtil::getRandomPassword((REGISTER_PASSWORD_MIN_LENGTH > 12 ? REGISTER_PASSWORD_MIN_LENGTH : 12));
// update user
$this->objectAction = new UserAction(array($this->user), 'update', array(
* @param \wcf\data\user\UserEditor $userEditor
*/
protected function sendNewPassword(UserEditor $userEditor) {
- $newPassword = PasswordUtil::getRandomPassword();
+ $newPassword = PasswordUtil::getRandomPassword((REGISTER_PASSWORD_MIN_LENGTH > 12 ? REGISTER_PASSWORD_MIN_LENGTH : 12));
$userAction = new UserAction(array($userEditor), 'update', array(
'data' => array(
* @category Community Framework
*/
final class PasswordUtil {
+ /**
+ * list of possible characters in generated passwords
+ * @var string
+ */
+ const PASSWORD_CHARSET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+
/**
* concated list of valid blowfish salt characters
* @var string
}
/**
- * Generates a random user password with the given character length.
+ * Generates a random alphanumeric user password with the given character length.
*
* @param integer $length
* @return string
*/
- public static function getRandomPassword($length = 8) {
- $availableCharacters = array(
- 'abcdefghijklmnopqrstuvwxyz',
- 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
- '0123456789',
- '+#-.,;:?!'
- );
-
+ public static function getRandomPassword($length = 12) {
+ $charset = self::PASSWORD_CHARSET;
$password = '';
- $type = 0;
- for ($i = 0; $i < $length; $i++) {
- $type = ($i % 4 == 0) ? 0 : ($type + 1);
- $password .= substr($availableCharacters[$type], self::secureRandomNumber(0, strlen($availableCharacters[$type]) - 1), 1);
+
+ for ($i = 0, $maxIndex = (strlen($charset) - 1); $i < $length; $i++) {
+ $password .= $charset[self::secureRandomNumber(0, $maxIndex)];
}
-
- return str_shuffle($password);
+
+ return $password;
}
/**