Ticket #4470 (new enhancement)

Opened 1 year ago

Last modified 2 months ago

Password Strength Meter

Reported by: MellerTime Assigned to: azaozz
Priority: low Milestone: 2.6
Component: Administration Version: 2.3
Severity: trivial Keywords: has-patch needs-testing blessed
Cc:

Description

Matt requested I make the Password Strength plugin into a core patch, so here we go.

Note that this is just the visual meter. There's no back-end check to ensure the user can't change their password to something too short or 'bad' (as there is on WP.com).

Attachments

password-strength-meter.diff (7.2 kB) - added by MellerTime on 06/15/07 21:53:48.
password-strength-meter2.diff (7.3 kB) - added by JDTrower on 12/19/07 21:15:25.
password-meter-strange-symbol.diff (0.7 kB) - added by nbachiyski on 12/20/07 00:16:31.
password-strength-meter-revised.diff (17.9 kB) - added by JDTrower on 01/03/08 09:12:46.
New password strength function and PHP function (per #5404).
password-strength-meter-revised2.diff (18.2 kB) - added by JDTrower on 02/07/08 18:58:40.

Change History

06/15/07 16:56:22 changed by rob1n

  • milestone set to 2.4 (future).

06/15/07 16:57:16 changed by rob1n

Some i18n needed, too.

06/15/07 21:21:14 changed by MellerTime

Fixed 2 il8n mistakes and per rob1n replaced $() with jQuery() (arg!).

06/15/07 21:53:48 changed by MellerTime

  • attachment password-strength-meter.diff added.

06/15/07 21:54:28 changed by MellerTime

A final il8n change because rob1n's a pain in the butt... I wash my hands of it.

07/21/07 18:24:20 changed by Nazgul

  • milestone changed from 2.4 (future) to 2.3 (trunk).

09/05/07 18:33:47 changed by ryan

  • milestone changed from 2.3 to 2.4 (next).

12/19/07 21:15:06 changed by JDTrower

I am attaching a new patch, that works for me as of Revision 6417. This patch contains everything that was included in the original patch, but makes it work with the current revision. In testing it out, I found that it works for me.

12/19/07 21:15:25 changed by JDTrower

  • attachment password-strength-meter2.diff added.

12/19/07 21:20:13 changed by ryan

Working for me too.

12/19/07 21:22:22 changed by pishmishy

Cool. Do you think you could write the function in PHP too so that we could provide #5404 ?

12/19/07 21:53:11 changed by ryan

(In [6419]) Password strength meter from MellerTime?. see #4470

12/19/07 21:54:02 changed by ryan

I committed this as is since it's been working well for us on wordpress.com. Leaving open if someone wants to try doing the pluggable function.

12/19/07 21:57:59 changed by santosj

Totally!

I'm going to hit this when I get home. Sounds like fun.

12/19/07 22:19:43 changed by drhallows

Nice for WorpressMU and Wordpress Social Blogs =)

12/19/07 22:40:44 changed by ryan

(In [6421]) Add file. see #4470

12/19/07 22:46:02 changed by ryan

(In [6422]) Rename file. see #4470

12/20/07 00:16:15 changed by nbachiyski

The question mark in the list of strange is actually a too strange symbol and xgettext claims it isn't a good utf-8 one. When changed to a conventional ? everything went fine. Patch attached.

12/20/07 00:16:31 changed by nbachiyski

  • attachment password-meter-strange-symbol.diff added.

(follow-ups: ↓ 18 ↓ 19 ) 12/20/07 00:18:33 changed by nbachiyski

Actually it was meant to be a pound sterling sign, but anyway I don't think we should encourage users to use so strange symbols. They have to be able to enter them again.

(in reply to: ↑ 17 ) 12/20/07 00:33:02 changed by pishmishy

Replying to nbachiyski:

Actually it was meant to be a pound sterling sign, but anyway I don't think we should encourage users to use so strange symbols. They have to be able to enter them again.

