Horde_Auth
in package
The Horde_Auth class provides some useful authentication-related utilities and constants for the Auth package.
Tags
Table of Contents
- APRMD5_VALID = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
- 64 characters that are valid for APRMD5 passwords.
- CONSONANTS = 'bcdfghjklmnpqrstvwxz'
- Characters used when generating a password: consonants
- NUMBERS = '0123456789'
- Characters used when generating a password: numbers
- REASON_BADLOGIN = 1
- Authentication failure reason: Bad username and/or password
- REASON_EXPIRED = 3
- Authentication failure reason: Password has expired
- REASON_FAILED = 2
- Authentication failure reason: Login failed
- REASON_LOCKED = 7
- Authentication failure reason: User is locked
- REASON_LOGOUT = 4
- Authentication failure reason: Logout due to user request
- REASON_MESSAGE = 5
- Authentication failure reason: Logout with custom message
- REASON_SESSION = 6
- Authentication failure reason: Logout due to session expiration
- VOWELS = 'aeiouy'
- Characters used when generating a password: vowels
- checkPasswordPolicy() : mixed
- Checks whether a password matches some expected policy.
- checkPasswordSimilarity() : mixed
- Checks whether a password is too similar to a dictionary of strings.
- factory() : Horde_Auth_Base
- Attempts to return a concrete Horde_Auth_Base instance based on $driver.
- genRandomPassword() : string
- Generates a random, hopefully pronounceable, password.
- getCryptedPassword() : string
- Formats a password using the current encryption.
- getSalt() : string
- Returns a salt for the appropriate kind of password encryption.
- _toAPRMD5() : string
- Converts to allowed 64 characters for APRMD5 passwords.
Constants
APRMD5_VALID
64 characters that are valid for APRMD5 passwords.
public
mixed
APRMD5_VALID
= './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
CONSONANTS
Characters used when generating a password: consonants
public
mixed
CONSONANTS
= 'bcdfghjklmnpqrstvwxz'
NUMBERS
Characters used when generating a password: numbers
public
mixed
NUMBERS
= '0123456789'
REASON_BADLOGIN
Authentication failure reason: Bad username and/or password
public
mixed
REASON_BADLOGIN
= 1
REASON_EXPIRED
Authentication failure reason: Password has expired
public
mixed
REASON_EXPIRED
= 3
REASON_FAILED
Authentication failure reason: Login failed
public
mixed
REASON_FAILED
= 2
REASON_LOCKED
Authentication failure reason: User is locked
public
mixed
REASON_LOCKED
= 7
REASON_LOGOUT
Authentication failure reason: Logout due to user request
public
mixed
REASON_LOGOUT
= 4
REASON_MESSAGE
Authentication failure reason: Logout with custom message
public
mixed
REASON_MESSAGE
= 5
REASON_SESSION
Authentication failure reason: Logout due to session expiration
public
mixed
REASON_SESSION
= 6
VOWELS
Characters used when generating a password: vowels
public
mixed
VOWELS
= 'aeiouy'
Methods
checkPasswordPolicy()
Checks whether a password matches some expected policy.
public
static checkPasswordPolicy(string $password, array<string|int, mixed> $policy) : mixed
Parameters
- $password : string
-
A password.
- $policy : array<string|int, mixed>
-
A configuration with policy rules. Supported rules:
- minLength: Minimum length of the password
- maxLength: Maximum length of the password
- maxSpace: Maximum number of white space characters
The following are the types of characters required in a password. Either specific characters, character classes, or both can be required. Specific types are:
- minUpper: Minimum number of uppercase characters
- minLower: Minimum number of lowercase characters
- minNumeric: Minimum number of numeric characters (0-9)
- minAlphaNum: Minimum number of alphanumeric characters
- minAlpha: Minimum number of alphabetic characters
- minSymbol: Minimum number of punctuation / symbol characters
- minNonAlpha: Minimum number of non-alphabetic characters
Alternatively (or in addition to), the minimum number of character classes can be configured by setting the following. The valid range is 0 through 4 character classes may be required for a password. The classes are: 'upper', 'lower', 'number', and 'symbol'. For example: A password of 'p@ssw0rd' satisfies three classes ('number', 'lower', and 'symbol'), while 'passw0rd' only satisfies two classes ('lower' and 'number').
- minClasses: Minimum number (0 through 4) of character classes.
Tags
Return values
mixed —checkPasswordSimilarity()
Checks whether a password is too similar to a dictionary of strings.
public
static checkPasswordSimilarity(string $password, array<string|int, mixed> $dict[, float $max = 80 ]) : mixed
Parameters
- $password : string
-
A password.
- $dict : array<string|int, mixed>
-
A dictionary to check for similarity, for example the user name or an old password.
- $max : float = 80
-
The maximum allowed similarity in percent.
Tags
Return values
mixed —factory()
Attempts to return a concrete Horde_Auth_Base instance based on $driver.
public
static factory(string $driver[, array<string|int, mixed> $params = null ]) : Horde_Auth_Base
Parameters
- $driver : string
-
Either a driver name, or the full class name to use (class must extend Horde_Auth_Base).
- $params : array<string|int, mixed> = null
-
A hash containing any additional configuration or parameters a subclass might need.
Tags
Return values
Horde_Auth_Base —The newly created concrete instance.
genRandomPassword()
Generates a random, hopefully pronounceable, password.
public
static genRandomPassword() : string
This can be used when resetting automatically a user's password.
Return values
string —A random password
getCryptedPassword()
Formats a password using the current encryption.
public
static getCryptedPassword(string $plaintext[, string $salt = '' ][, string $encryption = 'md5-hex' ][, bool $show_encrypt = false ]) : string
Parameters
- $plaintext : string
-
The plaintext password to encrypt.
- $salt : string = ''
-
The salt to use to encrypt the password. If not present, a new salt will be generated.
- $encryption : string = 'md5-hex'
-
The kind of pasword encryption to use. Defaults to md5-hex.
- $show_encrypt : bool = false
-
Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false.
Return values
string —The encrypted password.
getSalt()
Returns a salt for the appropriate kind of password encryption.
public
static getSalt([string $encryption = 'md5-hex' ][, string $seed = '' ][, string $plaintext = '' ]) : string
Optionally takes a seed and a plaintext password, to extract the seed of an existing password, or for encryption types that use the plaintext in the generation of the salt.
Parameters
- $encryption : string = 'md5-hex'
-
The kind of pasword encryption to use. Defaults to md5-hex.
- $seed : string = ''
-
The seed to get the salt from (probably a previously generated password). Defaults to generating a new seed.
- $plaintext : string = ''
-
The plaintext password that we're generating a salt for. Defaults to none.
Return values
string —The generated or extracted salt.
_toAPRMD5()
Converts to allowed 64 characters for APRMD5 passwords.
protected
static _toAPRMD5(string $value, int $count) : string
Parameters
- $value : string
-
The value to convert
- $count : int
-
The number of iterations
Return values
string —$value converted to the 64 MD5 characters.