Disallowing Simple Passwords

By daniel - September 17, 2018

Hi Greg,

The simplest way to validate a new password is by using the getNewPasswordErrors() function. Example usage:

$errorsAndAlerts = getNewPasswordErrors($password, $confirmPassword, $username);

If you are using this function, it will check the following default rules:

  • Both passwords are filled out
  • Both passwords match
  • Username and password cannot be the same
  • Password can't start or end with spaces
  • Password can't look like a "digest" (the encrypted version of the password stored by the database)
  • Password is not on a list of bad/common passwords (cmsb/lib/login_password_blacklist.txt)

Hope that helps! Let me know if you have any additional questions.

Thanks,

Daniel
Technical Lead
interactivetools.com

By gversion - September 17, 2018

Hi Daniel,

That's really good to know, thank you.

Regards,

Greg