Some of us think that the S with a line through it is a strange symbol :-)

(in reply to: ↑ 17 ) 12/20/07 05:01:40 changed by spencerp

Replying to nbachiyski:

Actually it was meant to be a pound sterling sign, but anyway I don't think we should encourage users to use so strange symbols. They have to be able to enter them again.

I agree with this. Is this ticket ready to close up now, or?

12/20/07 05:25:59 changed by JDTrower

When I created the patch to work with the latest revision, I didn't look much at the code, but when I looked at the patch posted for the symbols, I noticed the following code: 

<!--[if IE 6]><div id="pass-strength-iesucks">
<?php _e("If you weren&#8217;t using this sucky IE6, there would be pretty colors... and cookies!"); ?>
</div><![endif]-->

I'm wondering if this is something that WP needs to be condoning. I realize that IE6 is a crappy browser, I hate having to code things to work with it, but do we need to rub that fact in the users face. There are people that have no control over what browser they use because of company policy, etc.

(follow-up: ↓ 22 ) 12/20/07 05:32:32 changed by JDTrower

I tested the patch concerning the symbols and it didn't break anything, which it shouldn't. I think Ryan was leaving this ticket open in case someone wanted to come in and provide the functionality of #5404 (which I believe santosj said he was going to try and do).

(in reply to: ↑ 21 ; follow-up: ↓ 24 ) 12/20/07 05:49:12 changed by darkdragon

Replying to JDTrower:

I tested the patch concerning the symbols and it didn't break anything, which it shouldn't. I think Ryan was leaving this ticket open in case someone wanted to come in and provide the functionality of #5404 (which I believe santosj said he was going to try and do).

I think pishmishy is doing a better job than I could. Since most of the work is happening over at the other ticket (#5404), does this mean that this can be closed?

12/20/07 05:50:58 changed by ryan

(In [6429]) Fix funky char, remove IE taunt. Props nbachiyski. see #4470

(in reply to: ↑ 22 ) 12/20/07 09:30:18 changed by pishmishy

Replying to darkdragon:

I think pishmishy is doing a better job than I could.

I'm not really (I don't really like the password strength function as given, although it'll do). Main problem is that my Javascript skills aren't too hot and so although I've gotten close to implementing checkRepetition() in PHP I've not been able to get it exactly right.

12/26/07 13:52:47 changed by mypatricks

Suggest: Use ASCII Character Codes for symbol. example: 

<p><?php _e('Hint: Use upper and lower case characters, numbers and symbols like &#33;&#34;&#163;&#36;&#37;&#94;&#38;&#40; in your password.'); ?></p>

01/03/08 09:11:33 changed by JDTrower

I am uploading a new patch file. This patch reworks the password strength function complete with a new algorithm and a change to the UI of the strength meter. Also included in the patch is the PHP function (as per ticket #5404). The PHP function is disable by default, but in the general options can be enabled.

If nikolayb or someone with i18n understanding can verify the coding to allow for translation, I would appreciate it.

Any feedback would be appreciated.

01/03/08 09:12:46 changed by JDTrower

  • attachment password-strength-meter-revised.diff added.

New password strength function and PHP function (per #5404).

02/07/08 18:52:55 changed by JDTrower

I am uploading a revised version of my previous patch. This patch is current as of revision [6752]. I also made a couple of tweaks from my previous version. Again, the PHP function is disabled by default, but by going into general options, it can be enabled.

This patch and the new algorithm it contains does not include any check for repetition at the moment.

02/07/08 18:58:40 changed by JDTrower

  • attachment password-strength-meter-revised2.diff added.

03/19/08 03:43:03 changed by ffemtcj

  • milestone changed from 2.5 to 2.6.

04/23/08 02:05:33 changed by matt

  • keywords changed from has-patch needs-testing to has-patch needs-testing blessed.
  • owner changed from anonymous to azaozz.

This needs to be updated so it doesn't activate until you've typed something in one of the boxes.

It should also include a warning when the passwords don't match.