本文介绍了如何使用WhizBase创建一个密码强度计,该工具检查密码的长度、是否包含用户名、数字、特殊字符、小写字母和大写字母,以评估密码的安全性。
Today the Internet is everywhere, we use it in everything, it is the buzz word of our time. When it first began it was just an experiment, a network for exchanging some data between universities, no one used it for exchanging private data.
今天,互联网无处不在,我们在所有方面都使用它,这是我们这个时代的流行语。 刚开始时,它只是一个实验,一个用于在大学之间交换一些数据的网络,没有人使用它来交换私人数据。
Today it is 90% social powered network, everyone have a profile on some social website, a lot of people have money accounts on the net, some others have galleries and private data. So now we have to take care about security, how to secure our data, we need a good password, most people use «trustno1» or «000000» or their birth dates. That is not a good password, any cracking engine can guess that one.
今天,它是90%的社交网络,每个人都在一些社交网站上有一个个人资料,很多人在网上有金钱帐户,另一些人有画廊和私人数据。 因此,现在我们必须注意安全性,如何保护我们的数据,我们需要一个好的密码,大多数人都使用“ trustno1”或“ 000000”或其生日。 那不是一个好密码,任何破解引擎都可以猜到。
Making a good password
设定好密码
A good password must have numbers, alphabetic characters (upper and lower case), other characters, they must be in a random order and must not mean anything. So do not use English words with meaning or some number combinations of something in your life.
好的密码必须包含数字,字母字符(大写和小写),其他字符,它们必须是随机顺序,并且不能表示任何含义。 因此,请勿在生活中使用带有含义或某些数字组合的英语单词。
A good example for a good password is ubXr-z9)7mn: we have upper and lower case letters, we have numbers and we have other characters. This password is nearly impossible to guess.
一个很好的密码示例就是ubXr-z9)7mn:我们有大小写字母,我们有数字,还有其他字符。 此密码几乎是不可能猜到的。
We will show you how to make password strength meter in WhizBase. The concept is easy, the user enters the password, we check it if it has all the 4 elements in it and give strength value back.
我们将向您展示如何在WhizBase中制作密码强度计。 这个概念很简单,用户输入密码,我们检查密码是否包含所有4个元素,然后返回强度值。
So let us start.
因此,让我们开始吧。
Give me your password
给我你的密码
We will make a simple HTML form where we will ask the user to insert a username and a password. It is the standard form you can find everywhere on the net. Let us name it «index.htm»
我们将制作一个简单HTML表单,在该表单中,我们将要求用户插入用户名和密码。 它是您在网上随处可见的标准格式。 让我们将其命名为“ index.htm”
<html>
<head><title>WhizBase Password Strength Meter</title></head>
<body>
<form action='chpwd.wbsp' method='post'>
Username : <input type='text' name='username' value='' /><br />
Password : <input type='password' name='pwd' value='' /><br />
<input type='submit' value='check my password' />
</form>
</body>
</html>
Some notes about this code, we always use POST method in the form to hide our password when sending it through the web, we need the username to check if the password contains the username in it. We will create the file «chpwd.wbsp» which will make the checking for us.
关于此代码的一些注意事项,当通过网络发送密码时,我们总是使用POST方法以隐藏密码,我们需要用户名来检查密码中是否包含用户名。 我们将创建文件“ chpwd.wbsp”,它将为我们进行检查。
Mambo Jumbo stuff of the code
Mambo Jumbo的代码
Before we start we need to write down what we want to check and how we mark the password strength. I will make a list of things we need to check and every point have 1 point mark. So if the password passes 3 out of 6 it will have 50% strength.
