DZone Snippets: password code

Random password generator in PHP

fest (Reinis Veips) — Wed, 04 Jun 2008 14:08:36 GMT

A little function which generates random password of a certain length. It uses all letters, both lowercase and uppercase and all numbers.



//generates a random password which contains all letters (both uppercase and lowercase) and all numbers

function generatePassword($length) {

$password='';

for ($i=0;$i<=$length;$i++) {

	$chr='';

	switch (mt_rand(1,3)) {

		case 1:

			$chr=chr(mt_rand(48,57));

			break;

		case 2:

			$chr=chr(mt_rand(65,90));

			break;

		case 3:

			$chr=chr(mt_rand(97,122));

			

	}

	$password.=$chr;

}	

return $password;

}

Get a Jaiku personal_key given a username and password

ark (ark) — Sun, 25 May 2008 23:21:45 GMT

Logs into Jaiku and then gets the personal_key for using the API.



def GetJaikuPersonalKey(user, password):

  """Finds the Jaiku API personal_key from a username and password.



  One day I'll learn to use urllib2 properly and cookie parsing and stuff.

  """



  # login and find a cookie

  login_url = "http://jaiku.com/login"

  request_body = urllib.urlencode({'log': user,

                                   'pwd': password,

                                   'rememberme': '1'})

  # Open a connection to the authentication server.

  auth_connection = httplib.HTTPConnection('jaiku.com')

  # Begin the POST request to the client login service.

  auth_connection.putrequest('POST', '/login')

  # Set the required headers for an Account Authentication request.

  auth_connection.putheader('Content-type',

                            'application/x-www-form-urlencoded')

  auth_connection.putheader('Content-Length', str(len(request_body)))

  auth_connection.endheaders()

  auth_connection.send(request_body)

  auth_response = auth_connection.getresponse()

  if auth_response.status == 303:

    cookie_str = auth_response.getheader("set-cookie")

    # TODO(ark) parse this properly!

    res = re.search("(jaikuuser_[^;]*).*(jaikupass_[^;]*)", cookie_str)

    if res:

      auth_cookie = "%s; %s" % (res.group(1), res.group(2))

      apikey_url = "http://api.jaiku.com/key"

      req = urllib2.Request(url=apikey_url)

      req.add_header('Cookie', auth_cookie)

      f = urllib2.urlopen(req)

      return f.read()

Encode simple passwords

jrobertson (James Robertson) — Mon, 04 Feb 2008 17:30:47 GMT

This code was used to demonstrate how to translate easy to remember simple (weak) passwords into more difficult to guess (strong) passwords. Example: Using Gmail I like an easy to remember password, I submit the password 'jr123' to the password_lookup.html page and what's returned to me is a stronger password 'NCC2SI1T'.

file: passwd_lookup.rb (generates an xml file containing an alphanumeric index with corresponding cryptic values)



class PasswordLookup



  def initialize()

    chars =  (0..9).to_a  + Array.new(7) + ('A'..'Z').to_a + Array.new(6) + ('a'..'z').to_a 

    @chars = (0..9).to_a  + ('A'..'Z').to_a + ('a'..'z').to_a 

    @doc = Document.new()

    root = Element.new('codes')

    @doc.add_element(root)



    chars.each do |char|

      node = Element.new('code')

      if not char.nil? 

        node.attributes['index'] = char

        node.attributes['value'] = get_random_chars(2)

      end

      root.add_element(node)

    end

    puts root

  end



  

  def save(filepath)

    file = File.new(filepath,'w')

    file.puts @doc

    file.close

  end

        

  def get_random_chars(vword_size)

    newpass = Array.new(rand(vword_size) + 1, '').collect{@chars[rand(@chars.size)]}.join

    # return the encryption providing it doesn't already exist in the lookup table.

    if not /value=\'#{newpass}\'/.match @doc.root.elements.to_a.to_s 

     return newpass 

    else

     return get_random_chars(vword_size) 

    end



  end

  

  private :get_random_chars

  

end

output extract: (codes - see also http://rorbuilder.info/pl/codes)















file: password_lookup.js



var t;

var m_doc;



function loadXml() {

  url = 'http://rorbuilder.info/pl/codes';

  m_doc = XML.load(url);

}



function getCode(val,i) {

  pos = val.charCodeAt(i) - 48;

  node = m_doc.documentElement.childNodes[pos]

  return node.getAttribute('value');

}



function timed_update(keyCode,  val) {

  if (val.length > 0 && ((keyCode > 40) || (keyCode == 8)) ) {

    clearTimeout(t);

    t = setTimeout("revealCode('" + val + "')", 1000);

  }

  else

  {  

    o = document.getElementById('out1');

    if (val.length <= 0 && o.value.length > 0) {

      o.value = '';

    }

  }

  

}



function revealCode(val) {

  var iEnd = val.length;

  var newcode = '';

  for (i=0;i      

    var codex = getCode(val,i);

    newcode += codex;

