1 user.password.inc | _user_password_evaluate_strength($password, $username, $email) |
Evaluate password strength Adapted from https://github.com/dropbox/zxcvbn.
Parameters
string $password:
string $username:
string $email:
Return value
int: An integer representing password strength.
See also
Backdrop.evaluatePasswordStrength
File
- core/
modules/ user/ user.password.inc, line 73 - Password callback file for the user module.
Code
function _user_password_evaluate_strength($password, $username, $email) {
$strength = 0;
$has_lowercase = preg_match('/[a-z]+/', $password);
$has_uppercase = preg_match('/[A-Z]+/', $password);
$has_numbers = preg_match('/[0-9]+/', $password);
$has_punctuation = preg_match('/[^a-zA-Z0-9]+/', $password);
// Calculate the number of unique character sets within a string.
$cardinality = ($has_lowercase * 26) + ($has_uppercase * 26) + ($has_numbers * 10) + ($has_punctuation * 33);
// Assign strength based on the level of entropy within the password, times
// its length.
$length = backdrop_strlen($password);
$strength = (log($cardinality) / log(2)) * $length + 1;
// Adjust the strength so that we hit our desired password length for each
// threshold. As computers improve, the recommended minimum length increases.
$strength = $strength * USER_PASSWORD_STRENGTH_MODIFIER;
if (backdrop_strtolower($password) == backdrop_strtolower($username)) {
$strength = 5;
}
if (backdrop_strtolower($password) == backdrop_strtolower($email)) {
$strength = 5;
}
return $strength;
}