Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

interface/lib/classes/validate_password.inc.php

@@ -38,19 +38,27 @@ class validate_password {
 			return 1;
 		}
 
+		$different = 0;
+		if (preg_match('/[abcdefghijklnmopqrstuvwxyz]/', $password)) {
+			$different += 1;
+		}
+
 		if (preg_match('/[ABCDEFGHIJKLNMOPQRSTUVWXYZ]/', $password)) {
 			$points += 1;
+			$different += 1;
 		}
 
 		if (preg_match('/[0123456789]/', $password)) {
 			$points += 1;
+			$different += 1;
 		}
 
 		if (preg_match('/[`~!@#$%^&*()_+|\\=-[]}{\';:\/?.>,<" ]/', $password)) {
 			$points += 1;
+			$different += 1;
 		}
 
-		if ($points == 0) {
+		if ($points == 0 || $different < 3) {
 			if ($length >= 5 && $length <= 6) {
 				return 1;
 			} else if ($length >= 7 && $length <= 8) {

interface/web/js/scrigo.js.php

@@ -579,6 +579,8 @@ pass_message['text'] = "<?php echo $wb['password_strength_5_txt']?>";
 pass_message['color'] = "green";
 pass_messages[5] = pass_message;
 
+var special_chars = "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ";
+
 function pass_check(password) {
 	var length = password.length;
 	var points = 0;
@@ -591,20 +593,29 @@ function pass_check(password) {
 		pass_result(1);
 		return;
 	}
-
+	
+	var different = 0;
+	
+	if (pass_contains(password, "abcdefghijklnmopqrstuvwxyz")) {
+		different += 1;
+	}
+	
 	if (pass_contains(password, "ABCDEFGHIJKLNMOPQRSTUVWXYZ")) {
 		points += 1;
+		different += 1;
 	}
 
 	if (pass_contains(password, "0123456789")) {
 		points += 1;
+		different += 1;
 	}
 
-	if (pass_contains(password, "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ")) {
+	if (pass_contains(password, special_chars)) {
 		points += 1;
+		different += 1;
 	}
 
-	if (points == 0) {
+	if (points == 0 || different < 3) {
 		if (length >= 5 && length <=6) {
 			pass_result(1);
 		} else if (length >= 7 && length <=8) {
@@ -742,27 +753,45 @@ function getInternetExplorerVersion() {
     return rv;
 }
 
-function password(minLength, special){
-	var iteration = 0;
-	var password = "";
-	var randomNumber;
+function password(minLength, special, num_special){
 	minLength = minLength || 10;
+	if(minLength < 8) minLength = 8;
 	var maxLength = minLength + 5;
 	var length = getRandomInt(minLength, maxLength);
-	if(special == undefined){
-		var special = false;
+	
+	var alphachars = "abcdefghijklmnopqrstuvwxyz";
+	var upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    var numchars = "1234567890";
+    var specialchars = "!@#_";
+	
+	if(num_special == undefined) num_special = 0;
+	if(special != undefined && special == true) {
+		num_special = Math.floor(Math.random() * (length / 4)) + 1;
 	}
-	while(iteration < length){
-		randomNumber = (Math.floor((Math.random() * 100)) % 94) + 33;
-		if(!special){
-			if ((randomNumber >=33) && (randomNumber <=47)) { continue; }
-			if ((randomNumber >=58) && (randomNumber <=64)) { continue; }
-			if ((randomNumber >=91) && (randomNumber <=96)) { continue; }
-			if ((randomNumber >=123) && (randomNumber <=126)) { continue; }
-		}
-		iteration++;
-		password += String.fromCharCode(randomNumber);
+	var numericlen = getRandomInt(1, 2);
+	var alphalen = length - num_special - numericlen;
+	var upperlen = Math.floor(alphalen / 2);
+	alphalen = alphalen - upperlen;
+	var password = "";
+	
+	for(i = 0; i < alphalen; i++) {
+		password += alphachars.charAt(Math.floor(Math.random() * alphachars.length));
+	}
+	
+	for(i = 0; i < upperlen; i++) {
+		password += upperchars.charAt(Math.floor(Math.random() * upperchars.length));
+	}
+	
+	for(i = 0; i < num_special; i++) {
+		password += specialchars.charAt(Math.floor(Math.random() * specialchars.length));
+	}
+	
+	for(i = 0; i < numericlen; i++) {
+		password += numchars.charAt(Math.floor(Math.random() * numchars.length));
 	}
+	
+	password = password.split('').sort(function() { return 0.5 - Math.random(); }).join('');
+	
 	return password;
 }
 
@@ -778,7 +807,7 @@ function generatePassword(passwordFieldID, repeatPasswordFieldID){
 	var newPWField = oldPWField.clone();
 	newPWField.attr('type', 'text').attr('id', 'tmp'+passwordFieldID).insertBefore(oldPWField);
 	oldPWField.remove();
-	var pword = password(<?php echo $min_password_length ?>, false);
+	var pword = password(<?php echo $min_password_length; ?>, false, 1);
 	jQuery('#'+repeatPasswordFieldID).val(pword);
 	newPWField.attr('id', passwordFieldID).val(pword).trigger('keyup');
 }