NAME

Krang::PasswordHandler - implement a system wide password policy

SYNOPSIS

  if( pkg('PasswordHandler')->check_pw(
        $pw, 
        $user->login,
        $user->email,
        $user->first_name,
        $user->last_name,
    ) ) {
    # it's good to go
  } else {
    # tell the user to pick something else
  }

DESCRIPTION

This module implements the password policy for Krang. Anywhere a password is created or changed, it will need to pass this module's validation first.

It is quite likely that individual organizations will need to implement their own password policy, which makes this an ideal class to override in an addon.

INTERFACE

check_pw

This method receives the password and returns true if it passes all checks, false otherwise. It is possible for this module to also call add_alert() to indicate how the password fails the checks.

It receives the following ordered arguments

• password
  
• user's login
  
• user's email address
  
• user's first name
  
• user's last name
  

If you are implementing your own password policy, it might be necessary to check the password against this other information too.

Currently, the following validation rules are applied:

• the password must be least 6 characters long.
  
If it fails, then the 'password_too_short' message is added to the message stack.
• the password must not be the user's current password
  
If it fails, then the 'password_currently_used' message is added to the message stack.
• the password must not be in the old_password table for this user.
  
How many passwords are stored in the old_password is configured by the PasswordChangeCount configuration variable.

If it fails, then the 'password_used_recently' message is added to the message stack.