Posts tagged security

Web Dev> Validate Password creation with PHP

Dec06
2011 Written by Scott Rowley

The following can be used to test for different criteria in passwords.

<?php
$min = 6;
$max = 20;
$password = $_POST['password'];
$confirmpw = $_POST['confirmpw'];
if($password != $confirmpw){
$error .= "Password and Confirm password do not match! <br />";
}
if( strlen($password) < $min ) {
$error .= "Password too short! <br />";
}
if( strlen($password) > $max ) {
$error .= "Password too long! <br />";
}
if( !preg_match("#[0-9]+#", $password) ) {
$error .= "Password must include at least one number! <br />";
}
if( !preg_match("#[a-z]+#", $password) ) {
$error .= "Password must include at least one letter! <br />";
}
if( !preg_match("#[A-Z]+#", $password) ) {
$error .= "Password must include at least one CAPITAL! <br />";
}
if( !preg_match("#\W+#", $password) ) {
$error .= "Password must include at least one symbol! <br />";
}
if($error){
echo "Password Failure: $error";
} else {
// Code to execute on success.
}
?>
Posted in PHP, Security, Web Development - Tagged check, confirm, password, php, secure, validate, validation, verify

Web Dev> Password protect webpage(s) with PHP & LDAP

May27
2011 Written by Scott Rowley

The title says it all, this will allow you to restrict the access to a page or pages running php with access to LDAP. I’ve used this a few times for some internal things we don’t want everyone getting access to or similar scenarios. As always if it works for you, please leave a comment and if it doesn’t please leave a question and I’ll see what I can do to help you out.

Enable LDAP

First thing you’ll need to do is to install ldap for php & enable the needed mods, ldap.load & authnz_ldap.load

On Ubuntu:

apt-get update

apt-get install php5-ldap

cd /etc/apache2/mods-enabled

ln -s ../mods-available/ldap.load ldap.load

ln -s ../mods-available/authnz_ldap.load authnz_ldap.load

apache2ctl graceful

READ MORE »

Posted in Ubuntu, Web Development - Tagged apache, apache2ctl, authnz_ldap.load, graceful, ldap, ldap.load, login, mods-available, mods-enabled, php, php5-ldap, restricted, secure

Web Dev> Password protect apache directory with LDAP & .htaccess

Apr06
2011 Written by Scott Rowley

First thing you’ll need to do is to enable the needed mods, ldap.load & authnz_ldap.load These come preloaded with most linux, you’ll just need to enable them.
On Ubuntu:

Enable LDAP Authentication

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ldap.load ldap.load
ln -s ../mods-available/authnz_ldap.load authnz_ldap.load
apache2ctl graceful

.htaccess

You should now be able to implement the following wherever desired:
Example .htaccess file

Order deny,allow
Deny from All
AuthName "Restricted Page - login with LDAP credentials"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://ldap.example.com/ou=admins,o=LDAPROOT?adminUser
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require valid-user
Satisfy any
<Files .htaccess>
order allow,deny
deny from all
</Files>

Note that ‘?adminUser’ on the end of the AuthLDAPUrl line is whatever object you use in your configuration.

Apache Config

/etc/apache2/sites-available/default
Make sure the following is set (the default is AllowOverride AuthConfig)

AllowOverride All
Posted in Ubuntu, Web Development - Tagged htaccess, ldap, password, protect, ubuntu

Corrections? Questions? Comments?

Find an error?
Everything work out great for you?
Have some feedback?
Like to see something added to the article?

PLEASE leave us a comment after the article and let us know how we are doing, or if something needs corrected, improved or clarified.

Thank you!
- The Management

Advertisement

Back to Top