API Documentation
\

\Horde_Auth

The Horde_Auth class provides some useful authentication-related utilities and constants for the Auth package.

Summary

Methods
Properties
Constants
factory()
getCryptedPassword()
getSalt()
genRandomPassword()
checkPasswordPolicy()
checkPasswordSimilarity()
No public properties found
REASON_BADLOGIN
REASON_FAILED
REASON_EXPIRED
REASON_LOGOUT
REASON_MESSAGE
REASON_SESSION
REASON_LOCKED
APRMD5_VALID
VOWELS
CONSONANTS
NUMBERS
_toAPRMD5()
No protected properties found
N/A
No private methods found
No private properties found
N/A

Constants

REASON_BADLOGIN

REASON_BADLOGIN

Authentication failure reason: Bad username and/or password

REASON_FAILED

REASON_FAILED

Authentication failure reason: Login failed

REASON_EXPIRED

REASON_EXPIRED

Authentication failure reason: Password has expired

REASON_LOGOUT

REASON_LOGOUT

Authentication failure reason: Logout due to user request

REASON_MESSAGE

REASON_MESSAGE

Authentication failure reason: Logout with custom message

REASON_SESSION

REASON_SESSION

Authentication failure reason: Logout due to session expiration

REASON_LOCKED

REASON_LOCKED

Authentication failure reason: User is locked

APRMD5_VALID

APRMD5_VALID

64 characters that are valid for APRMD5 passwords.

VOWELS

VOWELS

Characters used when generating a password: vowels

CONSONANTS

CONSONANTS

Characters used when generating a password: consonants

NUMBERS

NUMBERS

Characters used when generating a password: numbers

Methods

factory()

factory(string  $driver, array  $params = null) : \Horde_Auth_Base

Attempts to return a concrete Horde_Auth_Base instance based on $driver.

Parameters

string $driver

Either a driver name, or the full class name to use (class must extend Horde_Auth_Base).
array $params

A hash containing any additional configuration or parameters a subclass might need.

Throws

\Horde_Auth_Exception

Returns

\Horde_Auth_Base

The newly created concrete instance.

getCryptedPassword()

getCryptedPassword(string  $plaintext, string  $salt = '', string  $encryption = 'md5-hex', boolean  $show_encrypt = false) : string

Formats a password using the current encryption.

Parameters

string $plaintext

The plaintext password to encrypt.
string $salt

The salt to use to encrypt the password. If not present, a new salt will be generated.
string $encryption

The kind of pasword encryption to use. Defaults to md5-hex.
boolean $show_encrypt

Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false.

Returns

string —

The encrypted password.

getSalt()

getSalt(string  $encryption = 'md5-hex', string  $seed = '', string  $plaintext = '') : string

Returns a salt for the appropriate kind of password encryption.

Optionally takes a seed and a plaintext password, to extract the seed of an existing password, or for encryption types that use the plaintext in the generation of the salt.

Parameters

string $encryption

The kind of pasword encryption to use. Defaults to md5-hex.
string $seed

The seed to get the salt from (probably a previously generated password). Defaults to generating a new seed.
string $plaintext

The plaintext password that we're generating a salt for. Defaults to none.

Returns

string —

The generated or extracted salt.

genRandomPassword()

genRandomPassword() : string

Generates a random, hopefully pronounceable, password.

This can be used when resetting automatically a user's password.

Returns

string —

A random password

checkPasswordPolicy()

checkPasswordPolicy(string  $password, array  $policy)

Checks whether a password matches some expected policy.

Parameters

string $password

A password.
array $policy

A configuration with policy rules. Supported rules:

  • minLength: Minimum length of the password
  • maxLength: Maximum length of the password

  • maxSpace: Maximum number of white space characters

    The following are the types of characters required in a password. Either specific characters, character classes, or both can be required. Specific types are:

  • minUpper: Minimum number of uppercase characters
  • minLower: Minimum number of lowercase characters
  • minNumeric: Minimum number of numeric characters (0-9)
  • minAlphaNum: Minimum number of alphanumeric characters
  • minAlpha: Minimum number of alphabetic characters
  • minSymbol: Minimum number of punctuation / symbol characters

  • minNonAlpha: Minimum number of non-alphabetic characters

    Alternatively (or in addition to), the minimum number of character classes can be configured by setting the following. The valid range is 0 through 4 character classes may be required for a password. The classes are: 'upper', 'lower', 'number', and 'symbol'. For example: A password of 'p@ssw0rd' satisfies three classes ('number', 'lower', and 'symbol'), while 'passw0rd' only satisfies two classes ('lower' and 'number').

  • minClasses: Minimum number (0 through 4) of character classes.

Throws

\Horde_Auth_Exception

if the password does not match the policy.

checkPasswordSimilarity()

checkPasswordSimilarity(string  $password, array  $dict, float  $max = 80)

Checks whether a password is too similar to a dictionary of strings.

Parameters

string $password

A password.
array $dict

A dictionary to check for similarity, for example the user name or an old password.
float $max

The maximum allowed similarity in percent.

Throws

\Horde_Auth_Exception

if the password is too similar.

_toAPRMD5()

_toAPRMD5(string  $value, integer  $count) : string

Converts to allowed 64 characters for APRMD5 passwords.

Parameters

string $value

The value to convert
integer $count

The number of iterations

Returns

string —

$value converted to the 64 MD5 characters.