new feature: create random password

[SourceForge/phpwiki.git] / passencrypt.php

<?php printf("<?xml version=\"1.0\" encoding=\"%s\"?>\n", 'iso-8859-1'); ?>\r
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"\r
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\r
<html xmlns="http://www.w3.org/1999/xhtml">\r
<head>\r
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\r
<!-- $Id: passencrypt.php,v 1.2 2002-09-08 12:05:14 rurban Exp $ -->\r
<title>Password Encryption Tool</title>\r
<!--\r
Copyright 1999, 2000, 2001, 2002 $ThePhpWikiProgrammingTeam\r
\r
This file is part of PhpWiki.\r
\r
PhpWiki is free software; you can redistribute it and/or modify\r
it under the terms of the GNU General Public License as published by\r
the Free Software Foundation; either version 2 of the License, or\r
(at your option) any later version.\r
\r
PhpWiki is distributed in the hope that it will be useful,\r
but WITHOUT ANY WARRANTY; without even the implied warranty of\r
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r
GNU General Public License for more details.\r
\r
You should have received a copy of the GNU General Public License\r
along with PhpWiki; if not, write to the Free Software\r
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA\r
-->\r
</head>\r
<body>\r
<h1>Password Encryption Tool</h1>\r
<?php\r
/**\r
 * Seed the random number generator.\r
 *\r
 * better_srand() ensures the randomizer is seeded only once.\r
 * \r
 * How random do you want it? See:\r
 * http://www.php.net/manual/en/function.srand.php\r
 * http://www.php.net/manual/en/function.mt-srand.php\r
 */\r
function better_srand($seed = '') {\r
    static $wascalled = FALSE;\r
    if (!$wascalled) {\r
        if ($seed === '') {\r
            list($usec,$sec)=explode(" ",microtime());\r
            if ($usec > 0.1) \r
                $seed = (double) $usec * $sec;\r
            else // once in a while use the combined LCG entropy\r
                $seed = (double) 1000000 * substr(uniqid("",true),13);\r
        }\r
        if (function_exists('mt_srand')) {\r
            mt_srand($seed); // mersenne twister\r
        } else {\r
            srand($seed);    \r
        }\r
        $wascalled = TRUE;\r
    }\r
}\r
\r
function rand_ascii($length = 1) {\r
    better_srand();\r
    $s = "";\r
    for ($i = 1; $i <= $length; $i++) {\r
        // return only typeable 7 bit ascii, avoid quotes\r
        if (function_exists('mt_rand'))\r
            // the usually bad glibc srand()\r
            $s .= chr(mt_rand(40, 126)); \r
        else\r
            $s .= chr(rand(40, 126));\r
    }\r
    return $s;\r
}\r
\r
////\r
// Function to create better user passwords (much larger keyspace),\r
// suitable for user passwords.\r
// Sequence of random ASCII numbers, letters and some special chars.\r
// Note: There exist other algorithms for easy-to-remember passwords.\r
function random_good_password ($minlength = 5, $maxlength = 8) {\r
  $newpass = '';\r
  // assume ASCII ordering (not valid on EBCDIC systems!)\r
  $valid_chars = "!#%&+-.0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz";\r
  $start = ord($valid_chars);\r
  $end   = ord(substr($valid_chars,-1));\r
  better_srand();\r
  if (function_exists('mt_rand')) // mersenne twister\r
      $length = mt_rand($minlength, $maxlength);\r
  else  // the usually bad glibc rand()\r
      $length = rand($minlength, $maxlength);\r
  while ($length > 0) {\r
      if (function_exists('mt_rand'))\r
          $newchar = mt_rand($start, $end);\r
      else\r
          $newchar = rand($start, $end);\r
      if (! strrpos($valid_chars,$newchar) ) continue; // skip holes\r
      $newpass .= sprintf("%c",$newchar);\r
      $length--;\r
  }\r
  return($newpass);\r
}\r
\r
$posted = $GLOBALS['HTTP_POST_VARS'];\r
if (!empty($posted['create'])) {\r
    $new_password = random_good_password();\r
    echo "<p>The created new random password is:<br />\n<br />&nbsp;&nbsp;&nbsp;\n<strong>",htmlentities($new_password),"</strong></p>\n";\r
    $posted['password'] = $new_password;\r
}\r
\r
if ($password = $posted['password']) {\r
    /**\r
     * http://www.php.net/manual/en/function.crypt.php\r
     */\r
    // Use the maximum salt length the system can handle.\r
    $salt_length = max(CRYPT_SALT_LENGTH,\r
                        2 * CRYPT_STD_DES,\r
                        9 * CRYPT_EXT_DES,\r
                    12 * CRYPT_MD5,\r
                    16 * CRYPT_BLOWFISH);\r
    // Generate the encrypted password.\r
    $encrypted_password = crypt($password, rand_ascii($salt_length));\r
    $debug = $HTTP_GET_VARS['debug'];\r
    if ($debug)\r
        echo "The password was encrypted using a salt length of: $salt_length<br />\n";\r
    echo "<p>The encrypted password is:<br />\n<br />&nbsp;&nbsp;&nbsp;\n<strong>",htmlentities($encrypted_password),"</strong></p>\n";\r
    echo "<hr />\n";\r
}\r
if (empty($REQUEST_URI))\r
    $REQUEST_URI = $HTTP_ENV_VARS['REQUEST_URI'];\r
if (empty($REQUEST_URI))\r
    $REQUEST_URI = $HTTP_SERVER_VARS['REQUEST_URI'];\r
?>\r
\r
<form action="<?php echo $REQUEST_URI ?>" method="post">\r
<fieldset><legend accesskey="P">Password</legend>\r
Enter a password to encrypt: <input type="password" name="password" value="" /> <input type="submit" value="Encrypt" />\r
</fieldset>\r
\r
<fieldset><legend accesskey="C">Create</legend>\r
Create new random password: <button name="create" value="1" />Create</button>\r
</fieldset>\r
</form>\r
</body>\r
</html>\r