OpencachingDeutschland/oc-server3
1
0
Fork 0
Code Issues Pull Requests Releases Activity

added anti-hacking pw list

Browse Source
This commit is contained in:
following
2013-03-24 20:06:09 +01:00
parent ce34805ee7
commit 9644465b5c
7 changed files with 52 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/doc/sql/db-changes.txt
View File

@@ -55,5 +55,6 @@ date commit ID change
2013-03-18 37b5268a added table 'saved_texts' + triggers
added triggers to table 'coordinates'
2013-03-20 added field caches.listing_last_modified;
2013-03-20 085c1398 added field caches.listing_last_modified;
must be initialized once via Admin / DB Maintenance / sp_updateall_cache_listingdates
2013-03-24 added table 'pw_dict'

5
htdocs/doc/sql/static-data/data.sql
View File

@@ -2430,6 +2430,7 @@ INSERT INTO `sys_trans` (`id`, `text`, `last_modified`) VALUES ('1966', 'as of',
INSERT INTO `sys_trans` (`id`, `text`, `last_modified`) VALUES ('1967', 'all log entries \© their authors', '2013-02-23 19:00:04');
INSERT INTO `sys_trans` (`id`, `text`, `last_modified`) VALUES ('1968', 'more', '2013-02-23 19:00:04');
INSERT INTO `sys_trans` (`id`, `text`, `last_modified`) VALUES ('1969', 'Only the <span class=\"public-setting\">green entries</span> are visible to other users.', '2013-02-23 19:00:04');
INSERT INTO `sys_trans` (`id`, `text`, `last_modified`) VALUES ('1975', 'Do not use easy-to-guess number and letter sequences like \'123456\' or \'qwerty\'', '2013-02-23 19:00:04');
-- Table sys_trans_ref
SET NAMES 'utf8';
@@ -5433,7 +5434,7 @@ INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUE
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('847', 'DE', 'Durch diese Regeln ist dein Passwort sicher und kann nicht durch automatisierte Programme oder andere Benutzer erraten werden.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('848', 'DE', 'a-z A-Z 0-9 und .-_ @\&auml;\&uuml;\&ouml;\&Auml;\&Uuml;\&Ouml;=)(/\\\&amp;*+~# \r\n', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('849', 'DE', 'Es sind nicht alle Sonderzeichen erlaubt. Verwende nur die Folgenden:', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('850', 'DE', 'Verwende keine Wörter aus dem Wörterbuch z.B. \'geheim\'.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('850', 'DE', 'Verwende keine Wörter aus dem Wörterbuch z.B. &bdquo;geheim&ldquo;.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('851', 'DE', 'Verwende keine Begriffe aus dem Geocaching.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('852', 'DE', 'Verwende keine Teile deines Benutzernamen, deines Namens oder deiner E-Mail.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('853', 'DE', 'zwischen 6 und 60 Zeichen lang', '2010-08-28 11:48:07');
@@ -6137,6 +6138,7 @@ INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUE
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1967', 'DE', 'alle Logeinträge \&copy; jeweiliger Autor', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1968', 'DE', 'mehr', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1969', 'DE', 'Nur die <span class=\"public-setting\">grüne Einträge</span> sind für andere Benutzer sichtbar.', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1975', 'DE', 'Verwende keine einfach erratbaren Ziffern- oder Buchstabenkombinationen wie &bdquo;123456&ldquo; oder &bdquo;qwertz&ldquo;.', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1', 'EN', 'Reorder IDs \r', '2010-09-02 00:15:30');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('2', 'EN', 'The database could not be reconnected.', '2010-08-28 11:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('3', 'EN', 'Testing please do not login', '2010-08-28 11:48:07');
@@ -7631,6 +7633,7 @@ INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUE
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1967', 'EN', 'all log entries \&copy; their authors', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1968', 'EN', 'more', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1969', 'EN', 'Only the <span class=\"public-setting\">green entries</span> are visible to other users.', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1975', 'EN', 'Do not use easy-to-guess number and letter sequences like \'123456\' or \'qwerty\'.', '2013-02-19 05:48:07');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('1', 'ES', 'Reordenar ID', '2010-12-09 00:17:55');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('2', 'ES', 'La base de datos no se pudo conectar.', '2010-12-09 00:17:55');
INSERT INTO `sys_trans_text` (`trans_id`, `lang`, `text`, `last_modified`) VALUES ('3', 'ES', 'En pruebas - por favor, no entre.', '2010-12-09 00:17:55');

32
htdocs/doc/sql/static-data/pwlist.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* Read anti-cracking password list into database
***************************************************************************/
$opt['rootpath'] = '../../../';
require($opt['rootpath'] . 'lib2/web.inc.php');
$pwf = @fopen('pw_dict', 'r');
if ($pwf)
{
// sql("TRUNCATE TABLE `pw_dict`");
$n = 0;
while (!feof($pwf))
{
$pw = fgets($pwf);
sql("INSERT IGNORE INTO `pw_dict` (`pw`) VALUES ('&1')", trim($pw));
++$n;
}
fclose($pwf);
echo "inserted " . $n . " passwords\n";
}
else
echo "could not open pw_dict\n";
?>

6
htdocs/doc/sql/tables/pw_dict.sql Normal file
View File

@@ -0,0 +1,6 @@
SET NAMES 'utf8';
DROP TABLE IF EXISTS `pw_dict`;
CREATE TABLE `pw_dict` (
`pw` varchar(40) NOT NULL,
UNIQUE KEY `pw` (`pw`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

8
htdocs/lib2/logic/cracklib.inc.php
View File

@@ -70,14 +70,18 @@ function cracklib_checkpw($pw, $addwords)
// $pw may not contain one of $addwords[]
foreach ($wordlist AS $v)
if (mb_strpos($pw_lc, $v) !== false)
if (mb_stripos($pw_lc, $v) !== false)
return false;
// one of $addwords[] may not contain $pw
foreach ($wordlist AS $v)
if (mb_strpos($v, $pw_lc) !== false)
if (mb_stripos($v, $pw_lc) !== false)
return false;
// words from pw library are not allowed
if (sql_value("SELECT COUNT(*) FROM `pw_dict` WHERE `pw`='&1'", 0, $pw))
return false;
if ($opt['logic']['cracklib'] == true)
{
// load cracklib

2
htdocs/lib2/logic/user.class.php
View File

@@ -157,7 +157,7 @@ class user
if (!mb_ereg_match(REGEX_PASSWORD, $value))
return false;
if (cracklib_checkPW($value, array('open', 'caching', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
if (cracklib_checkPW($value, array('open', 'caching', 'cache', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
return false;
$pwmd5 = md5($value);

1
htdocs/templates2/ocstyle/res_passworderror.tpl
View File

@@ -7,6 +7,7 @@
<li>{t}Do not use parts of your username, name or email{/t}</li>
<li>{t}Do not use common geocaching words{/t}</li>
<li>{t}Do not use dictionary words like 'master'{/t}</li>
<li>{t}Do not use easy-to-guess number and letter sequences like '123456' or 'qwerty'{/t}</i>
<li>{t}Not all special characters are allowed. You may only use{/t}<br />
{t}a-z A-Z 0-9 and .-_ @&auml;&uuml;&ouml;&Auml;&Uuml;&Ouml;=)(/\&amp;*+~#{/t}</li>
</ul>