Comments on: Heavy duty password validation in CakePHP http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp get all his digital goodness 24/7 Sat, 04 Feb 2012 17:05:41 +0000 hourly 1 http://wordpress.org/?v= By: Validating Complex Passwords | Edward A. Webb (.com) http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-46 Validating Complex Passwords | Edward A. Webb (.com) Thu, 23 Oct 2008 00:08:02 +0000 http://edwardawebb.com/?p=106#comment-46 [...] your using CakePHP, check out this article [...] [...] your using CakePHP, check out this article [...]

]]> By: Frank http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-34 Frank Tue, 30 Sep 2008 01:06:12 +0000 http://edwardawebb.com/?p=106#comment-34 I just had to do this myself but followed some other tutes so went a different route: I placed treatment of the password, hashing and so forth in beforeSave(). Used a function placed in app_model to see if the passwords match: http://bakery.cakephp.org/articles/view/using-equalto-validation-to-compare-two-form-fields Then placed the regex for testing quality of the password in the validate rules: 'password' => array('isRequired' => array('rule' => array('custom', '/(?=^.{7,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/'), 'required' => true, 'allowEmpty' => false, 'on' => 'create', 'message' => 'Password should be at least 7 characters, must have at least 1 upper case, lower case and numeric or special character.'), 'identicalFieldValues' => array('rule' => array('identicalFieldValues', 'password_confirm' ), 'message' => 'Passwords do not match.', 'on' => 'create')) Also used multiple validation sets which were handy: http://snook.ca/archives/cakephp/multiple_validation_sets_cakephp/ Using 1.2, no auth component. I just had to do this myself but followed some other tutes so went a different route:

I placed treatment of the password, hashing and so forth in beforeSave().

Used a function placed in app_model to see if the passwords match:
http://bakery.cakephp.org/articles/view/using-equalto-validation-to-compare-two-form-fields

Then placed the regex for testing quality of the password in the validate rules:
‘password’ => array(‘isRequired’ => array(‘rule’ => array(‘custom’, ‘/(?=^.{7,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/’),
‘required’ => true,
‘allowEmpty’ => false,
‘on’ => ‘create’,
‘message’ => ‘Password should be at least 7 characters, must have at least 1 upper case, lower case and numeric or special character.’),
‘identicalFieldValues’ => array(‘rule’ => array(‘identicalFieldValues’, ‘password_confirm’ ),
‘message’ => ‘Passwords do not match.’,
‘on’ => ‘create’))

Also used multiple validation sets which were handy:
http://snook.ca/archives/cakephp/multiple_validation_sets_cakephp/

Using 1.2, no auth component.

]]> By: Eddie http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-30 Eddie Sun, 07 Sep 2008 20:28:35 +0000 http://edwardawebb.com/?p=106#comment-30 Apologies: A few poster comments were lost this last week due to a DB restore. Please do not take offense, and re-post at will. Apologies:

A few poster comments were lost this last week due to a DB restore.

Please do not take offense, and re-post at will.

]]> By: Eddie http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-24 Eddie Sat, 23 Aug 2008 20:04:54 +0000 http://edwardawebb.com/?p=106#comment-24 @Richard This works on 1.1 or 1.2 I'm not sure I understand your meaning, the $validate variable in the models? How would you match 2 passwords, check for a high-security pattern, and then finally hash? If you have a sweeter way, please share :) @Richard

This works on 1.1 or 1.2
I’m not sure I understand your meaning, the $validate variable in the models? How would you match 2 passwords, check for a high-security pattern, and then finally hash? If you have a sweeter way, please share :)

]]> By: Richard@Home http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-16 Richard@Home Tue, 19 Aug 2008 14:59:09 +0000 http://edwardawebb.com/?p=106#comment-16 Is this for CakePHP 1.1? The $validate methods for 1.2 are a lot cleaner :-) Is this for CakePHP 1.1? The $validate methods for 1.2 are a lot cleaner :-)

]]> By: Eddie http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-12 Eddie Wed, 06 Aug 2008 12:55:10 +0000 http://edwardawebb.com/?p=106#comment-12 @Daniel Much appreciated! I'll make the change in my code and the post. @Daniel
Much appreciated! I’ll make the change in my code and the post.

]]> By: Daniel Hofstetter http://edwardawebb.com/web-development/cakephp/heavy-duty-password-validation-cakephp/comment-page-1/#comment-11 Daniel Hofstetter Wed, 06 Aug 2008 12:52:23 +0000 http://edwardawebb.com/?p=106#comment-11 When overriding a framework method, make sure to use the same method signature as the original method, otherwise you may get an unwanted effect ;-) In your case this means to use the following signature: validates($options = array()) When overriding a framework method, make sure to use the same method signature as the original method, otherwise you may get an unwanted effect ;-) In your case this means to use the following signature:

validates($options = array())

]]>