Docs For Class Horde

Description

The Horde_Auth class provides some useful authentication-related utilities and constants for the Auth package.

See the enclosed file COPYING for license information (LGPL). If you did not receive this file, http://www.horde.org/licenses/lgpl21

author: Michael Slusarz <slusarz@horde.org>
author: Chuck Hagenbuch <chuck@horde.org>
license: LGPL-2.1

Located in /Auth.php (line 17)

Class Constant Summary

APRMD5_VALID = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

CONSONANTS = 'bcdfghjklmnpqrstvwxz'

NUMBERS = '0123456789'

REASON_BADLOGIN = 1

REASON_EXPIRED = 3

REASON_FAILED = 2

REASON_LOCKED = 7

REASON_LOGOUT = 4

REASON_MESSAGE = 5

REASON_SESSION = 6

VOWELS = 'aeiouy'

Method Summary

static void checkPasswordPolicy (string $password, $policy)

static void checkPasswordSimilarity (string $password, $dict, [ $max = 80], float $percent)

static Horde_Auth_Base factory (string $driver, [array $params = null])

static string genRandomPassword ()

static string getCryptedPassword (string $plaintext, [string $salt = ''], [string $encryption = 'md5-hex'], [boolean $show_encrypt = false])

static string getSalt ([string $encryption = 'md5-hex'], [string $seed = ''], [string $plaintext = ''])

static string _toAPRMD5 (string $value, integer $count)

Methods

static checkPasswordPolicy (line 346)

Checks whether a password matches some expected policy.

throws: Horde_Auth_Exception if the password does not match the policy.
since: Horde_Auth 1.4.0
access: public

static void checkPasswordPolicy (string $password, $policy)

string $password: A password.
array $policy
:
A configuration with policy rules. Supported rules:
- minLength: Minimum length of the password
- maxLength: Maximum length of the password
- maxSpace: Maximum number of white space characters
The following are the types of characters required in a password. Either specific characters, character classes, or both can be required. Specific types are:
- minUpper: Minimum number of uppercase characters
- minLower: Minimum number of lowercase characters
- minNumeric: Minimum number of numeric characters (0-9)
- minAlphaNum: Minimum number of alphanumeric characters
- minAlpha: Minimum number of alphabetic characters
- minSymbol: Minimum number of alphabetic characters
Alternatively (or in addition to), the minimum number of character classes can be configured by setting the following. The valid range is 0 through 4 character classes may be required for a password. The classes are: 'upper', 'lower', 'number', and 'symbol'. For example: A password of 'p@ssw0rd' satisfies three classes ('number', 'lower', and 'symbol'), while 'passw0rd' only satisfies two classes ('lower' and 'symbols').
- minClasses: Minimum number (0 through 4) of character classes.

static checkPasswordSimilarity (line 418)

Checks whether a password is too similar to a dictionary of strings.

throws: Horde_Auth_Exception if the password is too similar.
since: Horde_Auth 1.4.0
access: public

static void checkPasswordSimilarity (string $password, $dict, [ $max = 80], float $percent)

string $password: A password.
array $dict: A dictionary to check for similarity, for example the user name or an old password.
float $percent: The maximum allowed similarity in percent.
$max

static factory (line 64)

Attempts to return a concrete Horde_Auth_Base instance based on $driver.

return: The newly created concrete instance.
throws: Horde_Auth_Exception
access: public

static Horde_Auth_Base factory (string $driver, [array $params = null])

string $driver: Either a driver name, or the full class name to use (class must extend Horde_Auth_Base).
array $params: A hash containing any additional configuration or parameters a subclass might need.

static genRandomPassword (line 295)

Generates a random, hopefully pronounceable, password. This can be used when resetting automatically a user's password.

return: A random password
access: public

static string genRandomPassword ()

static getCryptedPassword (line 96)

Formats a password using the current encryption.

return: The encrypted password.
access: public

static string getCryptedPassword (string $plaintext, [string $salt = ''], [string $encryption = 'md5-hex'], [boolean $show_encrypt = false])

string $plaintext: The plaintext password to encrypt.
string $salt: The salt to use to encrypt the password. If not present, a new salt will be generated.
string $encryption: The kind of pasword encryption to use. Defaults to md5-hex.
boolean $show_encrypt: Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false.

static getSalt (line 204)

Returns a salt for the appropriate kind of password encryption.

Optionally takes a seed and a plaintext password, to extract the seed of an existing password, or for encryption types that use the plaintext in the generation of the salt.

return: The generated or extracted salt.
access: public

static string getSalt ([string $encryption = 'md5-hex'], [string $seed = ''], [string $plaintext = ''])

string $encryption: The kind of pasword encryption to use. Defaults to md5-hex.
string $seed: The seed to get the salt from (probably a previously generated password). Defaults to generating a new seed.
string $plaintext: The plaintext password that we're generating a salt for. Defaults to none.

static _toAPRMD5 (line 275)

Converts to allowed 64 characters for APRMD5 passwords.

return: converted to the 64 MD5 characters.
access: protected

static string _toAPRMD5 (string $value, integer $count)

string $value: The value to convert
integer $count: The number of iterations

Class Constants

APRMD5_VALID = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' (line 43)

64 characters that are valid for APRMD5 passwords.

CONSONANTS = 'bcdfghjklmnpqrstvwxz' (line 49)

NUMBERS = '0123456789' (line 50)

REASON_BADLOGIN = 1 (line 32)

Authentication failure reasons.

 REASON_BADLOGIN - Bad username and/or password
 REASON_FAILED   - Login failed
 REASON_EXPIRED  - Password has expired
 REASON_LOGOUT   - Logout due to user request
 REASON_MESSAGE  - Logout with custom message
 REASON_SESSION  - Logout due to session expiration
 REASON_LOCKED   - User is locked

REASON_EXPIRED = 3 (line 34)

REASON_FAILED = 2 (line 33)

REASON_LOCKED = 7 (line 38)

REASON_LOGOUT = 4 (line 35)

REASON_MESSAGE = 5 (line 36)

REASON_SESSION = 6 (line 37)

VOWELS = 'aeiouy' (line 48)

Characters used when generating a password.