1.20.x user.password.inc _user_password_evaluate_strength($password, $username, $email)

Evaluate password strength Adapted from https://github.com/dropbox/zxcvbn.

Parameters

string $password:

string $username:

string $email:

Return value

int: An integer representing password strength.

See also

Backdrop.evaluatePasswordStrength

File

modules/user/user.password.inc, line 73
Password callback file for the user module.

Code

function _user_password_evaluate_strength($password, $username, $email) {
  $strength = 0;

  $has_lowercase = preg_match('/[a-z]+/', $password);
  $has_uppercase = preg_match('/[A-Z]+/', $password);
  $has_numbers = preg_match('/[0-9]+/', $password);
  $has_punctuation = preg_match('/[^a-zA-Z0-9]+/', $password);

  // Calculate the number of unique character sets within a string.
  $cardinality = ($has_lowercase * 26) + ($has_uppercase * 26) + ($has_numbers * 10) + ($has_punctuation * 33);

  // Assign strength based on the level of entropy within the password, times
  // its length.
  $length = backdrop_strlen($password);
  $strength = (log($cardinality) / log(2)) * $length + 1;

  // Adjust the strength so that we hit our desired password length for each
  // threshold. As computers improve, the recommended minimum length increases.
  $strength = $strength * USER_PASSWORD_STRENGTH_MODIFIER;

  if (backdrop_strtolower($password) == backdrop_strtolower($username)) {
    $strength = 5;
  }
  if (backdrop_strtolower($password) == backdrop_strtolower($email)) {
    $strength = 5;
  }

  return $strength;
}