Nice, got any JS?
-----Original Message----- From: Justin MacCarthy [mailto:[EMAIL PROTECTED] Sent: 11 March 2004 14:25 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] OT : Password Check I have one. You will need to change some of it for your own needs. It also checks the password against a dictionary using a Cracklib lib. (not included) Justin <cfcomponent hint="Good Password Service" output="yes"> <!--- local scope---> <cfset lscope = StructNew() /> <!---- error constants ---> <cfset lscope.MIN_LENGTH_ERROR = 1 /> <cfset lscope.MAX_LENGTH_ERROR = 2 /> <cfset lscope.MUST_HAVE_LETTERS_ERROR = 4 /> <cfset lscope.MUST_HAVE_NUMBERS_ERROR = 8 /> <cfset lscope.MUST_HAVE_SYMBOLS_ERROR = 16 /> <cfset lscope.REMEMBER_PASSWORD_ERROR = 32 /> <cfset lscope.ALLOW_JUST_CASE_CHANGE_ERROR = 64 /> <cfset lscope.MUST_HAVE_MIXED_CASE_ERROR = 128 /> <cfset lscope.PASS_CRACKER_TEST = 256 /> <cfset lscope.SAME_AS_USERNAME = 512 /> <!---- methods ----> <cffunction name="IsGoodPassword" hint="Checks if a password is a good password." output="yes"> <cfargument name="Password" type="string" required="yes"/> <cfargument name="Username" type="string" required="yes"/> <cfargument name="Domain" type="string" required="no" /> <cfif (Isdefined("Arguments.Domain"))> <!--- Lookup password policy & populate defaults ---> <cfelse> <cfset lscope.MinLength = "4" /> <cfset lscope.MaxLength = "20" /> <cfset lscope.MustHaveLetters = "no" /> <!--- need to check this ---> <cfset lscope.MustHaveNumbers = "no" /> <cfset lscope.MustHaveSymbols = "no" /> <cfset lscope.RememberPasswords = 4 /> <cfset lscope.AllowJustCasechange = "no" /> <cfset lscope.MustHaveMixedCase = "no" /> <cfset lscope.UseDictionaryTest = "no" /> </cfif> <cfset mypassword = Trim(Password) /> <cfset lscope.status = 0 /> <cfset lscope.statusMessages = ArrayNew(1) /> <cfif (Len(mypassword) LT lscope.MinLength)> <cfset lscope.status = lscope.status + lscope.MIN_LENGTH_ERROR /> <cfset ArrayAppend( lscope.statusMessages ,"Must be at least #lscope.MinLength# charactors") /> </cfif> <cfif (Len(mypassword) GT lscope.MaxLength)> <cfset lscope.status = lscope.status + lscope.MAX_LENGTH_ERROR /> </cfif> <cfif (lscope.MustHaveLetters and (not REFind("[A-Za-z]", mypassword)))> <cfset lscope.status = lscope.status + lscope.MUST_HAVE_LETTERS_ERROR /> </cfif> <cfif (lscope.MustHaveNumbers and (not (REFind("\d", mypassword))))> <cfset lscope.status = lscope.status + lscope.MUST_HAVE_NUMBERS_ERROR /> </cfif> <cfif (lscope.MustHaveSymbols and (not REFind("[[:punct:]]", mypassword))) > <cfset lscope.status = lscope.status + lscope.MUST_HAVE_SYMBOLS_ERROR /> </cfif> <cfif (lscope.MustHaveMixedCase)> <cfif not ( REFind("[A-Z]", mypassword) AND REFind("[a-z]", mypassword)) > <cfset lscope.status = lscope.status + lscope.MUST_HAVE_MIXED_CASE_ERROR /> </cfif> </cfif> <!--- look up the RememberPasswords amount of passwords ---> <cfif (lscope.RememberPasswords) > <cfset PastPasswords = this.GetPastPasswords(lscope.RememberPasswords,username) > <cfloop query="PastPasswords"> <cfif (lscope.AllowJustCasechange) > <cfif Find(#PastPasswords.password#,mypassword)> <cfset lscope.status = lscope.status + lscope.REMEMBER_PASSWORD_ERROR /> <cfbreak /> </cfif> <cfelse> <cfif FindNoCase(#PastPasswords.password#,mypassword)> <cfset lscope.status = lscope.status + lscope.REMEMBER_PASSWORD_ERROR /> <cfbreak /> </cfif> </cfif> </cfloop> </cfif> <!--- check the password is not the username!! ---> <cfif FindNoCase(Username,mypassword)> <cfset lscope.status = lscope.status + lscope.SAME_AS_USERNAME /> </cfif> <cfobject action = "create" type = "java" class = "org.maccarthy.util.PasswordChecker" name = "passwordChecker"> <cfset myString = JavaCast("String", "\WEB-INF\classes\org\cracklib.dict") /> <cfset context = GetPageContext().getServletContext() /> <cfset cracklibPath = context.getRealPath(myString) /> <cftry> <cfset passwordCheckResult = passwordChecker.check(Password) /> <cfcatch type="java.lang.Exception"> <cfset passwordCheckResult = "" /> </cfcatch> </cftry> <cfif passwordCheckResult IS passwordChecker.VALID_PASSWORD> <!--- <cfoutput> passwordCheckResult = #passwordCheckResult#</cfoutput> ---> <cfelse> <cfset lscope.status = lscope.status + lscope.PASS_CRACKER_TEST /> <cfset ArrayAppend( lscope.statusMessages, passwordCheckResult)/> </cfif> <cfif (lscope.status) > <cfoutput> lscope.status = #lscope.status#</cfoutput> <cfreturn false /> <cfelse> <cfreturn true /> </cfif> </cffunction> <cffunction name="GetStatusCode" hint="Returns the status code."> <cfreturn lscope.status /> </cffunction> <cffunction name="GetStatusMessages" hint="Returns an array of Status code Messages *not finished*"> <cfreturn lscope.statusMessages> </cffunction> <cffunction name="GetPastPasswords" hint="Gets the past passwords to check new password against"> <cfargument name="NumberOfPasswords" required="yes" type="numeric" /> <cfargument name="Username" required="yes" type="string" /> <cfquery name="GetPastPasswords" datasource="#request.dsn#" debug="yes"> SELECT TOP #Arguments.NumberOfPasswords# Password FROM PasswordHistory WHERE Username = '#Arguments.Username#' AND Domain = '#Arguments.Domain#' ORDER BY DateChanged DESC </cfquery> <cfreturn GetPastPasswords> </cffunction> <cffunction name="UpdateHistory" hint=" TODO: "> <cfset x = 1 /> <!--- delete old passwords ---> </cffunction> <cffunction name="Init" hint=""> <cfset lscope.status = 0/> </cffunction> </cfcomponent> -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: 11 March 2004 10:36 To: '[EMAIL PROTECTED]' Subject: [ cf-dev ] OT : Password Check Anyone got any links/scripts for a Change / New Password box which checks things like Length, Strength etc... N This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. Visit our website at http://www.reedexpo.com -- These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/ Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ CFDeveloper Sponsors and contributors:- *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com* *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com* *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com* To unsubscribe, e-mail: [EMAIL PROTECTED] This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. Visit our website at http://www.reedexpo.com -- These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/ Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ CFDeveloper Sponsors and contributors:- *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com* *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com* *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com* To unsubscribe, e-mail: [EMAIL PROTECTED]
