specify password complexity rules

euro22 · Post by **euro22** » Mon Aug 14, 2006 12:12 pm

It should be possible to specify password complexity rules, e.g. use at least 6 characters, 2 numbers and 1 special character?

LudoA · Post by **LudoA** » Wed Aug 16, 2006 1:29 pm

Yes that'd be a useful feature IMHO.

RAGEDBULL · Post by **RAGEDBULL** » Wed Sep 06, 2006 7:42 pm

Please see root/components/com_registration/ directory. You could add in any rules you want and have the verified either by javscript in the front end or by PHP in the backend.

For example look at the function on line 74:

Code: Select all

function submitbutton_reg() {
			var form = document.mosForm;
			var r = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-]", "i");

			// do field validation
			if (form.name.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_NAME);?>" );
			} else if (form.username.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_UNAME);?>" );
			} else if (r.exec(form.username.value) || form.username.value.length < 3) {
				alert( "<?php printf( html_entity_decode(_VALID_AZ09_USER), html_entity_decode(_PROMPT_UNAME), 2 );?>" );
			} else if (form.email.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_MAIL);?>" );
			} else if (form.password.value.length < 6) {
				alert( "<?php echo html_entity_decode(_REGWARN_PASS);?>" );
			} else if (form.password2.value == "") {
				alert( "<?php echo html_entity_decode(_REGWARN_VPASS1);?>" );
			} else if ((form.password.value != "") && (form.password.value != form.password2.value)){
				alert( "<?php echo html_entity_decode(_REGWARN_VPASS2);?>" );
			} else if (r.exec(form.password.value)) {
				alert( "<?php printf( html_entity_decode(_VALID_AZ09), html_entity_decode(_REGISTER_PASS), 6 );?>" );
			} else {
				form.submit();
			}
		}

eyezberg · Post by **eyezberg** » Wed Sep 06, 2006 8:30 pm

This should be handled while reworking / thinking the complete sign-up / login proces::

1. checkbox "i agree to terms and conditions" to comply with some countries laws (can be turned on/off in config)
2. possibility to delete my own account!
3. admin config for: password length etc (as req. here)
4. use mail-only to renew password (as mails are unique anyway)
5. set min. number of days, after which accounts get disabled if no login to site
6... ad yours here

Hackwar · Post by **Hackwar** » Wed Sep 06, 2006 8:40 pm

this could nicely be done by plugins. This would keep the registration component as simple as now, but allows for nice additions. I would say this is something for Joomla 2.0

eyezberg · Post by **eyezberg** » Wed Sep 06, 2006 8:47 pm

Maybe, but I wonder why legal considerations (obligations!) are not dealt with more speedily?
Such options should really be built-in, even if not relevant to all countries. A German user needs to first find the unregister component to make a legal site now. In Italy apparently the T&C are requiered by law. In the UK, your site has to be accessible else it's illegal and you can be sued.
I am fully aware of the many different countries and related laws, but Core includes dev's from many of them, and all international communities can be asked to provide feedback about legal requierements; once integrated, J! could be ok in all countries out of the box.
Plugins sounds nice, as they could be included in unpublished state, and each then publishes his/her own

The Joomla! Forum™

specify password complexity rules

specify password complexity rules

Re: specify password complexity rules

Re: specify password complexity rules

Re: specify password complexity rules

Re: specify password complexity rules

Re: specify password complexity rules