Roundcube Community Forum

Third Party Contributions => API Based Plugins => Topic started by: Izwal on May 23, 2018, 08:02:58 AM

Title: Add a password strength meter to password plugin
Post by: Izwal on May 23, 2018, 08:02:58 AM
After a lot of thinking, reading and programming I have successfully add a strength meter to the original password plugin. I use it since Roundcube version 1.2.2 with no issues, so far.

The strength meter has both javascript and php code. The javascript code came from here:
https://stackoverflow.com/questions/948172/password-strength-meter/11268104#11268104 (https://stackoverflow.com/questions/948172/password-strength-meter/11268104#11268104)

while the php (which mathematically is the same as the javascript code) from here:
http://pastie.org/8889985 (http://pastie.org/8889985)

We will need a working Roundcube installation with the password plugin enabled (and also working). The directions below are the same for every version (at least, after v1.2.2) of Roundcube. Where given, the line numbers are relate to Roundcube v1.3.6.

The files that need to be changed are:
<Roundcube installation directory>/program/lib/Roundcube/html.php

and
<Roundcube installation directory>/plugins/password/localization/en_US.inc (or any other language needed)
<Roundcube installation directory>/plugins/password/config.inc.php
<Roundcube installation directory>/plugins/password/password.js
<Roundcube installation directory>/plugins/password/password.php

File ../program/lib/Roundcube/html.php
add value to array $common_attrib (line 34): 'name'
add value to array $allowed (line 402 to 407): 'onkeyup'
and save file html.php

File ../plugins/password/localization/en_US.inc
after the $labels = array();
add
$labels['passwdstrength']  = 'New password strength:';
and after $messages = array();
add
$messages['passwordstrength'] = 'New password is easy to guess, please try again.';
and save file en_US.inc

File ../plugins/password/config.inc.php
add $config['password_strength'] = <required password strength - number>;
and save file config.inc.php

File ../plugins/password/password.js (attached)
lines 56 and 57 are changing the color according to password strength. With a bit more programming these values could go to config.inc.php.

File password.php will follow.

PS: I couldn't put the images inline...
Title: Re: Add a password strength meter to password plugin
Post by: Izwal on May 24, 2018, 07:31:56 AM
File ../plugins/password/password.php (attached)
The function score_password ($pass) is added to line 74. Line 196 checks for password strength. Line 182 checks for the existence of username inside the new password value. Some minor cosmetic changes have been added (or deleted) to function password_form(). The rules are hardcoded in variable $rules (starting from line 300). These rules should go to the appropriate language file (but I'm too lazy).

Valid symbols-characters are:
ABC...XYZ
abc...xyz
123...890
!@#$%^&*()

That's all. I hope I haven't forgot anything.
Title: Re: Add a password strength meter to password plugin
Post by: SKaero on May 24, 2018, 09:35:55 AM
Could you create a plugin or at least a diff file for this? It would be a lot easier to apply that way.
Title: Re: Add a password strength meter to password plugin
Post by: alec on May 24, 2018, 09:36:25 AM
Would be better if you create a pull request on https://github.com/roundcube/roundcubemail
Title: Re: Add a password strength meter to password plugin
Post by: Izwal on May 26, 2018, 08:43:41 AM
@alec
I'm not a github user and I don't know its' functions.

@SKaero
I can quickly make the five diff files. I can also make a plugin but I will need a couple of days to read the plugin API. Still the html.php can't go to the plugin, right?
Title: Re: Add a password strength meter to password plugin
Post by: SKaero on May 26, 2018, 11:22:33 AM
If you make diff files I could submit a PR on Github for you. Alternatively you could create a Github account, its simple and free.
Title: Re: Add a password strength meter to password plugin
Post by: Izwal on May 27, 2018, 05:44:52 AM
Here are the diff files
Title: Re: Add a password strength meter to password plugin
Post by: wastl on September 04, 2018, 02:45:25 PM
Any way to add in a simple banned word list to this? Like, stop the users from using a password like "Password1!"?