X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..874d2a2f468a0d1e69aab49b1fe2d9d79d3e1142:/wp-admin/js/password-strength-meter.js

diff --git a/wp-admin/js/password-strength-meter.js b/wp-admin/js/password-strength-meter.js
index e90c3e04..a075c269 100644
--- a/wp-admin/js/password-strength-meter.js
+++ b/wp-admin/js/password-strength-meter.js
@@ -1,80 +1,75 @@
-// Password strength meter
-// This jQuery plugin is written by firas kassem [2007.04.05]
-// Firas Kassem  phiras.wordpress.com || phiras at gmail {dot} com
-// for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/
-
-var shortPass = pwsL10n.short
-var badPass = pwsL10n.bad
-var goodPass = pwsL10n.good
-var strongPass = pwsL10n.strong
-
-
-function passwordStrength(password,username) {
-    score = 0
-
-    //password < 4
-    if (password.length < 4 ) { return shortPass }
-
-    //password == username
-    if (password.toLowerCase()==username.toLowerCase()) return badPass
-
-    //password length
-    score += password.length * 4
-    score += ( checkRepetition(1,password).length - password.length ) * 1
-    score += ( checkRepetition(2,password).length - password.length ) * 1
-    score += ( checkRepetition(3,password).length - password.length ) * 1
-    score += ( checkRepetition(4,password).length - password.length ) * 1
-
-    //password has 3 numbers
-    if (password.match(/(.*[0-9].*[0-9].*[0-9])/))  score += 5
-
-    //password has 2 sybols
-    if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5
-
-    //password has Upper and Lower chars
-    if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/))  score += 10
-
-    //password has number and chars
-    if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/))  score += 15
-    //
-    //password has number and symbol
-    if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/))  score += 15
-
-    //password has char and symbol
-    if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/))  score += 15
-
-    //password is just a nubers or chars
-    if (password.match(/^\w+$/) || password.match(/^\d+$/) )  score -= 10
-
-    //verifing 0 < score < 100
-    if ( score < 0 )  score = 0
-    if ( score > 100 )  score = 100
-
-    if (score < 34 )  return badPass
-    if (score < 68 )  return goodPass
-    return strongPass
-}
-
-
-// checkRepetition(1,'aaaaaaabcbc')   = 'abcbc'
-// checkRepetition(2,'aaaaaaabcbc')   = 'aabc'
-// checkRepetition(2,'aaaaaaabcdbcd') = 'aabcd'
-
-function checkRepetition(pLen,str) {
-    res = ""
-    for ( i=0; i<str.length ; i++ ) {
-        repeated=true
-        for (j=0;j < pLen && (j+i+pLen) < str.length;j++)
-            repeated=repeated && (str.charAt(j+i)==str.charAt(j+i+pLen))
-        if (j<pLen) repeated=false
-        if (repeated) {
-            i+=pLen-1
-            repeated=false
-        }
-        else {
-            res+=str.charAt(i)
-        }
-    }
-    return res
-}
-
+/* global zxcvbn */
+window.wp = window.wp || {};
+
+var passwordStrength;
+(function($){
+	wp.passwordStrength = {
+		/**
+		 * Determine the strength of a given password
+		 *
+		 * @param string password1 The password
+		 * @param array blacklist An array of words that will lower the entropy of the password
+		 * @param string password2 The confirmed password
+		 */
+		meter : function( password1, blacklist, password2 ) {
+			if ( ! $.isArray( blacklist ) )
+				blacklist = [ blacklist.toString() ];
+
+			if (password1 != password2 && password2 && password2.length > 0)
+				return 5;
+
+			var result = zxcvbn( password1, blacklist );
+			return result.score;
+		},
+
+		/**
+		 * Builds an array of data that should be penalized, because it would lower the entropy of a password if it were used
+		 *
+		 * @return array The array of data to be blacklisted
+		 */
+		userInputBlacklist : function() {
+			var i, userInputFieldsLength, rawValuesLength, currentField,
+				rawValues       = [],
+				blacklist       = [],
+				userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
+
+			// Collect all the strings we want to blacklist
+			rawValues.push( document.title );
+			rawValues.push( document.URL );
+
+			userInputFieldsLength = userInputFields.length;
+			for ( i = 0; i < userInputFieldsLength; i++ ) {
+				currentField = $( '#' + userInputFields[ i ] );
+
+				if ( 0 === currentField.length ) {
+					continue;
+				}
+
+				rawValues.push( currentField[0].defaultValue );
+				rawValues.push( currentField.val() );
+			}
+
+			// Strip out non-alphanumeric characters and convert each word to an individual entry
+			rawValuesLength = rawValues.length;
+			for ( i = 0; i < rawValuesLength; i++ ) {
+				if ( rawValues[ i ] ) {
+					blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
+				}
+			}
+
+			// Remove empty values, short words, and duplicates. Short words are likely to cause many false positives.
+			blacklist = $.grep( blacklist, function( value, key ) {
+				if ( '' === value || 4 > value.length ) {
+					return false;
+				}
+
+				return $.inArray( value, blacklist ) === key;
+			});
+
+			return blacklist;
+		}
+	};
+
+	// Backwards compatibility.
+	passwordStrength = wp.passwordStrength.meter;
+})(jQuery);
\ No newline at end of file