Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correct usage in WordPress #18

Open
KainiIndustries opened this issue Dec 10, 2016 · 5 comments
Open

Correct usage in WordPress #18

KainiIndustries opened this issue Dec 10, 2016 · 5 comments

Comments

@KainiIndustries
Copy link

KainiIndustries commented Dec 10, 2016

WordPress uses Dropbox's Zxcvbn Javascript lib for its strength meter. I'm forcing password strength related to that meter and need a server side version of the same lib so here I am. To get the Zxcvbn strength of a password in a WordPress plugin I am doing the following. It seems like there should be a better way but I'm unable to install the document in the way explained in the documentation

<?php

require 'src/ScorerInterface.php';
require 'src/Scorer.php';
require 'src/Searcher.php';
require 'src/Matcher.php';
require 'src/Zxcvbn.php';
require 'src/Matchers/MatchInterface.php';
`require 'src/Matchers/Match.php';
require 'src/Matchers/DigitMatch.php';
require 'src/Matchers/DictionaryMatch.php';
require 'src/Matchers/SequenceMatch.php';
require 'src/Matchers/Bruteforce.php';
require 'src/Matchers/YearMatch.php';
require 'src/Matchers/SpatialMatch.php';
require 'src/Matchers/RepeatMatch.php';
require 'src/Matchers/L33tMatch.php';
require 'src/Matchers/DateMatch.php';

$new = new \ZxcvbnPhp\Zxcvbn();
print_r($new->passwordStrength('T#\$£9'));
@Moring
Copy link

Moring commented Jan 31, 2017

@KainiIndustries be careful here -- the JS will let through all kinds of passwords the PHP version will reject, your users will be pretty frustrated when the strength meter is green and the backend rejects the password as too weak.
As for the "infinite" require statements (welcome to WordPress development. ;) ):
We get around this by using Composer and it's autoload.php. Code from our plugin.php file:

<?php
/*
 * Plugin Name: Plugin
 * ...
 */
include_once 'vendor/autoload.php';

class My_Plugin {
...
}

@dhuv
Copy link

dhuv commented Mar 27, 2017

@Moring I would expect all the different implementations of Zxcvbn to behave similar. Do you know for sure that it is very different from the JS implementation?

@Moring
Copy link

Moring commented Mar 28, 2017

Yes, learned the hard way. The JS version was rating passwords as 4, like "DrSmithDentist2016" for a dental client name Dr. Smith. The PHP version did not. We had both running on the same page, and the JS frontend would validate, and the PHP backend would not. Clients were not very happy at all...

@bjeavons
Copy link
Owner

#15 is the best issue to track getting to consistent scores between front-end and back-end implementations of a Zxcvbn-style of password strength estimation.

If this issue is about how to use zxcvbn-php within Wordpress will the OP confirm if so and if it's still a problem?

@mkopinsky
Copy link
Collaborator

#15 has now been merged, so the PHP library matches the JS library in terms of scoring.

Are you still having any issues getting this working in Wordpress?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants