Edit Report a Bug

    crack_check

    (PECL crack >= 0.1)

    crack_check用给定的密码来进行破解测试

    说明

    crack_check ( resource $dictionary , string $password ) : bool
    crack_check ( string $password , string $username = "" , string $gecos = "" , resource $dictionary = NULL ) : bool

    使用特定字典中给定的密码来进行密码强度检测。可供选择的特征(The alternative signature )还考虑用户名和GECOS信息。

    Warning

    此函数是实验性的。此函数的表象,包括名称及其相关文档都可能在未来的 PHP 发布版本中未通知就被修改。使用本函数风险自担。

    参数

    dictionary

    破解库所使用的字典,如果没有指定,则使用最后一次打开的字典。

    password

    需要检查的密码。

    username

    用于密码检测的这个账户的用户名。

    gecos

    用户账户的 GECOS 信息。

    返回值

    返回 TRUE 如果 password 足够安全, 或者返回 FALSE 表示可能需要进一步的操作.

    更新日志

    版本 说明
    0.3 usernamegecosdictionary 字段被添加到了可供选择的特征(alternative signature)中。

    add a note add a note

    User Contributed Notes 2 notes

    up
    -4
    Anonymous
    14 years ago
    In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).

    There is a third format for the function call which supplies these additional parameters:

    bool crack_check (string $password, string $username, string $gecos, resource $dictionary)

    This is true of PECL crack version 0.4, I'm not sure about earlier versions.
    up
    -7
    vkontakte at mralston dot com
    14 years ago
    If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
    It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
    The $message variable will contain cracklib's complaint (if there is one)
    You'll want to wrap your invocation of this function in a try...catch block.

    <?php
    function cracklibCheck($password, &$message)
    {
            // Clean up password
            $password=str_replace("\r", "", $password);
            $password=str_replace("\n", "", $password);

            // Run password through cracklib-check
            exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
       
            // Check it ran properly
            if($return_var==0)
        {
            if(    preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
            {
                    // Check response
                    if(strtoupper($matches[1])=="OK")
                {
                        // Password is strong
                        $message="";
                    return(    true);
                }
                else
                {
                        // Cracklib doesn't like it
                        $message=$matches[1];
                    return(    false);
                }
            }
            else
            {
                    // Badly formatted response from cracklib-check.
                    throw new Exception("Didn't understand cracklib-check response.");
            }
        }
        else
        {
                // Some sort of execution error
                throw new Exception("Failed to run cracklib-check.");
        }
    }
    ?>
    add a note add a note
    To Top