Jump to content

Password complexity requirements


encho
 Share

Recommended Posts

That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9).

These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. 

  • Like 1
Link to comment
Share on other sites

I'm using the password fieldtype heavily in the front-end of some testprojects. I would really appreciate it if you want to make it configurable.

Fieldtype or Inputfield? The password requirements only apply to the Inputfield (interactively). There isn't really much reason to use the Inputfield on the front-end of your site unless you are using it with FormBuilder. From the API side, you can configure the minimum length setting for the Inputfield:

$inputfield->minlength = 30; // default is 6
Link to comment
Share on other sites

Thanks Ryan, didn't know that!

My simple user signup form using Inputfields looks like:

$form = $modules->get("InputfieldForm");
$form->action = "./";
$form->method = "post";
$form->attr("id+name",'member-form');
$form->attr("class",'member-form');

$field = $modules->get("InputfieldEmail");
$field->label = "E-mail";
$field->attr('id+name','email');
$field->required = 1;
$form->append($field);

$field = $modules->get("InputfieldPassword");
$field->label = "Password";
$field->attr("id+name","password");
$field->required = 1;
$form->append($field);

$submit = $modules->get("InputfieldSubmit");
$submit->attr("value","Join");
$submit->attr("id+name","submit");
$form->append($submit);

This works great! An option to alter requirements besides the lenght would be great. I don't know how to implement this. Perhaps a regular expression?

Link to comment
Share on other sites

EDIT:

Sorry, looking at the InputfieldPassword sourcecode it seems the is no pattern support. But if you dont't need "verify password" you can use a simple InputfieldText and give it a attribute password ($field->attr("type","password");) and a pattern like below.

ORIGINAL POST:

I think you can use field->pattern like this:

$field = $modules->get("InputfieldPassword");
$field->label = "Password";
$field->attr("id+name","password");
$field->required = 1;
$field->pattern = "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$"; //the regex pattern will be used for backend validation and in html5 browsers also for frontend validation
$form->append($field);
  • Like 2
Link to comment
Share on other sites

That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9).

These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. 

I can't believe I'm the first one to ask :) Is there a place I can post a feature request?

Link to comment
Share on other sites

  • 4 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...