  }

  update(newcode);

}



function update(val){

  o = document.getElementById('out1');

  o.value = val;

  /*var o_copied = document.getElementById('out1').createTextRange();

  o_copied.exeCommand("Copy");*/

}





file: password_lookup.html



  

    Password lookup

    

    Enter password:    

      onkeyup="timed_update(event.keyCode, this.value)" />

    

    Generated password

    

    



    

    see also: codes.xml

  





Try out the  encode a simple password demo [rorbuilder.info]. 



see also: Reading an XML file usng JavaScript [snippets.dzone.com]



Ruby password strength calculator
ciconia (Sharon Rosner) — Thu, 25 Oct 2007 14:35:45 GMT
This method returns the password lifetime in years. Based on this:

http://www.codeandcoffee.com/2007/06/27/how-to-make-a-password-strength-meter-like-google





class String

  PASSWORD_SETS = {

    /[a-z]/ => 26,

    /[A-Z]/ => 26,

    /[0-9]/ => 10,

    /[^\w]/ => 32

  }

  

  def password_strength

    set_size = 0

    PASSWORD_SETS.each_pair {|k,v| set_size += v if self =~ k}

    

    combinations = set_size ** length

    

    # assuming 1000 tries per second

    days = combinations.to_f / 1000 / 86400

    

    days / 365

  end

end




Simple user model with password crypting
leethal (August Lilleaas) — Fri, 19 Oct 2007 12:50:41 GMT
A simple user model. It's using the virtual password attribute 'password' to store the clear-text password. This is what e.g. forms use for password input. It stores this password in the password_hash column. 



It allows for user editing, using the same form as user creation. The password won't be updated, and validations will pass, if the user doesn't touch the password field in the form.





require "digesh/sha1"

class User < ActiveRecord::Base

  validates_confirmation_of :password, :if => :perform_password_validation?

  validates_presence_of :password, :if => :perform_password_validation?



  before_save :hash_password

  attr_accessor :password



  # Returns true if the password passed matches the password in the DB

  def valid_password?(password)

    self.password_hash == self.class.hash_password(password)

  end



  private



  # Performs the actual password encryption. You want to change this salt to something else.

  def self.hash_password(password, salt = "meeQue8Zucijoo7")

    Dihest::SHA1.hexdigest(password, salt)

  end



  # Sets the hashed version of self.password to password_hash, unless it's blank.

  def hash_password

    self.password_hash = self.class.hash_password(self.password) unless self.password.blank?

  end

 

  # Assert wether or not the password validations should be performed. Always on new records, only on existing

  # records if the .password attribute isn't blank.

  def perform_password_validation?

    self.new_record? ? true : !self.password.blank?

  end

end




Random Characters with Ruby
timmorgan (Tim Morgan) — Thu, 18 Oct 2007 03:24:39 GMT
Use for a password or salt or whatever...





(0..25).inject('') { |r, i| r << rand(93) + 33 }




Simple ASP page to reset passwords
bouffon69 (Sylvain Le Courtois) — Thu, 20 Sep 2007 07:01:29 GMT
// This page allows to reset an AD account password.



Reinitialisation de mot de passe

href="files/v2006.css" type=text/css rel=stylesheet>







border=0>



  
  
    

      




        
        
                      width=160> 
          

                        border=0>










              
              
                

                <%

                If Request.Form("login") = "" Then

                	Response.Write("Saisir le compte à reinitialiser")

                Else

                    Dim Group, Member, Domain, UserFound

                    ' 

                    Domain ="FR-ERM"

                    '

                    UserFound=0

                    

	                Set Group = GetObject("WinNT://" & Domain & "/Domain Users")

    	            For Each Member In Group.Members

    	            	' Response.Write(Member.Name & "
")

        	        	If UCase(Member.Name) = UCase(Request.Form("login")) Then

        	        		UserFound=1

        	        		If Member.AccountDisabled Then 

        	        			Response.Write(" " & Request.Form("login") &" est un compte desactive")

        	        			Exit For

        	        		Else

        	        			' Essai de reinit de mot de passe

        	        			Dim res

        	        			res=Member.SetPassword(Request.Form("pass"))

        	        			'Member.Put "pwdLastSet", CLng(0)

        	        			Member.Put "PasswordExpired", 1

								Member.SetInfo

        	        			Response.Write("L'utilisateur "& Request.Form("login") & " a changé de mot de passe !

Il devra changer de mot de passe au prochain login.")

        	        			Exit For

        	        		End If

        	        	End If 

            	    Next      

       	        	If UserFound = 0 Then

       	        		Response.Write(Request.Form("login") &" non trouvé dans le domaine "& Domain)

       	        	End If           	            	

                	

                End If

                %>

              

                
              
                Identifiant

               

                
                Nouveau mot de passe
              
                

 

                
                                  name=pass> 
                                  src="files/submit.gif" value=login border=0 name=ok> 

                




PHP password generator
justas (Justas) — Wed, 19 Sep 2007 18:34:11 GMT
This is a random php password generator. This function is a complete, working password generator implementation for PHP. It allows the developer to customize the password: set password length and strength. Just include this function anywhere in your code and then use it.



