Website Membership V1.07 Addon and CMS Builder V2.51 (user-signup.php, user-password-reset.php & user-profile.php)
3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 29, 2013 (RSS)
By Mikey - July 28, 2013 - edited: July 28, 2013
Anyone have any suggestions to accomplish the following listed below during (user-signup.php, user-password-reset.php & user-profile.php).
- Require unique characters in the password such as !#*@&1234567890.. etc., thereby the password can not just be alphabetical, but must also include non-alphabetic characters as well in order to be saved.
- Require the password to be a minimum of 12 characters and no less.
- Require the password to be other than the username.
I've tried the following for settings the minimum password length in my list 2) with no success...
elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for: New Password<br/>\n"; }
//elseif (strlen(!@$_REQUEST['newPassword1'] >= 11 )) { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
//elseif (count(!@$_REQUEST['newPassword1'] < "11")) { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
//elseif (count(!@$_REQUEST['newPassword1'] < 11)) { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
//elseif (count(!@$_REQUEST['newPassword1'] <= 11)) { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
By Mikey - July 28, 2013
So I think I've got this figured out... I've tested it and so far so good, but I suspect there may be a better solution. But for now this seems to be doing the trick for anyone who is interested in applying this to the Website Membership login and password reset.
User profile:
// process form
if (@$_REQUEST['save']) {
// error checking
$errorsAndAlerts = "";
if (!@$_REQUEST['fullname']) { $errorsAndAlerts .= "You must enter your full name!<br/>\n"; }
if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your email!<br/>\n"; }
else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)<br/>\n"; }
if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!<br/>\n"; }
// new password checking
if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) {
$oldPasswordHash = (@$SETTINGS['advanced']['encryptPasswords']) ? getPasswordDigest(@$_REQUEST['oldPassword']) : @$_REQUEST['oldPassword'];
if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter a value for: Current Password<br/>\n"; }
elseif ($oldPasswordHash != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!<br/>\n"; }
elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for: New Password<br/>\n"; }
elseif (!@$_REQUEST['newPassword2']) { $errorsAndAlerts .= "Please enter a value for: Confirm New Password<br/>\n"; }
elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match!<br/>\n"; }
// password strength
$errorsAndAlerts = "";
if (strlen($_REQUEST['newPassword1']) < 11 ) { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
if (!preg_match("#[a-z]+#", $_REQUEST['newPassword1']) ) { $errorsAndAlerts .= "Password must include at least one letter!<br/>\n"; }
if (!preg_match("#[A-Z]+#", $_REQUEST['newPassword1']) ) { $errorsAndAlerts .= "Password must include at least one CAPS!<br/>\n"; }
if (!preg_match("#\W+#", $_REQUEST['newPassword1']) ) { $errorsAndAlerts .= "Password must include at least one symbol!<br/>\n"; }
// end password strength
}
Password Reset:
// error checking
$errors = '';
if (!@$_REQUEST['password']) { $errors .= t("Please enter your new password!") . "\n"; }
else if (!@$_REQUEST['password:again']) { $errors .= t("Please enter your new password again!") . "\n"; }
else if ($_REQUEST['password'] != $_REQUEST['password:again']) { $errors .= t("New passwords do not match!") . "\n"; }
// password strength
$errors = "";
if (strlen($_REQUEST['password']) < 11 ) { $errors .= "Please enter 12 or more characters for your New Password<br/>\n"; }
if (!preg_match("#[a-z]+#", $_REQUEST['password']) ) { $errors .= "Password must include at least one letter!<br/>\n"; }
if (!preg_match("#[A-Z]+#", $_REQUEST['password']) ) { $errors .= "Password must include at least one CAPS!<br/>\n"; }
if (!preg_match("#\W+#", $_REQUEST['password']) ) { $errors .= "Password must include at least one symbol!<br/>\n"; }
// end password strength
if ($errors) { alert($errors); }
User Signup: Well I'm not offering user signup for the site I needed this for so I didn't implement the code, but I think you can figure it out fairly simply by following the example code above.
If you buy chance know of a better solution, please do share... otherwise, I hope you find this useful.
Zick
By gregThomas - July 29, 2013
Hi Zick,
Glad you've got the issue resolved. I've posted a suggestion to ensure users have even more secure passwords in your other post:
Thanks!
Greg
PHP Programmer - interactivetools.com