Disallowing Simple Passwords
3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: September 17, 2018 (RSS)
Hello,
I am letting users set their own passwords when they register rather than have the system auto-generate a password.
Can someone please let me know what the default rules are for disallowed passwords when a user registers using the Website Membership plugin? I think I read somewhere that basic words from the dictionary are not allowed, especially the word, "password"!
Thank you,
Greg
By daniel - September 17, 2018
Hi Greg,
The simplest way to validate a new password is by using the getNewPasswordErrors() function. Example usage:
$errorsAndAlerts = getNewPasswordErrors($password, $confirmPassword, $username);
If you are using this function, it will check the following default rules:
- Both passwords are filled out
- Both passwords match
- Username and password cannot be the same
- Password can't start or end with spaces
- Password can't look like a "digest" (the encrypted version of the password stored by the database)
- Password is not on a list of bad/common passwords (cmsb/lib/login_password_blacklist.txt)
Hope that helps! Let me know if you have any additional questions.
Thanks,
Technical Lead
interactivetools.com