略微加速

PHP官方手册 - 互联网笔记

PHP - Manual: crack_check

2024-11-15

crack_check

(PECL crack >= 0.1)

crack_check用给定的密码来进行破解测试

说明

crack_check ( resource $dictionary , string $password ) : bool
crack_check ( string $password , string $username = "" , string $gecos = "" , resource $dictionary = NULL ) : bool

使用特定字典中给定的密码来进行密码强度检测。可供选择的特征(The alternative signature )还考虑用户名和GECOS信息。

Warning

此函数是实验性的。此函数的表象,包括名称及其相关文档都可能在未来的 PHP 发布版本中未通知就被修改。使用本函数风险自担 。

参数

dictionary

破解库所使用的字典,如果没有指定,则使用最后一次打开的字典。

password

需要检查的密码。

username

用于密码检测的这个账户的用户名。

gecos

用户账户的 GECOS 信息。

返回值

返回 TRUE 如果 password 足够安全, 或者返回 FALSE 表示可能需要进一步的操作.

更新日志

版本 说明
0.3 usernamegecosdictionary 字段被添加到了可供选择的特征(alternative signature)中。
add a note add a note

User Contributed Notes 2 notes

up
-7
Anonymous
9 years ago
In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).

There is a third format for the function call which supplies these additional parameters:

bool crack_check (string $password, string $username, string $gecos, resource $dictionary)

This is true of PECL crack version 0.4, I'm not sure about earlier versions.
up
-7
vkontakte at mralston dot com
9 years ago
If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
The $message variable will contain cracklib's complaint (if there is one)
You'll want to wrap your invocation of this function in a try...catch block.

<?php
function cracklibCheck($password, &$message)
{
   
// Clean up password
   
$password=str_replace("\r", "", $password);
   
$password=str_replace("\n", "", $password);

   
// Run password through cracklib-check
   
exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
   
   
// Check it ran properly
   
if($return_var==0)
    {
        if(
preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
        {
           
// Check response
           
if(strtoupper($matches[1])=="OK")
            {
               
// Password is strong
               
$message="";
                return(
true);
            }
            else
            {
               
// Cracklib doesn't like it
               
$message=$matches[1];
                return(
false);
            }
        }
        else
        {
           
// Badly formatted response from cracklib-check.
           
throw new Exception("Didn't understand cracklib-check response.");
        }
    }
    else
    {
       
// Some sort of execution error
       
throw new Exception("Failed to run cracklib-check.");
    }
}
?>

官方地址:https://www.php.net/manual/en/function.crack-check.php

北京半月雨文化科技有限公司.版权所有 京ICP备12026184号-3