在开始之前,我们需要写下我们要检查的内容以及如何标记密码强度。 我将列出我们需要检查的事项列表,每个点都有1分。 因此,如果密码在6中通过3,则强度为50%。
1. The length of the password must be at least 8 characters
1.密码长度必须至少为8个字符
2. The password must not contain the username in it
2.密码中不得包含用户名
3. The password must contain numbers
3.密码必须包含数字
4. The password must contain special characters
4.密码必须包含特殊字符
5. The password must contain lower case letters
5.密码必须包含小写字母
6. The password must contain upper case letters
6.密码必须包含大写字母
Now lets begin with the code, save it in 'chpwd.wbsp':
现在让我们从代码开始,将其保存在“ chpwd.wbsp”中:
<html><head><title>WhizBase Password Strength Meter<title></head><body>
$wbsetv[strength|0]
$wbif[$wblen[$wbv[pwd]]>7|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]
$wbif[$WBCSTR[$wbv[pwd]|$wbv[username]|T]>0||$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]]
$wbsetv[avail|F]
$WBSPLIT[0,1,2,3,4,5,6,7,8,9|numbers|,]
$wbsetv[count|0]
$wbwhile[$wbgetv[count]<=$wbalen[numbers]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[numbers($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]
$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]
$wbsetv[avail|F]
$WBSPLIT[!,#,$,%,&,/,(,),=,?,*,@,;,:,-,_|schars|,]
$wbsetv[count|0]
$wbwhile[$wbgetv[count]<=$wbalen[schars]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[schars($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]
$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]
$wbsetv[avail|F]
$WBSPLIT[q,w,e,r,t,z,u,i,o,p,a,s,d,f,g,h,j,k,l,y,x,c,v,b,n,m|scase|,]
$wbsetv[count|0]
$wbwhile[$wbgetv[count]<=$wbalen[scase]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[scase($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]
$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]
$wbsetv[avail|F]
$WBSPLIT[Q,W,E,R,T,Z,U,I,O,P,A,S,D,F,G,H,J,K,L,Y,X,C,V,B,N,M|ucase|,]
$wbsetv[count|0]
$wbwhile[$wbgetv[count]<=$wbalen[ucase]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[ucase($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]
$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]
Your password's strength is $wbcalc[$wbcalc[$wbgetv[strength]/6]*100]% $wbgetv[strength]
</body></html>
Let us speak English
让我们说英语
Now let me explain what we have done. First we have created a variable which will contain the strength value, starting with zero because we assume the password is not good and then check every point and give a mark for success. We've done that with $wbsetv[strength|0] which means «WhizBase set a variable named strength with value 0».
现在让我解释一下我们所做的。 首先,我们创建了一个包含强度值的变量,从零开始,因为我们假设密码不好,然后检查每个点并给成功打上分数。 我们使用$ wbsetv [strength | 0]完成了此操作,这意味着«WhizBase设置了一个名为强度的变量,其值为0»。
Now we start with checking, first we check if the password length is more than 7 characters.
现在开始检查,首先检查密码长度是否超过7个字符。
$wbif[
$wblen[$wbv[pwd]]>7
|
|
$wbsetv[strength|
$wbcalc[$wbgetv[strength]+1]
]
]
We say «If the length of 'pwd' variable greater is than 7 then add 1 point to the variable strength. Else do nothing.
我们说«如果“ pwd”变量的长度大于7,则在变量强度上加1点。 其他什么都不做。
Now we want to check if the password contains the username in it.
现在,我们要检查密码中是否包含用户名。
$wbif[
$WBCSTR[$wbv[pwd]|$wbv[username]|T]>0
|
|
$wbsetv[strength|
$wbcalc[$wbgetv[strength]+1]
]
]
Again we use $WBIF «If number of occurences of the username variable in the pwd variable is greater than 0, then do nothing» (do not add a point), because there is at least one occurence and there should be none, «else add one point to the variable strength» because there is no user name in pwd.
同样,我们使用$ WBIF«如果pwd变量中username变量的出现次数大于0,则什么都不做»(不要加一个点),因为至少发生了一次,应该没有发生,«否则在强度变量中加1点»,因为pwd中没有用户名。
Now we will make our script a little bit more complex, since we need to check if there are number characters in the password. To do so, we will define the numbers array and loop through the elements and check if any of them exists in the password string.
