If you??™re running a
Linux/Unix variant, it might already be installed, because CrackLib is often packaged
with these operating systems. Complete installation instructions are available in the
README file found in the CrackLib package.
382 CHAPTER 14 ?– AUTHENTICATING YOUR USERS
PHP??™s CrackLib extension was unbundled from PHP as of version 5, and moved to
the PHP Extension Community Library (PECL), a repository for PHP extensions. Therefore,
to use CrackLib, you need to download and install the crack extension from
PECL. See http://pecl.php.net/ for more information about PECL.
Once you install CrackLib, you need to make sure that the crack.default_dictionary
directive in php.ini is pointing to a password dictionary. Such dictionaries abound on
the Internet, so executing a search will turn up numerous results. Later in this section
you??™ll learn more about the various types of dictionaries at your disposal.
Using the CrackLib Extension
Using PHP??™s CrackLib extension is quite easy. Listing 14-10 offers a complete usage
example.
Listing 14-10. Using PHP??™s CrackLib Extension
$pswd = "567hejk39";
/* Open the dictionary. Note that the dictionary
filename does NOT include the extension.
*/
$dictionary = crack_opendict('/usr/lib/cracklib_dict');
// Check password for guessability
$check = crack_check($dictionary, $pswd);
// Retrieve outcome
echo crack_getlastmessage();
// Close dictionary
crack_closedict($dictionary);
?>
In this particular example, crack_getlastmessage() returns the string ???strong password???
because the password denoted by $pswd is sufficiently difficult to guess.
Pages:
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461