Jump to content

[SOLVED] ispell-dictionary


Trium918

Recommended Posts

Is there a newer version of ispell-dictionary,or a better way to

do this in a script? I am using it in the script below.

 

Note: This a practice script.

 

function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
   // generate a random word
  $word = "";
  $dictionary = "/usr/dict/words";  // the ispell dictionary
  $fp = fopen($dictionary, "r");
  $size = filesize($dictionary);

  // go to a random location in dictionary
  srand ((double) microtime() * 1000000);
  $rand_location = rand(0, $size);
  fseek($fp, $rand_location);

  // get the next whole word of the right length in the file
  while (strlen($word)< $min_length || strlen($word)>$max_length) 
  {  
     if (feof($fp))   
        fseek($fp, 0);        // if at end, go to start
     $word = fgets($fp, 80);  // skip first word as it could be partial
     $word = fgets($fp, 80);  // the potential password
  };
  $word=trim($word); // trim the trailing \n from fgets
  return $word;  
}

Link to comment
https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/
Share on other sites

A better way to do what? Choose random lines in a file?

 

monk.e.boy

 

In order for this function to work, I would need a dictionary. If I was

using UNIX system, the built-in spell checker ispell comes with a

dictionary of words, typically located at /usr/dict/words, as I have

done here.

$dictionary = "/usr/dict/words";  // the ispell dictionary

Since I wasn't using UNIX, I was wondering is there a better method to use

then the one I have assuming I'm using old coding technics.

I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen.

 

Have you heard of dictionary attacks? I assume you have, but I just had to mention them  :)

 

monk.e.boy

 

Never heard of it, but it sounds bad. That is why I was

asking is there a better way to do this.

I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen.

 

Have you heard of dictionary attacks? I assume you have, but I just had to mention them  :)

 

monk.e.boy

 

Never heard of it, but it sounds bad. That is why I was

asking is there a better way to do this.

 

This is the first way someone will attack your password. Run every combination of user name + word in dictionary to crack it. Kind of like cracking a combination lock by trying every combination. A 3gig duel core PC will be good at this  :)

 

For web sites this is a bit slow, but a bot-net will soon crack enough passwords to be useful. Cracking WinXP passwords with a dictionary attack is very fast. Google around for secure passwords.

 

monk.e.boy

I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen.

 

Have you heard of dictionary attacks? I assume you have, but I just had to mention them  :)

 

monk.e.boy

 

Never heard of it, but it sounds bad. That is why I was

asking is there a better way to do this.

 

This is the first way someone will attack your password. Run every combination of user name + word in dictionary to crack it. Kind of like cracking a combination lock by trying every combination. A 3gig duel core PC will be good at this  :)

 

For web sites this is a bit slow, but a bot-net will soon crack enough passwords to be useful. Cracking WinXP passwords with a dictionary attack is very fast. Google around for secure passwords.

 

monk.e.boy

 

I implement a set of 4 scripts in the order they

should execute. Is this still a dictionary attack for

lost password?

<?
require_once("bookmark_fns.php");
do_html_header("Resetting password");

if ($password=reset_password($username))
{ 
    if (notify_password($username, $password))
      echo "Your new password has been sent to your email address.";
    else
      echo "Your password could not be mailed to you."
           ." Try pressing refresh.";
}
else
   echo "Your password could not be reset - please try again later.";

  do_html_url("login.php", "Login");

do_html_footer();
?>

 

function reset_password($username)
// set password for username to a random value
// return the new password or false on failure
{ 
  // get a random dictionary word b/w 6 and 13 chars in length
  $new_password = get_random_word(6, 13);

  // add a number  between 0 and 999 to it
  // to make it a slightly better password
  srand ((double) microtime() * 1000000);
  $rand_number = rand(0, 999); 
  $new_password .= $rand_number;

  // set user's password to this in database or return false
  if (!($conn = db_connect()))
      return false;
  $result = mysql_query( "update user
                          set passwd = password('$new_password')
                          where username = '$username'");
  if (!$result)
    return false;  // not changed
  else
    return $new_password;  // changed successfully  
}

function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
   // generate a random word
  $word = "";
  $dictionary = "/usr/dict/words";  // the ispell dictionary
  $fp = fopen($dictionary, "r");
  $size = filesize($dictionary);

  // go to a random location in dictionary
  srand ((double) microtime() * 1000000);
  $rand_location = rand(0, $size);
  fseek($fp, $rand_location);

  // get the next whole word of the right length in the file
  while (strlen($word)< $min_length || strlen($word)>$max_length) 
  {  
     if (feof($fp))   
        fseek($fp, 0);        // if at end, go to start
     $word = fgets($fp, 80);  // skip first word as it could be partial
     $word = fgets($fp, 80);  // the potential password
  };
  $word=trim($word); // trim the trailing \n from fgets
  return $word;  
}

function notify_password($username, $password)
// notify the user that their password has been changed
{
    if (!($conn = db_connect()))
      return false;
    $result = mysql_query("select email from user
                            where username='$username'");
    if (!$result)
      return false;  // not changed
    else if (mysql_num_rows($result)==0)
      return false; // username not in db
    else
    {
      $email = mysql_result($result, 0, "email");
      $from = "From: support@phpbookmark \r\n";
      $mesg = "Your PHPBookmark password has been changed to $password \r\n"
              ."Please change it next time you log in. \r\n";
      if (mail($email, "PHPBookmark login information", $mesg, $from))
        return true;      
      else
        return false;     
    }
} 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.