PHP Velho Oeste 2024
    Edit Report a Bug

    crack_check

    (PECL crack >= 0.1)

    crack_checkPerforms an obscure check with the given password

    설명

    bool crack_check ( resource $dictionary , string $password )
    bool crack_check ( string $password , string $username = "" , string $gecos = "" , resource $dictionary = NULL )

    Performs an obscure check with the given password on the specified dictionary. The alternative signature also takes into account the username and the GECOS information.

    Warning

    이 함수는 실험적입니다. 이 함수의 작동, 함수의 이름, 그리고 관련된 모든 문서는 이후의 PHP 릴리즈에서 예고 없이 변경할 수 있습니다. 이 함수의 사용에 관한 것은 사용자 책임입니다.

    인수

    dictionary

    The crack lib dictionary. If not specified, the last opened dictionary is used.

    password

    The password to be checked.

    username

    The username of the account with the password.

    gecos

    The GECOS information associated with the user account.

    반환값

    Returns TRUE if password is strong, or FALSE otherwise.

    변경점

    버전 설명
    0.3 The username, gecos and dictionary parameters were added to the alternative signature.

    add a note add a note

    User Contributed Notes 2 notes

    up
    -4
    Anonymous
    14 years ago
    In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).

    There is a third format for the function call which supplies these additional parameters:

    bool crack_check (string $password, string $username, string $gecos, resource $dictionary)

    This is true of PECL crack version 0.4, I'm not sure about earlier versions.
    up
    -7
    vkontakte at mralston dot com
    14 years ago
    If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
    It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
    The $message variable will contain cracklib's complaint (if there is one)
    You'll want to wrap your invocation of this function in a try...catch block.

    <?php
    function cracklibCheck($password, &$message)
    {
            // Clean up password
            $password=str_replace("\r", "", $password);
            $password=str_replace("\n", "", $password);

            // Run password through cracklib-check
            exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
       
            // Check it ran properly
            if($return_var==0)
        {
            if(    preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
            {
                    // Check response
                    if(strtoupper($matches[1])=="OK")
                {
                        // Password is strong
                        $message="";
                    return(    true);
                }
                else
                {
                        // Cracklib doesn't like it
                        $message=$matches[1];
                    return(    false);
                }
            }
            else
            {
                    // Badly formatted response from cracklib-check.
                    throw new Exception("Didn't understand cracklib-check response.");
            }
        }
        else
        {
                // Some sort of execution error
                throw new Exception("Failed to run cracklib-check.");
        }
    }
    ?>
    add a note add a note
    To Top