Trium918 Posted April 10, 2007 Share Posted April 10, 2007 Is there a newer version of ispell-dictionary,or a better way to do this in a script? I am using it in the script below. Note: This a practice script. function get_random_word($min_length, $max_length) // grab a random word from dictionary between the two lengths // and return it { // generate a random word $word = ""; $dictionary = "/usr/dict/words"; // the ispell dictionary $fp = fopen($dictionary, "r"); $size = filesize($dictionary); // go to a random location in dictionary srand ((double) microtime() * 1000000); $rand_location = rand(0, $size); fseek($fp, $rand_location); // get the next whole word of the right length in the file while (strlen($word)< $min_length || strlen($word)>$max_length) { if (feof($fp)) fseek($fp, 0); // if at end, go to start $word = fgets($fp, 80); // skip first word as it could be partial $word = fgets($fp, 80); // the potential password }; $word=trim($word); // trim the trailing \n from fgets return $word; } Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/ Share on other sites More sharing options...
monk.e.boy Posted April 10, 2007 Share Posted April 10, 2007 A better way to do what? Choose random lines in a file? monk.e.boy Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225871 Share on other sites More sharing options...
Trium918 Posted April 10, 2007 Author Share Posted April 10, 2007 A better way to do what? Choose random lines in a file? monk.e.boy In order for this function to work, I would need a dictionary. If I was using UNIX system, the built-in spell checker ispell comes with a dictionary of words, typically located at /usr/dict/words, as I have done here. $dictionary = "/usr/dict/words"; // the ispell dictionary Since I wasn't using UNIX, I was wondering is there a better method to use then the one I have assuming I'm using old coding technics. Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225907 Share on other sites More sharing options...
monk.e.boy Posted April 10, 2007 Share Posted April 10, 2007 I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen. Have you heard of dictionary attacks? I assume you have, but I just had to mention them monk.e.boy Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225930 Share on other sites More sharing options...
Trium918 Posted April 10, 2007 Author Share Posted April 10, 2007 I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen. Have you heard of dictionary attacks? I assume you have, but I just had to mention them monk.e.boy Never heard of it, but it sounds bad. That is why I was asking is there a better way to do this. Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225945 Share on other sites More sharing options...
mjlogan Posted April 10, 2007 Share Posted April 10, 2007 I was originally using ispell and pspell but then moved over to http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_soundex The mysql functions seems to work very well. Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225948 Share on other sites More sharing options...
boo_lolly Posted April 10, 2007 Share Posted April 10, 2007 I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen. i'm sure it's under the GNU lisence. Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225949 Share on other sites More sharing options...
monk.e.boy Posted April 10, 2007 Share Posted April 10, 2007 I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen. Have you heard of dictionary attacks? I assume you have, but I just had to mention them monk.e.boy Never heard of it, but it sounds bad. That is why I was asking is there a better way to do this. This is the first way someone will attack your password. Run every combination of user name + word in dictionary to crack it. Kind of like cracking a combination lock by trying every combination. A 3gig duel core PC will be good at this For web sites this is a bit slow, but a bot-net will soon crack enough passwords to be useful. Cracking WinXP passwords with a dictionary attack is very fast. Google around for secure passwords. monk.e.boy Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225954 Share on other sites More sharing options...
Trium918 Posted April 10, 2007 Author Share Posted April 10, 2007 I don't know what the license for iSpell is but you may be able to copy the words file onto your XP boxen. Have you heard of dictionary attacks? I assume you have, but I just had to mention them monk.e.boy Never heard of it, but it sounds bad. That is why I was asking is there a better way to do this. This is the first way someone will attack your password. Run every combination of user name + word in dictionary to crack it. Kind of like cracking a combination lock by trying every combination. A 3gig duel core PC will be good at this For web sites this is a bit slow, but a bot-net will soon crack enough passwords to be useful. Cracking WinXP passwords with a dictionary attack is very fast. Google around for secure passwords. monk.e.boy I implement a set of 4 scripts in the order they should execute. Is this still a dictionary attack for lost password? <? require_once("bookmark_fns.php"); do_html_header("Resetting password"); if ($password=reset_password($username)) { if (notify_password($username, $password)) echo "Your new password has been sent to your email address."; else echo "Your password could not be mailed to you." ." Try pressing refresh."; } else echo "Your password could not be reset - please try again later."; do_html_url("login.php", "Login"); do_html_footer(); ?> function reset_password($username) // set password for username to a random value // return the new password or false on failure { // get a random dictionary word b/w 6 and 13 chars in length $new_password = get_random_word(6, 13); // add a number between 0 and 999 to it // to make it a slightly better password srand ((double) microtime() * 1000000); $rand_number = rand(0, 999); $new_password .= $rand_number; // set user's password to this in database or return false if (!($conn = db_connect())) return false; $result = mysql_query( "update user set passwd = password('$new_password') where username = '$username'"); if (!$result) return false; // not changed else return $new_password; // changed successfully } function get_random_word($min_length, $max_length) // grab a random word from dictionary between the two lengths // and return it { // generate a random word $word = ""; $dictionary = "/usr/dict/words"; // the ispell dictionary $fp = fopen($dictionary, "r"); $size = filesize($dictionary); // go to a random location in dictionary srand ((double) microtime() * 1000000); $rand_location = rand(0, $size); fseek($fp, $rand_location); // get the next whole word of the right length in the file while (strlen($word)< $min_length || strlen($word)>$max_length) { if (feof($fp)) fseek($fp, 0); // if at end, go to start $word = fgets($fp, 80); // skip first word as it could be partial $word = fgets($fp, 80); // the potential password }; $word=trim($word); // trim the trailing \n from fgets return $word; } function notify_password($username, $password) // notify the user that their password has been changed { if (!($conn = db_connect())) return false; $result = mysql_query("select email from user where username='$username'"); if (!$result) return false; // not changed else if (mysql_num_rows($result)==0) return false; // username not in db else { $email = mysql_result($result, 0, "email"); $from = "From: support@phpbookmark \r\n"; $mesg = "Your PHPBookmark password has been changed to $password \r\n" ."Please change it next time you log in. \r\n"; if (mail($email, "PHPBookmark login information", $mesg, $from)) return true; else return false; } } Link to comment https://forums.phpfreaks.com/topic/46436-solved-ispell-dictionary/#findComment-225966 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.