现在,我们将使脚本更加复杂,因为我们需要检查密码中是否包含数字字符。 为此,我们将定义数字数组并遍历元素,并检查密码字符串中是否存在任何元素。
$wbsetv[avail|F]
$WBSPLIT[0,1,2,3,4,5,6,7,8,9|numbers|,]
$wbsetv[count|0]
$wbwhile[$wbgetv[count]<=$wbalen[numbers]
|
$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[numbers($wbgetv[count])]|T]>0 |$wbsetv[avail |T]|]
$wbsetv[count|$wbcalc[$wbgetv[count]+1]]
]
$wbif[
$wbgetv[avail] = 'T'
|
$wbsetv[strength|
$wbcalc[$wbgetv[strength]+1]
]
|
]
At the beginning we suppose that there are no numbers, and give a value F as False for variable avail. Using wbsplit with the string «0,1,2,3,4,5,6,7,8,9» we make an array named numbers with the separator «,». This is a very cool way to create arrays in WhizBase. There are another ways but I prefer this one.
最初,我们假设没有数字,并且将变量F的值F设置为False。 通过将wbsplit与字符串«0,1,2,3,4,5,6,7,8,9»一起使用,我们可以创建一个名为数字的数组,并使用分隔符«,»。 这是在WhizBase中创建数组的一种非常酷的方法。 还有另一种方法,但我更喜欢这种方法。
Now to loop through the array, we will need a counter so we will create a variable «count» with initial value of 0.
现在遍历数组,我们将需要一个计数器,因此我们将创建一个初始值为0的变量“ count”。
We will loop through the array while the condition (counter value <= length of the array) is true. In the loop we check with wbif function if there is an occurrence of the array element's value in the password string. If we find at least one we will set the variable avail as True «T». And off course we do not want our loop to go infinite, so we increase the value of the counter variable.
当条件(计数器值<=数组的长度)为true时,我们将遍历数组。 在循环中,我们使用wbif函数检查密码字符串中是否存在数组元素的值。 如果找到至少一个,我们会将变量avail设置为True«T»。 当然,我们不希望循环无限长,因此我们增加了计数器变量的值。
After the loop is ended we check if our «avail» variable is True, which means that our password string has numbers in it, and add one point to «strength» variable (if true), else we do nothing.
循环结束后,我们检查«avail»变量是否为True,这意味着我们的密码字符串中包含数字,并在«strength»变量中加1分(如果为true),否则我们什么也不做。
Now we repeat the same thing for special characters, lower case letters and upper case letters.
现在,我们对特殊字符,小写字母和大写字母重复相同的操作。
I will not go through that code because it is the same as this one.
我不会遍历该代码,因为它与此代码相同。
Finally we will calculate the percentage of the strength, which is simple mathematical equation:
最后,我们将计算强度百分比,这是一个简单的数学方程式:
$wbcalc[$wbcalc[$wbgetv[strength]/6]*100]
We calculate the result of the strength points divided by maximum points (in our case it is 6), and then we multiply the result with 100 to get a percentage result.
我们计算强度点的结果除以最大点(在我们的示例中为6),然后将结果乘以100以得到百分比结果。
And here we have a script that will tell us how powerful is our password.
在这里,我们有一个脚本,可以告诉我们密码的功能。
For more information email me at: NurAzije [at] Gmail [dot] com
有关更多信息,请给我发送电子邮件:NurAzije [at] Gmail [dot] com
Or visit WhizBase official site at www.whizbase.com
或访问WhizBase官方网站www.whizbase.com
NurAzije is a PHP and WhizBase programmer, who at the time of article publication is working in partnership with WhizBase on several projects.
NurAzije是一名PHP和WhizBase程序员,在撰写本文时,他正在与WhizBase合作进行多个项目。
翻译自: https://www.experts-exchange.com/articles/1976/Make-a-Password-Strength-Meter-in-WhizBase.html
3499
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
