encho Posted March 25, 2013 Posted March 25, 2013 I have been looking for this, but to no avail: is there a setting to adjust password length/complexity/other requirements? Thanks.
MarcC Posted March 26, 2013 Posted March 26, 2013 It's sort of looking like no to me in the default setup, but maybe you can just create your own special password fieldtype with different requirements? That's a module, after all.
ryan Posted March 27, 2013 Posted March 27, 2013 That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9). These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. 1
arjen Posted March 27, 2013 Posted March 27, 2013 I'm using the password fieldtype heavily in the front-end of some testprojects. I would really appreciate it if you want to make it configurable.
ryan Posted March 27, 2013 Posted March 27, 2013 I'm using the password fieldtype heavily in the front-end of some testprojects. I would really appreciate it if you want to make it configurable. Fieldtype or Inputfield? The password requirements only apply to the Inputfield (interactively). There isn't really much reason to use the Inputfield on the front-end of your site unless you are using it with FormBuilder. From the API side, you can configure the minimum length setting for the Inputfield: $inputfield->minlength = 30; // default is 6
arjen Posted March 28, 2013 Posted March 28, 2013 Thanks Ryan, didn't know that! My simple user signup form using Inputfields looks like: $form = $modules->get("InputfieldForm"); $form->action = "./"; $form->method = "post"; $form->attr("id+name",'member-form'); $form->attr("class",'member-form'); $field = $modules->get("InputfieldEmail"); $field->label = "E-mail"; $field->attr('id+name','email'); $field->required = 1; $form->append($field); $field = $modules->get("InputfieldPassword"); $field->label = "Password"; $field->attr("id+name","password"); $field->required = 1; $form->append($field); $submit = $modules->get("InputfieldSubmit"); $submit->attr("value","Join"); $submit->attr("id+name","submit"); $form->append($submit); This works great! An option to alter requirements besides the lenght would be great. I don't know how to implement this. Perhaps a regular expression?
interrobang Posted March 28, 2013 Posted March 28, 2013 EDIT: Sorry, looking at the InputfieldPassword sourcecode it seems the is no pattern support. But if you dont't need "verify password" you can use a simple InputfieldText and give it a attribute password ($field->attr("type","password");) and a pattern like below. ORIGINAL POST: I think you can use field->pattern like this: $field = $modules->get("InputfieldPassword"); $field->label = "Password"; $field->attr("id+name","password"); $field->required = 1; $field->pattern = "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$"; //the regex pattern will be used for backend validation and in html5 browsers also for frontend validation $form->append($field); 2
apeisa Posted April 2, 2013 Posted April 2, 2013 Is the digit requirement good to have? New hot is passphrases, using passwords like "Cats Milk Sugar Shake" (long, but easier to remember). 1
encho Posted April 2, 2013 Author Posted April 2, 2013 That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9). These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. I can't believe I'm the first one to ask Is there a place I can post a feature request?
kongondo Posted April 2, 2013 Posted April 2, 2013 I can't believe I'm the first one to ask Is there a place I can post a feature request? Uuh, http://processwire.com/talk/forum/5-wishlist-roadmap/ /k 1
desbest Posted December 21, 2017 Posted December 21, 2017 Hello I would like a setting in the processwire admin panel that allows me to set the complexity setting of new passwords. Just a reminder to say that this is a good feature to put in.
adrian Posted December 21, 2017 Posted December 21, 2017 https://processwire.com/blog/posts/upgrades-optimizations-pw-3.0.22/#major-enhancements-to-our-password-field 4
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now