Login

natanfelles · 12-14-2016, 01:25 PM

Example file using callback to validate passwords by regex.

Required
Lowercase
Uppercase
Number
Special Chars

https://gist.github.com/natanfelles/f5d4...78edeb7d7d

PHP Code:

<?php
/**
 * @author   Natan Felles <[email protected]>
 */
defined('BASEPATH') or exit('No direct script access allowed');
/**
 * Class Access
 */
class Access extends CI_Controller {
    public function __construct()
    {
        parent::__construct();
    }
    public function create_account()
    {
        if ($this->input->post())
        {
            $this->load->library('form_validation');
            $rules = array(
                [
                    'field' => 'password',
                    'label' => 'Password',
                    'rules' => 'callback_valid_password',
                ],
                [
                    'field' => 'repeat_password',
                    'label' => 'Repeat Password',
                    'rules' => 'matches[password]',
                ],
            );
            $this->form_validation->set_rules($rules);
            if ($this->form_validation->run())
            {
                echo 'Success! Account can be created.';
            }
            else
            {
                echo 'Error! <ul>' . validation_errors('<li>', '</li>') . '</ul>';
            }
        }
        // Load your views
    }
    /**
     * Validate the password
     *
     * @param string $password
     *
     * @return bool
     */
    public function valid_password($password = '')
    {
        $password = trim($password);
        $regex_lowercase = '/[a-z]/';
        $regex_uppercase = '/[A-Z]/';
        $regex_number = '/[0-9]/';
        $regex_special = '/[!@#$%^&*()\-_=+{};:,<.>§~]/';
        if (empty($password))
        {
            $this->form_validation->set_message('valid_password', 'The {field} field is required.');
            return FALSE;
        }
        if (preg_match_all($regex_lowercase, $password) < 1)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field must be at least one lowercase letter.');
            return FALSE;
        }
        if (preg_match_all($regex_uppercase, $password) < 1)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field must be at least one uppercase letter.');
            return FALSE;
        }
        if (preg_match_all($regex_number, $password) < 1)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field must have at least one number.');
            return FALSE;
        }
        if (preg_match_all($regex_special, $password) < 1)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field must have at least one special character.' . ' ' . htmlentities('!@#$%^&*()\-_=+{};:,<.>§~'));
            return FALSE;
        }
        if (strlen($password) < 5)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field must be at least 5 characters in length.');
            return FALSE;
        }
        if (strlen($password) > 32)
        {
            $this->form_validation->set_message('valid_password', 'The {field} field cannot exceed 32 characters in length.');
            return FALSE;
        }
        return TRUE;
    }
  
}

natanfelles.github.io

***Narf*** · 12-14-2016, 09:10 PM

Example of why the word "overthinking" exists.

Do NOT put artificial limits. DO require minimum strenght.

A 33-character password is stronger than a 32-character one - maximum length is a limitation (bad).
A 4-character password is weaker than a 5-characater one - minimum length ~= minimum strength (good; in principle ... should be at least 10 nowadays).

natanfelles · 12-15-2016, 08:15 AM

(12-14-2016, 09:10 PM)Narf Wrote: Example of why the word "overthinking" exists.

Do NOT put artificial limits. DO require minimum strenght.

A 33-character password is stronger than a 32-character one - maximum length is a limitation (bad).
A 4-character password is weaker than a 5-characater one - minimum length ~= minimum strength (good; in principle ... should be at least 10 nowadays).

Thank you, Narf.

Limits can be changed.

natanfelles.github.io