Posts tagged password

Web Dev> Validate Password creation with PHP

Dec06
2011 Written by Scott Rowley

The following can be used to test for different criteria in passwords.

<?php
$min = 6;
$max = 20;
$password = $_POST['password'];
$confirmpw = $_POST['confirmpw'];
if($password != $confirmpw){
$error .= "Password and Confirm password do not match! <br />";
}
if( strlen($password) < $min ) {
$error .= "Password too short! <br />";
}
if( strlen($password) > $max ) {
$error .= "Password too long! <br />";
}
if( !preg_match("#[0-9]+#", $password) ) {
$error .= "Password must include at least one number! <br />";
}
if( !preg_match("#[a-z]+#", $password) ) {
$error .= "Password must include at least one letter! <br />";
}
if( !preg_match("#[A-Z]+#", $password) ) {
$error .= "Password must include at least one CAPITAL! <br />";
}
if( !preg_match("#\W+#", $password) ) {
$error .= "Password must include at least one symbol! <br />";
}
if($error){
echo "Password Failure: $error";
} else {
// Code to execute on success.
}
?>
Posted in PHP, Security, Web Development - Tagged check, confirm, php, secure, security, validate, validation, verify

Web Dev> PHP created random password

Jul22
2011 Written by Scott Rowley 
<?php
// The letter l (lowercase L) and the number 1
// have been removed, as they can be mistaken
// for each other.
function RandomPass() {
// Comment the first line to exclude special characters
$chars = "!@#$%^&*";
$chars .= "abcdefghijkmnopqrstuvwxyz023456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
srand((double)microtime()*1000000);
$i = 1;
$pass = '' ;
// Number of digits we'd like to have our password be
$n = 8;
while ($i < $n) {
$num = rand() % strlen($chars);
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
// Usage
$password = RandomPass();
echo "Random password is: $password";
?>
Posted in Web Development - Tagged create, dev, development, microtime, php, rand, random, return, srand, substr, web, while

Web Dev> Password protect apache directory with LDAP & .htaccess

Apr06
2011 Written by Scott Rowley

First thing you’ll need to do is to enable the needed mods, ldap.load & authnz_ldap.load These come preloaded with most linux, you’ll just need to enable them.
On Ubuntu:

Enable LDAP Authentication

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ldap.load ldap.load
ln -s ../mods-available/authnz_ldap.load authnz_ldap.load
apache2ctl graceful

.htaccess

You should now be able to implement the following wherever desired:
Example .htaccess file

Order deny,allow
Deny from All
AuthName "Restricted Page - login with LDAP credentials"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://ldap.example.com/ou=admins,o=LDAPROOT?adminUser
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require valid-user
Satisfy any
<Files .htaccess>
order allow,deny
deny from all
</Files>

Note that ‘?adminUser’ on the end of the AuthLDAPUrl line is whatever object you use in your configuration.

Apache Config

/etc/apache2/sites-available/default
Make sure the following is set (the default is AllowOverride AuthConfig)

AllowOverride All
Posted in Ubuntu, Web Development - Tagged htaccess, ldap, protect, security, ubuntu

Corrections? Questions? Comments?

Find an error?
Everything work out great for you?
Have some feedback?
Like to see something added to the article?

PLEASE leave us a comment after the article and let us know how we are doing, or if something needs corrected, improved or clarified.

Thank you!
- The Management

Advertisement

Back to Top