I have one. You will need to change some of it for your own needs. It also
checks the password against a dictionary using a Cracklib lib. (not
included)
Justin
<cfcomponent hint="Good Password Service" output="yes">
<!--- local scope--->
<cfset lscope = StructNew() />
<!---- error constants --->
<cfset lscope.MIN_LENGTH_ERROR = 1 />
<cfset lscope.MAX_LENGTH_ERROR = 2 />
<cfset lscope.MUST_HAVE_LETTERS_ERROR = 4 />
<cfset lscope.MUST_HAVE_NUMBERS_ERROR = 8 />
<cfset lscope.MUST_HAVE_SYMBOLS_ERROR = 16 />
<cfset lscope.REMEMBER_PASSWORD_ERROR = 32 />
<cfset lscope.ALLOW_JUST_CASE_CHANGE_ERROR = 64 />
<cfset lscope.MUST_HAVE_MIXED_CASE_ERROR = 128 />
<cfset lscope.PASS_CRACKER_TEST = 256 />
<cfset lscope.SAME_AS_USERNAME = 512 />
<!---- methods ---->
<cffunction name="IsGoodPassword" hint="Checks if a password is a good
password." output="yes">
<cfargument name="Password" type="string" required="yes"/>
<cfargument name="Username" type="string" required="yes"/>
<cfargument name="Domain" type="string" required="no" />
<cfif (Isdefined("Arguments.Domain"))>
<!--- Lookup password policy & populate defaults --->
<cfelse>
<cfset lscope.MinLength = "4" />
<cfset lscope.MaxLength = "20" />
<cfset lscope.MustHaveLetters = "no" /> <!--- need to check this --->
<cfset lscope.MustHaveNumbers = "no" />
<cfset lscope.MustHaveSymbols = "no" />
<cfset lscope.RememberPasswords = 4 />
<cfset lscope.AllowJustCasechange = "no" />
<cfset lscope.MustHaveMixedCase = "no" />
<cfset lscope.UseDictionaryTest = "no" />
</cfif>
<cfset mypassword = Trim(Password) />
<cfset lscope.status = 0 />
<cfset lscope.statusMessages = ArrayNew(1) />
<cfif (Len(mypassword) LT lscope.MinLength)>
<cfset lscope.status = lscope.status + lscope.MIN_LENGTH_ERROR />
<cfset ArrayAppend( lscope.statusMessages ,"Must be at least
#lscope.MinLength# charactors") />
</cfif>
<cfif (Len(mypassword) GT lscope.MaxLength)>
<cfset lscope.status = lscope.status + lscope.MAX_LENGTH_ERROR />
</cfif>
<cfif (lscope.MustHaveLetters and (not REFind("[A-Za-z]", mypassword)))>
<cfset lscope.status = lscope.status + lscope.MUST_HAVE_LETTERS_ERROR />
</cfif>
<cfif (lscope.MustHaveNumbers and (not (REFind("\d", mypassword))))>
<cfset lscope.status = lscope.status + lscope.MUST_HAVE_NUMBERS_ERROR />
</cfif>
<cfif (lscope.MustHaveSymbols and (not REFind("[[:punct:]]",
mypassword))) >
<cfset lscope.status = lscope.status + lscope.MUST_HAVE_SYMBOLS_ERROR />
</cfif>
<cfif (lscope.MustHaveMixedCase)>
<cfif not ( REFind("[A-Z]", mypassword) AND REFind("[a-z]", mypassword))
>
<cfset lscope.status = lscope.status +
lscope.MUST_HAVE_MIXED_CASE_ERROR />
</cfif>
</cfif>
<!--- look up the RememberPasswords amount of passwords --->
<cfif (lscope.RememberPasswords) >
<cfset PastPasswords =
this.GetPastPasswords(lscope.RememberPasswords,username) >
<cfloop query="PastPasswords">
<cfif (lscope.AllowJustCasechange) >
<cfif Find(#PastPasswords.password#,mypassword)>
<cfset lscope.status = lscope.status + lscope.REMEMBER_PASSWORD_ERROR
/>
<cfbreak />
</cfif>
<cfelse>
<cfif FindNoCase(#PastPasswords.password#,mypassword)>
<cfset lscope.status = lscope.status + lscope.REMEMBER_PASSWORD_ERROR
/>
<cfbreak />
</cfif>
</cfif>
</cfloop>
</cfif>
<!--- check the password is not the username!! --->
<cfif FindNoCase(Username,mypassword)>
<cfset lscope.status = lscope.status + lscope.SAME_AS_USERNAME />
</cfif>
<cfobject
action = "create"
type = "java"
class = "org.maccarthy.util.PasswordChecker"
name = "passwordChecker">
<cfset myString = JavaCast("String",
"\WEB-INF\classes\org\cracklib.dict") />
<cfset context = GetPageContext().getServletContext() />
<cfset cracklibPath = context.getRealPath(myString) />
<cftry>
<cfset passwordCheckResult = passwordChecker.check(Password) />
<cfcatch type="java.lang.Exception">
<cfset passwordCheckResult = "" />
</cfcatch>
</cftry>
<cfif passwordCheckResult IS passwordChecker.VALID_PASSWORD>
<!---
<cfoutput> passwordCheckResult = #passwordCheckResult#</cfoutput>
--->
<cfelse>
<cfset lscope.status = lscope.status + lscope.PASS_CRACKER_TEST />
<cfset ArrayAppend( lscope.statusMessages, passwordCheckResult)/>
</cfif>
<cfif (lscope.status) >
<cfoutput> lscope.status = #lscope.status#</cfoutput>
<cfreturn false />
<cfelse>
<cfreturn true />
</cfif>
</cffunction>
<cffunction name="GetStatusCode" hint="Returns the status code.">
<cfreturn lscope.status />
</cffunction>
<cffunction name="GetStatusMessages" hint="Returns an array of Status code
Messages *not finished*">
<cfreturn lscope.statusMessages>
</cffunction>
<cffunction name="GetPastPasswords" hint="Gets the past passwords to check
new password against">
<cfargument name="NumberOfPasswords" required="yes" type="numeric" />
<cfargument name="Username" required="yes" type="string" />
<cfquery name="GetPastPasswords" datasource="#request.dsn#" debug="yes">
SELECT TOP #Arguments.NumberOfPasswords# Password
FROM PasswordHistory
WHERE Username = '#Arguments.Username#'
AND Domain = '#Arguments.Domain#'
ORDER BY DateChanged DESC
</cfquery>
<cfreturn GetPastPasswords>
</cffunction>
<cffunction name="UpdateHistory" hint=" TODO: ">
<cfset x = 1 />
<!--- delete old passwords --->
</cffunction>
<cffunction name="Init" hint="">
<cfset lscope.status = 0/>
</cffunction>
</cfcomponent>
-----Original Message-----
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: 11 March 2004 10:36
To: '[EMAIL PROTECTED]'
Subject: [ cf-dev ] OT : Password Check
Anyone got any links/scripts for a Change / New Password box which checks
things like Length, Strength etc...
N
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. Visit
our website at http://www.reedexpo.com
--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by
activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com*
To unsubscribe, e-mail: [EMAIL PROTECTED]
