Website Membership V1.07 Addon and CMS Builder V2.51 (user-signup.php, user-password-reset.php & user-profile.php)

3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 29, 2013   (RSS)

By Mikey - July 28, 2013 - edited: July 28, 2013

Anyone have any suggestions to accomplish the following listed below during (user-signup.php, user-password-reset.php & user-profile.php).

  1. Require unique characters in the password such as !#*@&1234567890.. etc., thereby the password can not just be alphabetical, but must also include non-alphabetic characters as well in order to be saved.
  2. Require the password to be a minimum of 12 characters and no less.
  3. Require the password to be other than the username.

I've tried the following for settings the minimum password length in my list 2) with no success...

elseif (!@$_REQUEST['newPassword1'])                            { $errorsAndAlerts .= "Please enter a value for: New Password<br/>\n"; }
      //elseif (strlen(!@$_REQUEST['newPassword1'] >= 11 ))                        { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }

      //elseif (count(!@$_REQUEST['newPassword1'] < "11"))                        { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }

      //elseif (count(!@$_REQUEST['newPassword1'] < 11))                        { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }

     //elseif (count(!@$_REQUEST['newPassword1'] <= 11))                        { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }

By Mikey - July 28, 2013

So I think I've got this figured out... I've tested it and so far so good, but I suspect there may be a better solution. But for now this seems to be doing the trick for anyone who is interested in applying this to the Website Membership login and password reset.

User profile:

  // process form
  if (@$_REQUEST['save']) {

    // error checking
    $errorsAndAlerts = "";
    if (!@$_REQUEST['fullname'])                { $errorsAndAlerts .= "You must enter your full name!<br/>\n"; }
    if (!@$_REQUEST['email'])                   { $errorsAndAlerts .= "You must enter your email!<br/>\n"; }
    else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)<br/>\n"; }
    if (!@$_REQUEST['username'])                { $errorsAndAlerts .= "You must choose a username!<br/>\n"; }

    // new password checking
    if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) {
      $oldPasswordHash = (@$SETTINGS['advanced']['encryptPasswords']) ? getPasswordDigest(@$_REQUEST['oldPassword']) : @$_REQUEST['oldPassword'];
      if (!@$_REQUEST['oldPassword'])                                 { $errorsAndAlerts .= "Please enter a value for: Current Password<br/>\n"; }
      elseif ($oldPasswordHash != $CURRENT_USER['password'])          { $errorsAndAlerts .= "Current password isn't correct!<br/>\n"; }
      elseif (!@$_REQUEST['newPassword1'])                            { $errorsAndAlerts .= "Please enter a value for: New Password<br/>\n"; }
      elseif (!@$_REQUEST['newPassword2'])                            { $errorsAndAlerts .= "Please enter a value for: Confirm New Password<br/>\n"; }
      elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match!<br/>\n"; }
    
      // password strength
      $errorsAndAlerts = "";
      if    (strlen($_REQUEST['newPassword1']) < 11 )                                        { $errorsAndAlerts .= "Please enter 12 or more characters for your New Password<br/>\n"; }
      if    (!preg_match("#[a-z]+#", $_REQUEST['newPassword1']) )                            { $errorsAndAlerts .= "Password must include at least one letter!<br/>\n"; }
      if    (!preg_match("#[A-Z]+#", $_REQUEST['newPassword1']) )                            { $errorsAndAlerts .= "Password must include at least one CAPS!<br/>\n"; }
      if    (!preg_match("#\W+#", $_REQUEST['newPassword1']) )                                { $errorsAndAlerts .= "Password must include at least one symbol!<br/>\n"; }
      // end password strength
    
    }

Password Reset:

// error checking
    $errors = '';
    if      (!@$_REQUEST['password'])                                  { $errors .= t("Please enter your new password!") . "\n"; }
    else if (!@$_REQUEST['password:again'])                            { $errors .= t("Please enter your new password again!") . "\n"; }
    else if ($_REQUEST['password'] != $_REQUEST['password:again'])     { $errors .= t("New passwords do not match!") . "\n"; }
    
    // password strength
    $errors = "";
      if    (strlen($_REQUEST['password']) < 11 )    { $errors .= "Please enter 12 or more characters for your New Password<br/>\n"; }
      if    (!preg_match("#[a-z]+#", $_REQUEST['password']) )    { $errors .= "Password must include at least one letter!<br/>\n"; }
      if    (!preg_match("#[A-Z]+#", $_REQUEST['password']) )    { $errors .= "Password must include at least one CAPS!<br/>\n"; }
      if    (!preg_match("#\W+#", $_REQUEST['password']) )    { $errors .= "Password must include at least one symbol!<br/>\n"; }
    // end password strength
    
    if ($errors) { alert($errors); }

User Signup: Well I'm not offering user signup for the site I needed this for so I didn't implement the code, but I think you can figure it out fairly simply by following the example code above.

If you buy chance know of a better solution, please do share... otherwise, I hope you find this useful.

Zick