downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

crack_closedict> <Crack
Last updated: Sun, 25 Nov 2007

view this page in

crack_check

(PHP 4 >= 4.0.5, PECL crack:0.1-0.4)

crack_check — Performs an obscure check with the given password

说明

bool crack_check ( resource $dictionary , string $password )
bool crack_check ( string $password )

Performs an obscure check with the given password on the specified dictionary.

Warning

本函数是实验性的。本函数的行为,包括函数名称以及其它任何关于本函数的文档可能会在没有通知的情况下随 PHP 以后的发布而改变。使用本函数风险自担。

参数

dictionary

The crack lib dictionary. If not specified, the last opened dictionary is used.

password

The tested password.

返回值

Returns TRUE if password is strong, or FALSE otherwise.



add a note add a note User Contributed Notes
crack_check
Anonymous
26-Feb-2010 05:16
In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).

There is a third format for the function call which supplies these additional parameters:

bool crack_check (string $password, string $username, string $gecos, resource $dictionary)

This is true of PECL crack version 0.4, I'm not sure about earlier versions.
vkontakte at mralston dot com
21-Jan-2010 11:27
If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
The $message variable will contain cracklib's complaint (if there is one)
You'll want to wrap your invocation of this function in a try...catch block.

<?php
function cracklibCheck($password, &$message)
{
    // Clean up password
    $password=str_replace("\r", "", $password);
    $password=str_replace("\n", "", $password);

    // Run password through cracklib-check
    exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
   
    // Check it ran properly
    if($return_var==0)
    {
        if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
        {
            // Check response
            if(strtoupper($matches[1])=="OK")
            {
                // Password is strong
                $message="";
                return(true);
            }
            else
            {
                // Cracklib doesn't like it
                $message=$matches[1];
                return(false);
            }
        }
        else
        {
            // Badly formatted response from cracklib-check.
            throw new Exception("Didn't understand cracklib-check response.");
        }
    }
    else
    {
        // Some sort of execution error
        throw new Exception("Failed to run cracklib-check.");
    }
}
?>
add a note add a note

crack_closedict> <Crack
Last updated: Sun, 25 Nov 2007
 
 
show source | credits | stats | sitemap | contact | advertising | mirror sites