[SOLVED] Password rules validation

betty · May 23, 2024, 1:23pm

Maybe there was a simpler way to do this but this is what I’ve done. I’ve added rules to the change_password application; some of these using the options available in SC, others with simple rules (new password cannot be the same as the old, cannot be the same as the user login…) - and this - which is called from Events > Onvalidate before passwords are encrypted.

What it does:
Requires password to be 8-20 characters
Verifies that users password contains A-Z, a-z, 0-9 and a special character.

Here’s the code:
$pwd={pswd} ;
if (preg_match("#.^(?=.{8,20})(?=.[a-z])(?=.[A-Z])(?=.[0-9]).*$#", $pwd)){
return true ;
} else {
sc_error_message(“Your new password must comply with password requirements”) ;
}

top1data · May 13, 2024, 2:42pm

Hello Betty

Thank you for the code i’m looking for somethnig very similar i have a form with a password field and i have added your code but it always says the password is wrong. I assume {pswd} is the name of your form field?

mollyshark · May 14, 2024, 6:17pm

$password = {pswd};
$pattern = “/^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.\W).{8,20}$/”;
if (preg_match($pattern, $password)) {

return true ;
} else {
sc_error_message(“Your new password must comply with password requirements”) ;
}

The \W is the special character. The \d is any digit.

top1data · May 15, 2024, 10:26am

Thank you Mollyshark for the code.

when i run the application is is coming up with this error.

Parse error: syntax error, unexpected token “^”

mollyshark · May 15, 2024, 11:53am

Runs perfectly on mine. The only thing I can think of is sometimes if you copy and paste the text, it converts the quote marks to a curly version that doesn’t work. I have to replace them with typed in quotes from my keyboard. I have the posted code in an ajax “on change” event.

top1data · May 23, 2024, 11:14am

worked perfectly thank you.