I am letting users set their own passwords when they register rather than have the system auto-generate a password.
Can someone please let me know what the default rules are for disallowed passwords when a user registers using the Website Membership plugin? I think I read somewhere that basic words from the dictionary are not allowed, especially the word, "password"!
The simplest way to validate a new password is by using the getNewPasswordErrors() function. Example usage:
$errorsAndAlerts = getNewPasswordErrors($password, $confirmPassword, $username);
If you are using this function, it will check the following default rules:
- Both passwords are filled out
- Both passwords match
- Username and password cannot be the same
- Password can't start or end with spaces
- Password can't look like a "digest" (the encrypted version of the password stored by the database)
- Password is not on a list of bad/common passwords (cmsb/lib/login_password_blacklist.txt)
Hope that helps! Let me know if you have any additional questions.
That's really good to know, thank you.