Author Topic: Add a password strength meter to password plugin  (Read 10164 times)

Offline Izwal

  • Newbie
  • *
  • Posts: 4
Add a password strength meter to password plugin
« on: May 23, 2018, 08:02:58 AM »
After a lot of thinking, reading and programming I have successfully add a strength meter to the original password plugin. I use it since Roundcube version 1.2.2 with no issues, so far.

The strength meter has both javascript and php code. The javascript code came from here:
https://stackoverflow.com/questions/948172/password-strength-meter/11268104#11268104

while the php (which mathematically is the same as the javascript code) from here:
http://pastie.org/8889985

We will need a working Roundcube installation with the password plugin enabled (and also working). The directions below are the same for every version (at least, after v1.2.2) of Roundcube. Where given, the line numbers are relate to Roundcube v1.3.6.

The files that need to be changed are:
<Roundcube installation directory>/program/lib/Roundcube/html.php

and
<Roundcube installation directory>/plugins/password/localization/en_US.inc (or any other language needed)
<Roundcube installation directory>/plugins/password/config.inc.php
<Roundcube installation directory>/plugins/password/password.js
<Roundcube installation directory>/plugins/password/password.php

File ../program/lib/Roundcube/html.php
add value to array $common_attrib (line 34): 'name'
add value to array $allowed (line 402 to 407): 'onkeyup'
and save file html.php

File ../plugins/password/localization/en_US.inc
after the $labels = array();
add
$labels['passwdstrength']  = 'New password strength:';
and after $messages = array();
add
$messages['passwordstrength'] = 'New password is easy to guess, please try again.';
and save file en_US.inc

File ../plugins/password/config.inc.php
add $config['password_strength'] = <required password strength - number>;
and save file config.inc.php

File ../plugins/password/password.js (attached)
lines 56 and 57 are changing the color according to password strength. With a bit more programming these values could go to config.inc.php.

File password.php will follow.

PS: I couldn't put the images inline...

Offline Izwal

  • Newbie
  • *
  • Posts: 4
Re: Add a password strength meter to password plugin
« Reply #1 on: May 24, 2018, 07:31:56 AM »
File ../plugins/password/password.php (attached)
The function score_password ($pass) is added to line 74. Line 196 checks for password strength. Line 182 checks for the existence of username inside the new password value. Some minor cosmetic changes have been added (or deleted) to function password_form(). The rules are hardcoded in variable $rules (starting from line 300). These rules should go to the appropriate language file (but I'm too lazy).

Valid symbols-characters are:
ABC...XYZ
abc...xyz
123...890
!@#$%^&*()

That's all. I hope I haven't forgot anything.

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,873
    • SKaero - Custom Roundcube development
Re: Add a password strength meter to password plugin
« Reply #2 on: May 24, 2018, 09:35:55 AM »
Could you create a plugin or at least a diff file for this? It would be a lot easier to apply that way.

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: Add a password strength meter to password plugin
« Reply #3 on: May 24, 2018, 09:36:25 AM »
Would be better if you create a pull request on https://github.com/roundcube/roundcubemail

Offline Izwal

  • Newbie
  • *
  • Posts: 4
Re: Add a password strength meter to password plugin
« Reply #4 on: May 26, 2018, 08:43:41 AM »
@alec
I'm not a github user and I don't know its' functions.

@SKaero
I can quickly make the five diff files. I can also make a plugin but I will need a couple of days to read the plugin API. Still the html.php can't go to the plugin, right?

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,873
    • SKaero - Custom Roundcube development
Re: Add a password strength meter to password plugin
« Reply #5 on: May 26, 2018, 11:22:33 AM »
If you make diff files I could submit a PR on Github for you. Alternatively you could create a Github account, its simple and free.

Offline Izwal

  • Newbie
  • *
  • Posts: 4
Re: Add a password strength meter to password plugin
« Reply #6 on: May 27, 2018, 05:44:52 AM »
Here are the diff files

Offline wastl

  • Newbie
  • *
  • Posts: 1
Re: Add a password strength meter to password plugin
« Reply #7 on: September 04, 2018, 02:45:25 PM »
Any way to add in a simple banned word list to this? Like, stop the users from using a password like "Password1!"?