SSbits - Home page
Site by Carbon Crayon
Submit a Post >

Snippets - Little bits of code to make you happy

Using a Password Validator

The Password Validator allows you to set particular criteria for your members passwords. For example if you wanted to have a minimum length of 8 characters and contain lowercase and uppercase characters, well that's a simple case of adding a couple of lines to your _config.php file!

So before we get into the reference let's jump in with an example. The following code, when added to the mysite/_config.php will set a minimum length of 6 characters and force the user to use 2 of either uppercase, lowercase, punctuation and digits: 

$Validator = new PasswordValidator();
$Validator->minLength(6);
Member::set_password_validator($Validator);

So let's go through this. The first line creates a new PasswordValidator Object, then we set the minimum length to 6 characters. Finally we tell SilverStripe that we want to use this validator for our member object, for which we use the handy function set_password_validator(), passing in our validator as the argument.

We can also ensure that the user is using a certain number of different character types by using the charachterStrength() function. This takes 2 arguments, the first is the acceptable scrore and the second is the values to test. Here's how you might use it:

$Validator->characterStrength(2, array('lowercase', 'uppercase', 'digits', 'punctuation'));

So in this example we are saying make sure the user has at least 2 of the following items; lower case letters, upper case letters, numerical digits and punctuation characters. If we wanted the user to have all of these in their password, then we would set the first argument to 4.

The last thing we can do to make our members even more secure (and perhaps a little frustrated!) is ensure that when they change their password they don't set it to one of their previous passwords. We do this using checkHistoricalPasswords() which takes the number of prevous passwords to check as it's only argument. This would be used like so:

$Validator->checkHistoricalPasswords(2);

So to bring all this together here's a full example:

//Min 8 Chars, not last 2 passwords, 2 of Lowercase, Uppercase or Digits
$Validator = new PasswordValidator();

$Validator->minLength(8);
$Validator->checkHistoricalPasswords(2);
$Validator->characterStrength(3,array('lowercase','uppercase','digits'));

Member::set_password_validator($Validator);

There you have it, a great way to force your will onto others!

Aram Balakjian avatar

Aram Balakjian

Aram is a web developer running London based agency Aab Web. He has a strong passion for developing attractive, usable sites around the SilverStripe CMS.

  • Matt Bower
    28/10/2010 8:19pm (4 years ago)

    You should consider posting this info in the SS Docs too. I searched them and there's no mention of the PasswordValidator class.

  • Darren-Lee
    10/04/2011 10:18pm (3 years ago)

    Damn...I'll have to try this. Is this native Prototype stuff?

  • Aram Balakjian
    11/04/2011 8:37am (3 years ago)

    Hi Darren,

    No there is no JS password validation, it is all done via php after submit (I think).

    Aram

  • Simon Tsang
    01/09/2011 7:32am (3 years ago)

    Hi Aram, it there a post for extending the JS validation?

  • opticblaze
    20/09/2012 11:06pm (2 years ago)

    Hi ther great tutorial. I used it and it works great. The only problem i have is that when someone creates a password that does not match the criterion, the user does not get a nice javascript.jquery error displayed, but rather a huge SIlverstripe Error:

    "[User Error] Uncaught ValidationException: Validation error writing a Member object: Password is too short, it must be 7 or more characters long.; You need to increase the strength of your passwords by adding some of the following characters: uppercase, digits, punctuation. Object not written."

    How do i fix this?

Post a comment ...

You cannot post comments until you have logged in. Login Here.

Advertisement

Site of the Month

Find SSbits on

Top Contributers

Rank Avatar Name
1 article image Aram Balakjian
2 article image Daniel Hensby
3 article image Marcus Dalgren
4 article image Hamish Campbell
5 article image njorndare
6 article image Ty Barho
7 article image Martijn van Nieuwenhoven
8 article image Darren-Lee
9 article image Roman Schmid
10 article image Matt Clegg

View full leaderboard


Advertisement