Buy Now
Sign in

Regex to check password strength. Strange behavior.

SplodeForms , February 17 at 01:09
Answered
S
SplodeForms
Hello,
This one:
^(?=[A-Za-z0-9\~\!\@\#\^\%\*\_\-\+\.]{9,25}$)(?=(?:[^A-Z]*[A-Z]){2})(?=(?:[^a-z]*[a-z]){2})(?=(?:[^0-9]*[0-9]){2})(?=(?:.*[\~\!\@\#\^\%\*\_\-\+\.]){2})(?!.*(.)\1\1)
Last night I think it worked all the way through the process and showed the debug info. I was sleepy so maybe not. That regex works at regextester.com. Now I discover that it works while typing. It turns red with error message near the pw box on leaving the box if wrong, turns black if right (nice feature!). However, when I click the submit button the error appears at the top of the form instead of at the password box and the box is red. Is this client vs. server activities?
Any suggestions to fix this?
The advice in that thread to add &event=submit to the url produces any of these results: triggers the honeypot, reloads the form, or gives a 404 error. I tried adding it to the url of the form using "&" which should be incorrect, then using "?", and tried using the url produced when I click the submit button which has ?chronoform=splode-registration&event=submit on it.
The content here is visible only for authorized users.
GreyHead
Hi SplodeForms,
The link you posted doesn't work as there are JavaScript errors from RokBox on the page. Viewing the form without the template works and it looks to me as if the message you see is the result of serverside validation failing. What do you have set up there?
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
S
SplodeForms
Do you mean the site doesn't work or that the theme interferes with the form?
Theme errors? Probably but that web address and the site and theme do work. I work on the site and lately this form nearly every day, no problem. Right now I copy/pasted the link from the private section here and it went to the page, no problem. (Firefox and IE) Clicking the link here doesn't work for me because something insists on adding "www.chronoengine.com..." to it.
I did nothing special on the server side (the setup section right?). I thought putting it in the the designer->validation->regex box worked all through the process. I just have the basic actions in setup. Didn't fool with the Load part. The Submit part has Check Honeypot (fail:stopper), Validate Fields (fail:event loader), Check Security Image (fail:event loader), Message, Debug. I only did simple things like the entering a field name where needed.
If I get this form working then I will certainly purchase ChronoForms. Might buy you a coffee too ... this product and support is worth more than you are charging.
(If I copy and paste anything into this forum paste puts it at the end of the paragraph instead of at the cursor.)
S
SplodeForms
To eliminate that the complicated regex causes the problem I temporarily changed it to the letter a. The behavior is the same. If I enter a as the password it is accepted until I press submit then error at top of form. The error message is the one I put in designer->validate which can also appear near the pw box. Same with another simple regex. If I leave the regex box blank and enter anything (with no other requirements except "required") then the form process completes and shows the debug.
GreyHead
Hi SplodeForms ,
I'm not seeing the JavaScript errors today. I can confirm that the form is being submitted so the error message comes from the serverside validation
Bob
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="name-alias"

DnameDname
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="username"

UnameUname
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="opt_info_5_4562"


------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="email"

w@z.ggg
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="password"

aaSS22@@12345
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="tos_checkbox"


------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="tos_checkbox"

1
------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="secicon1"


------WebKitFormBoundaryKrObXxNIBeMMj4x7
Content-Disposition: form-data; name="button-register"


------WebKitFormBoundaryKrObXxNIBeMMj4x7--
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
S
SplodeForms
Thanks Sir,
So I need to do something on server side validation to check the password with the regex? What to do is a bit vague since there is little documentation about that.
I'm lost. There is little documentation about server side validation. Here are my guesses as to what to do:
-- Custom Rule
I found post #373702 here https://www.chronoengine.com/forums/posts/t103044/validation-rules I could do something like this in a validate data action?
password/regex[reg expression goes here?]:error about failed regex
-- Other Custom Rule
I found this https://www.chronoengine.com/forums/posts/t101998/changing-alphanumeric-validation-regex-in-form post #360239 about using javascript. Since I don't know javascript that isn't the best way for me but I could do something similar to that using my regex? That would go in a Load JavaScript action in the Submit part?
-- It's broken, I'm Doomed
Since it passes server side validation without a regex but not with it and I did no custom validation that means server side validation's default behavior is doing something with the contents of the regex box. That idea would be supported by post #373760 here https://www.chronoengine.com/forums/posts/t103044/validation-rules If that is so then it is a mystery why the pw passes the regex on client but not on server side.

