diff -r 700d61d93b1b -r a044870a9d3d packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php
--- a/packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php	Tue Jan 08 23:21:25 2013 -0500
+++ b/packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/functions.php	Fri Jan 11 00:32:54 2013 -0500
@@ -29,7 +29,7 @@
 function load_credentials()
 {
 	$config = yaml_parse_file("/usr/local/etc/ssoinabox/webcreds.yml");
-	$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN');
+	$keys = array('LDAP_BASEDN', 'UID_MIN', 'GID_MIN', 'ldap_server', 'ldap_manager', 'ldap_user_basedn', 'ldap_group_basedn', 'kerberos_admin', 'PHONE_EXT_MIN', 'hmac_secret');
 	
 	foreach ( $keys as $key )
 	{
@@ -42,3 +42,48 @@
 			$GLOBALS[$key] = $config[$key];
 	}
 }
+
+/**
+ * Test a password's policy compliance
+ * @param string password
+ * @return mixed true if compliant, otherwise a string describing why it isn't
+ */
+
+function test_password($str)
+{
+	if ( strlen($str) < 8 )
+		return 'must be at least 8 characters in length';
+	
+	if ( countUniqueChars($str) < 6 )
+		return 'must have at least 6 unique characters';
+	
+	if ( strlen($str) <= 16 )
+	{
+		if ( !preg_match('/[a-z]/', $str) )
+			return 'must contain at least one lowercase letter';
+		
+		if ( !preg_match('/[A-Z]/', $str) )
+			return 'must contain at least one lowercase letter';
+		
+		if ( !preg_match('/[0-9]/', $str) )
+			return 'must contain at least one lowercase letter';
+		
+		if ( !preg_match('/[^A-Za-z0-9]/', $str) )
+			return 'must contain at least one lowercase letter';
+	}
+	
+	return true;
+}
+
+function countUniqueChars($str)
+{
+	$count = 0;
+	$uniq = '';
+	for ( $i = 0; $i < strlen($str); $i++ )
+	{
+		if ( strpos($uniq, $str{$i}) === false )
+			$uniq .= $str{$i};
+	}
+	
+	return strlen($uniq);
+}