dokuwiki · splitbrain · Jun 16, 2013 · Jun 9, 2013 · Jun 9, 2013 · Jun 14, 2013
diff --git a/inc/auth.php b/inc/auth.php
@@ -678,27 +678,41 @@ function auth_nameencode($name, $skip_group = false) {
 /**
  * Create a pronouncable password
  *
- * @author  Andreas Gohr <andi@splitbrain.org>
- * @link    http://www.phpbuilder.com/annotate/message.php3?id=1014451
+ * The $foruser variable might be used by plugins to run additional password
+ * policy checks, but is not used by the default implementation
+ *
+ * @author   Andreas Gohr <andi@splitbrain.org>
+ * @link     http://www.phpbuilder.com/annotate/message.php3?id=1014451
+ * @triggers AUTH_PASSWORD_GENERATE
  *
+ * @param  string $foruser username for which the password is generated
  * @return string  pronouncable password
  */
-function auth_pwgen() {
-    $pw = '';
-    $c  = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
-    $v  = 'aeiou'; //vowels
-    $a  = $c.$v; //both
-
-    //use two syllables...
-    for($i = 0; $i < 2; $i++) {
-        $pw .= $c[rand(0, strlen($c) - 1)];
-        $pw .= $v[rand(0, strlen($v) - 1)];
-        $pw .= $a[rand(0, strlen($a) - 1)];
+function auth_pwgen($foruser = '') {
+    $data = array(
+        'password' => '',
+        'foruser'  => $foruser
+    );
+
+    $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data);
+    if($evt->advise_before(true)) {
+        $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones
+        $v = 'aeiou'; //vowels
+        $a = $c.$v; //both
+        $s = '!$%&?+*~#-_:.;,'; // specials
+
+        //use thre syllables...
+        for($i = 0; $i < 3; $i++) {
+            $data['password'] .= $c[mt_rand(0, strlen($c) - 1)];
+            $data['password'] .= $v[mt_rand(0, strlen($v) - 1)];
+            $data['password'] .= $a[mt_rand(0, strlen($a) - 1)];
+        }
+        //... and add a nice number and special
+        $data['password'] .= mt_rand(10, 99).$s[mt_rand(0, strlen($s) - 1)];
     }
-    //... and add a nice number
-    $pw .= rand(10, 99);
+    $evt->advise_after();
 
-    return $pw;
+    return $data['password'];
 }
 
 /**
@@ -765,7 +779,7 @@ function register() {
     }
 
     if($conf['autopasswd']) {
-        $pass = auth_pwgen(); // automatically generate password
+        $pass = auth_pwgen($login); // automatically generate password
     } elseif(empty($pass) || empty($passchk)) {
         msg($lang['regmissing'], -1); // complain about missing passwords
         return false;
@@ -958,7 +972,7 @@ function act_resendpwd() {
 
         } else { // autogenerate the password and send by mail
 
-            $pass = auth_pwgen();
+            $pass = auth_pwgen($user);
             if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                 msg('error modifying user data', -1);
                 return false;

diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
@@ -355,7 +355,7 @@ function _addUser(){
         if ($this->_auth->canDo('modPass')){
           if (empty($pass)){
             if($INPUT->has('usernotify')){
-              $pass = auth_pwgen();
+              $pass = auth_pwgen($user);
             } else {
               msg($this->lang['add_fail'], -1);
               return false;
@@ -496,7 +496,7 @@ function _modifyUser(){
 
         // generate password if left empty and notification is on
         if($INPUT->has('usernotify') && empty($newpass)){
-            $newpass = auth_pwgen();
+            $newpass = auth_pwgen($olduser);
         }
 
         if (!empty($newpass) && $this->_auth->canDo('modPass'))