Documentation

Horde_Auth
in package

The Horde_Auth class provides some useful authentication-related utilities and constants for the Auth package.

Tags
author

Chuck Hagenbuch chuck@horde.org

author

Michael Slusarz slusarz@horde.org

category

Horde

copyright

1999-2017 Horde LLC

license

http://www.horde.org/licenses/lgpl21 LGPL-2.1

Table of Contents

APRMD5_VALID  = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
64 characters that are valid for APRMD5 passwords.
CONSONANTS  = 'bcdfghjklmnpqrstvwxz'
Characters used when generating a password: consonants
NUMBERS  = '0123456789'
Characters used when generating a password: numbers
REASON_BADLOGIN  = 1
Authentication failure reason: Bad username and/or password
REASON_EXPIRED  = 3
Authentication failure reason: Password has expired
REASON_FAILED  = 2
Authentication failure reason: Login failed
REASON_LOCKED  = 7
Authentication failure reason: User is locked
REASON_LOGOUT  = 4
Authentication failure reason: Logout due to user request
REASON_MESSAGE  = 5
Authentication failure reason: Logout with custom message
REASON_SESSION  = 6
Authentication failure reason: Logout due to session expiration
VOWELS  = 'aeiouy'
Characters used when generating a password: vowels
checkPasswordPolicy()  : mixed
Checks whether a password matches some expected policy.
checkPasswordSimilarity()  : mixed
Checks whether a password is too similar to a dictionary of strings.
factory()  : Horde_Auth_Base
Attempts to return a concrete Horde_Auth_Base instance based on $driver.
genRandomPassword()  : string
Generates a random, hopefully pronounceable, password.
getCryptedPassword()  : string
Formats a password using the current encryption.
getSalt()  : string
Returns a salt for the appropriate kind of password encryption.
_toAPRMD5()  : string
Converts to allowed 64 characters for APRMD5 passwords.

Constants

APRMD5_VALID

64 characters that are valid for APRMD5 passwords.

public mixed APRMD5_VALID = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

CONSONANTS

Characters used when generating a password: consonants

public mixed CONSONANTS = 'bcdfghjklmnpqrstvwxz'

NUMBERS

Characters used when generating a password: numbers

public mixed NUMBERS = '0123456789'

REASON_BADLOGIN

Authentication failure reason: Bad username and/or password

public mixed REASON_BADLOGIN = 1

REASON_EXPIRED

Authentication failure reason: Password has expired

public mixed REASON_EXPIRED = 3

REASON_FAILED

Authentication failure reason: Login failed

public mixed REASON_FAILED = 2

REASON_LOCKED

Authentication failure reason: User is locked

public mixed REASON_LOCKED = 7

REASON_LOGOUT

Authentication failure reason: Logout due to user request

public mixed REASON_LOGOUT = 4

REASON_MESSAGE

Authentication failure reason: Logout with custom message

public mixed REASON_MESSAGE = 5

REASON_SESSION

Authentication failure reason: Logout due to session expiration

public mixed REASON_SESSION = 6

VOWELS

Characters used when generating a password: vowels

public mixed VOWELS = 'aeiouy'

Methods

checkPasswordPolicy()

Checks whether a password matches some expected policy.

public static checkPasswordPolicy(string $password, array<string|int, mixed> $policy) : mixed
Parameters
$password : string

A password.

$policy : array<string|int, mixed>

A configuration with policy rules. Supported rules:

  • minLength: Minimum length of the password
  • maxLength: Maximum length of the password
  • maxSpace: Maximum number of white space characters

The following are the types of characters required in a password. Either specific characters, character classes, or both can be required. Specific types are:

  • minUpper: Minimum number of uppercase characters
  • minLower: Minimum number of lowercase characters
  • minNumeric: Minimum number of numeric characters (0-9)
  • minAlphaNum: Minimum number of alphanumeric characters
  • minAlpha: Minimum number of alphabetic characters
  • minSymbol: Minimum number of punctuation / symbol characters
  • minNonAlpha: Minimum number of non-alphabetic characters

Alternatively (or in addition to), the minimum number of character classes can be configured by setting the following. The valid range is 0 through 4 character classes may be required for a password. The classes are: 'upper', 'lower', 'number', and 'symbol'. For example: A password of 'p@ssw0rd' satisfies three classes ('number', 'lower', and 'symbol'), while 'passw0rd' only satisfies two classes ('lower' and 'number').

  • minClasses: Minimum number (0 through 4) of character classes.
Tags
throws
Horde_Auth_Exception

if the password does not match the policy.

Return values
mixed

checkPasswordSimilarity()

Checks whether a password is too similar to a dictionary of strings.

public static checkPasswordSimilarity(string $password, array<string|int, mixed> $dict[, float $max = 80 ]) : mixed
Parameters
$password : string

A password.

$dict : array<string|int, mixed>

A dictionary to check for similarity, for example the user name or an old password.

$max : float = 80

The maximum allowed similarity in percent.

Tags
throws
Horde_Auth_Exception

if the password is too similar.

Return values
mixed

factory()

Attempts to return a concrete Horde_Auth_Base instance based on $driver.

public static factory(string $driver[, array<string|int, mixed> $params = null ]) : Horde_Auth_Base
Parameters
$driver : string

Either a driver name, or the full class name to use (class must extend Horde_Auth_Base).

$params : array<string|int, mixed> = null

A hash containing any additional configuration or parameters a subclass might need.

Tags
deprecated
throws
Horde_Auth_Exception
Return values
Horde_Auth_Base

The newly created concrete instance.

genRandomPassword()

Generates a random, hopefully pronounceable, password.

public static genRandomPassword() : string

This can be used when resetting automatically a user's password.

Return values
string

A random password

getCryptedPassword()

Formats a password using the current encryption.

public static getCryptedPassword(string $plaintext[, string $salt = '' ][, string $encryption = 'md5-hex' ][, bool $show_encrypt = false ]) : string
Parameters
$plaintext : string

The plaintext password to encrypt.

$salt : string = ''

The salt to use to encrypt the password. If not present, a new salt will be generated.

$encryption : string = 'md5-hex'

The kind of pasword encryption to use. Defaults to md5-hex.

$show_encrypt : bool = false

Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false.

Return values
string

The encrypted password.

getSalt()

Returns a salt for the appropriate kind of password encryption.

public static getSalt([string $encryption = 'md5-hex' ][, string $seed = '' ][, string $plaintext = '' ]) : string

Optionally takes a seed and a plaintext password, to extract the seed of an existing password, or for encryption types that use the plaintext in the generation of the salt.

Parameters
$encryption : string = 'md5-hex'

The kind of pasword encryption to use. Defaults to md5-hex.

$seed : string = ''

The seed to get the salt from (probably a previously generated password). Defaults to generating a new seed.

$plaintext : string = ''

The plaintext password that we're generating a salt for. Defaults to none.

Return values
string

The generated or extracted salt.

_toAPRMD5()

Converts to allowed 64 characters for APRMD5 passwords.

protected static _toAPRMD5(string $value, int $count) : string
Parameters
$value : string

The value to convert

$count : int

The number of iterations

Return values
string

$value converted to the 64 MD5 characters.

Search results