Page 1 of 1

specify password complexity rules

Posted: Mon Aug 14, 2006 12:12 pm
by euro22
It should be possible to specify password complexity rules, e.g. use at least 6 characters, 2 numbers and 1 special character?

Re: specify password complexity rules

Posted: Wed Aug 16, 2006 1:29 pm
by LudoA
Yes that'd be a useful feature IMHO.

Re: specify password complexity rules

Posted: Wed Sep 06, 2006 7:42 pm
Please see root/components/com_registration/ directory. You could add in any rules you want and have the verified either by javscript in the front end or by PHP in the backend.

For example look at the function on line 74:

Code: Select all

function submitbutton_reg() {
			var form = document.mosForm;
			var r = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-]", "i");

			// do field validation
			if ( == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_NAME);?>" );
			} else if (form.username.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_UNAME);?>" );
			} else if (r.exec(form.username.value) || form.username.value.length < 3) {
				alert( "<?php printf( html_entity_decode(_VALID_AZ09_USER), html_entity_decode(_PROMPT_UNAME), 2 );?>" );
			} else if ( == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_MAIL);?>" );
			} else if (form.password.value.length < 6) {
				alert( "<?php echo html_entity_decode(_REGWARN_PASS);?>" );
			} else if (form.password2.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_VPASS1);?>" );
			} else if ((form.password.value != "") && (form.password.value != form.password2.value)){
				alert( "<?php echo html_entity_decode(_REGWARN_VPASS2);?>" );
			} else if (r.exec(form.password.value)) {
				alert( "<?php printf( html_entity_decode(_VALID_AZ09), html_entity_decode(_REGISTER_PASS), 6 );?>" );
			} else {

Re: specify password complexity rules

Posted: Wed Sep 06, 2006 8:30 pm
by eyezberg
This should be handled while reworking / thinking the complete sign-up / login proces::

1. checkbox "i agree to terms and conditions" to comply with some countries laws (can be turned on/off in config)
2. possibility to delete my own account!
3. admin config for: password length etc (as req. here)
4. use mail-only to renew password (as mails are unique anyway)
5. set min. number of days, after which accounts get disabled if no login to site
6... ad yours here ;)

Re: specify password complexity rules

Posted: Wed Sep 06, 2006 8:40 pm
by Hackwar
this could nicely be done by plugins. This would keep the registration component as simple as now, but allows for nice additions. I would say this is something for Joomla 2.0

Re: specify password complexity rules

Posted: Wed Sep 06, 2006 8:47 pm
by eyezberg
Maybe, but I wonder why legal considerations (obligations!) are not dealt with more speedily?
Such options should really be built-in, even if not relevant to all countries. A German user needs to first find the unregister component to make a legal site now. In Italy apparently the T&C are requiered by law. In the UK, your site has to be accessible else it's illegal and you can be sued.
I am fully aware of the many different countries and related laws, but Core includes dev's from many of them, and all international communities can be asked to provide feedback about legal requierements; once integrated, J! could be ok in all countries out of the box.
Plugins sounds nice, as they could be included in unpublished state, and each then publishes his/her own ;)