More code snippets you can find on free code and tutorials website.





function generatePassword($length=9, $strength=0) {

    $vowels = 'aeuy';

    $consonants = 'bdghjmnpqrstvz';

    if ($strength & 1) {

        $consonants .= 'BDGHJLMNPQRSTVWXZ';

    }

    if ($strength & 2) {

        $vowels .= "AEUY";

    }

    if ($strength & 4) {

        $consonants .= '23456789';

    }

    if ($strength & 8) {

        $consonants .= '@#$%';

    }



    $password = '';

    $alt = time() % 2;

    srand(time());

    for ($i = 0; $i < $length; $i++) {

        if ($alt == 1) {

            $password .= $consonants[(rand() % strlen($consonants))];

            $alt = 0;

        } else {

            $password .= $vowels[(rand() % strlen($vowels))];

            $alt = 1;

        }

    }

    return $password;

}




CGI script for collecting username and password and storing them in a database table
iansealy (Ian Sealy) — Sat, 02 Jun 2007 07:35:36 GMT
// CGI script for collecting username and password and storing them in a database table





#!/usr/bin/perl



# $Id$



# CGI script for collecting username and password and storing them in a database

# table. The password is encrypted with Crypt::PasswdMD5 ready for passing to

# useradd.



use strict;

use warnings;



## no critic (ValuesAndExpressions::RequireInterpolationOfMetachars)

our ($VERSION) = '$Revision$' =~ m{ \$Revision: \s+ (\S+) }xms;

## use critic



use CGI::Pretty qw(:standard -nosticky);

use DBI;

use Crypt::PasswdMD5;



# Schema for database table to store account details:

# 

# CREATE TABLE account (

#     username varchar(50) NOT NULL,

#     password varchar(50) NOT NULL,

#     date_created datetime NOT NULL

# );



my $DBNAME = 'database';

my $DBHOST = 'localhost';

my $DBPORT = 3306;

my $DBUSER = 'username';

my $DBPASS = 'password';



# Header

my $q = new CGI;

print $q->header(),

      $q->start_html(

          -title => 'New Account',

          -lang  => 'en',

      ),

      $q->h1('New Account');



my $submit    = $q->param('submit')    || q{};

my $username  = $q->param('username')  || q{};

my $password1 = $q->param('password1') || q{};

my $password2 = $q->param('password2') || q{};



my %ERROR = (

    no_username         => 'You must specify a username.',

    no_password         => 'You must specify a password.',

    password_not_twice  => 'You must specify your password twice.',

    passwords_not_match => 'Both passwords must match.',

);



my $error = (!$submit)                   ? undef                       :

            (!$username)                 ? $ERROR{no_username}         :

            (!$password1 && !$password2) ? $ERROR{no_password}         :

            (!$password1 || !$password2) ? $ERROR{password_not_twice}  :

            ( $password1 ne  $password2) ? $ERROR{passwords_not_match} :

                                           undef

            ;



if (!$submit) {

    # Form not submitted, so display empty form

    form($q);

}

elsif ($error) {

    # Show error and redisplay form

    print $q->p($error);

    form($q, $username);

}

else {

    # Enter account details into database

    my $dsn = "DBI:mysql:database=$DBNAME;host=$DBHOST;port=$DBPORT";

    my $dbh = DBI->connect($dsn, $DBUSER, $DBPASS);

    

    my $username_quoted = $dbh->quote(param('username'));

    my $password_quoted = $dbh->quote(unix_md5_crypt(param('password1')));

    

    $dbh->do("

        INSERT INTO account

        (username, password, date_created)

        VALUES ($username_quoted, $password_quoted, NOW())

    ");

    

    print $q->p('Your username and password have been recorded.');

}



# Footer

print $q->end_html();



sub form {

    my $q = shift;

    my $username = shift || q{};

    

    print start_form(),

          p('Username:', br(), textfield(

              -name  => 'username',

              -value => $username,

          )),

          p('Password:', br(), password_field(

              -name => 'password1',

          )),

          p('Password (again):', br(), password_field(

              -name => 'password2',

          )),

          p(submit(

              -name  => 'submit',

              -value => 'Submit',

          )),

          end_form();

    

    return;

}




Password authentication without revealing your password
asgeirn (Asgeir S. Nilsen) — Wed, 09 May 2007 19:59:22 GMT
The majority of personalized web sites use some kind of form-based password authentication where you have two form fields for username and password, and a login button. When you submit your authentication, the password is sent in the clear to the server for verification against a user database.



Using a Javascript SHA library and one simple onsubmit protects the password in transit and also inside the user database:











Read this for more elaborations with increased security.