No announcement yet.

[SOLUTION] Password rules validation

  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLUTION] Password rules validation

    Maybe there was a simpler way to do this but this is what I've done. I've added rules to the change_password application; some of these using the options available in SC, others with simple rules (new password cannot be the same as the old, cannot be the same as the user login...) - and this - which is called from Events > Onvalidate before passwords are encrypted.

    What it does:
    Requires password to be 8-20 characters
    Verifies that users password contains A-Z, a-z, 0-9 and a special character.

    Here's the code:
    $pwd={pswd} ;
    if (preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$#", $pwd)){
    return true ;
    } else {
    sc_error_message("Your new password must comply with password requirements") ;