​The manual could do a much better job explaining the various mystery boxes, their use, and any relevant functions and syntax. That would help users and save you a lot of effort and frustration with tech support.
GreyHead
Hi SplodeForms,
I don't think that you *need to* validate server side - you are already doing that and getting the error message as a result. Have you added a Validate fields action from the Security actions group?
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
S
SplodeForms
This sounds like the "It's broken. I'm doomed" possibility from my previous post. Not good. I think there is a bug in the handling of the regex after pressing the Register button. Yes I had a validate fields action.
I have deleted that form and created a new very simple one. It has only a password field and a Send button.
-- Everything is default except the password field has this regex: ^(?=(?:[^A-Z]*[A-Z]){2}) and I gave it a description and error message.
-- There are no other Designer->field->validation requirements set. Not even "required", only the regex.
-- The Setup area is completely default. I didn't touch anything there. The default Setup area contains Load->Display Section, Submit->Validate Fields with Event Loader on fail.
I attached a backup of the form to this post.
The behavior is the same. Before pressing Send the regex passes or fails a password as expected but pressing Send produces the error. This means that whatever processing occurs after pressing Send does not use the regex correctly.

​========
It is not clear now what "server side" and "client side" mean. I know what server and client mean in general but can you relate them to the features of ChronoForms 6? Do "Design" things happen on the client and "Setup" things happen on the server? How can I know what happens when? How can I know that I'm "already doing that"? (Insert complaint about documentation/manual).
GreyHead
HI SplodeForms,
Client-side validation is carried out in the browser using JavaScript and IMHO is best thought of as being there as an aid to the User. This will not work if the user has JavaScript disabled and they may still be able to submit the form.
Server-side validation is carried out on the server after the form is submitted and is there (a) to stop you allowing dangerous data through (usually called sanitization) and (b) to check that the data is valid.
I am not familiar enough yet with CFv6 to know exactly how the automatic server-side validation works - in this case my suspicion is that the form of the regexp that is working client-side is not working server-side.
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
S
SplodeForms
I appreciate your help with this but at this point it looks like it's broken.
It is a bug. What is observable is that the presence of a regex causes the password error to appear when the button is clicked. The password always fails at that point regardless of matching the regex or not. I did nothing custom about that. If the regex is checked on both sides then the same one should work on both sides. It is a bug.
There may be other ways that aren't broken to check the password such as javascript or php. I don't want to learn either just to check a password but my main concern is that it would be another dead end. To avoid the regex bug server side I would have to exclude the password field from Validate Fields auto-check and create a custom one ... but I reported a bug where excluding some fields from Validate Fields breaks things.
Joomla's native registration and login system is unsuitable for my needs, same for the other popular forms extension, and so far extensions for registration/login aren't quite what I need but could be acceptable. Who knows how many others have similar unfilled wishes for a better registration/login system. ChronoForms could capture some of that market with improvements to related features.
Is there anyone who is familiar enough to help with this? Are programmers aware of the bug and have any estimate of when it might be fixed? ChronoForms 6 users who have succeeded with registration using your own password requirements (other than connecting to some plugin) -- advice?
GreyHead
Hi SplodeForms ,
Please send a message to Max - the owner and developer - using the Contact Us menu above and linking to this thread.
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
S
SplodeForms
Will do sir.
Thank you for your help with this! You fought valiantly and will soon get a cup of coffee.
S
SplodeForms
Coffee sent.
Message to Max sent. Bugs are unlikely to be fixed quickly so I'll start another thread for help doing this with php or javascript.
GreyHead
Hi SplodeForms,
Thanks for the coffee - much appreciated.
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
admin
Hi SplodeForms,
I have used this string inside the password field "Regular expression" box under the "Validation" tab:
/^(?=(?:[^A-Z]*[A-Z]){2})/
And the validation worked fine, also the form is submitted without problems, tested both text and password fields!
Best regards
Max
If your main question got answered then please mark the answer using the button!​
​Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
S
SplodeForms
Excellent! That works for me too with the simple regex. Now I'll try the forward slashes with "regex rex" from the first post.
What is the significance of the forward slashes? Is that part of regex's, are they delimiters used in ChronoForms, or some thing else? If they are delimiters used in Chronoforms is there a way I could have learned that? Is it in the manual, faq, or forum where I could reasonably have found it?
I suggest you add some features to the password field for password strength. Also an optional control for users to see the password being typed. Without password specific features the password field is just a text field with the input masked.
Other than this trouble it is kind of fun to make forms with ChronoForms.
UPDATE 3-22-18 Works with the big regex. So the thing to do is begin and end with a slash.