Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Password format

jm
jmahun 07 May, 2015
I've searched through the various posts but haven't found anything which addresses a particular password issue I'm having.

In Joomla, I've defined some password format rules: minimum length and minimum uppercase, digits, and symbols. The standard Joomla registration form doesn't show the user any of this information and I've not found an easy way to include it. I created a more user-friendly form using ChronoForm 5. It contains two password fields, the second to verify the entry for the first. I use a subtitle on the first to shown the password format rules.

My problem is: how do I make sure the user follows those rules? A user can still enter anything for a password, the form accepts it, and a new Joomla user account is created with the incorrectly formatted password. Even though it's cryptic, the Joomla registration form won't accept such a password and re-prompts the user. How can I check that the password meets the password rules?
Gr
GreyHead 07 May, 2015
Hi jmahun,

Not exactly the same but please see this FAQ. Does that do what you need?

Bob
jm
jmahun 07 May, 2015
I looked at that and was going to play around a little. Since I'm not that familiar with programming I wasn't sure if I could make it do what want it to. I'll give it a try and see.
It just seems to me that there should be a simpler way, built into Joomla, which allows adding some explanatory text to the registration form. I'd like the user to know what the password format is before he/she creates one. If I could do that (w/o programming) I'd be happy.
Gr
GreyHead 08 May, 2015
Hi jmahun,

I had a quick hunt around the Joomla! code but couldn't find exactly where the code for these rules is :-( There is a JavaScript file here /media/system/js/passwordstrength.js - but I don't think that is being used. I got it working with this code in a Load JS action 
<?php
JHtml::_('script', 'system/passwordstrength.js', true, true);
?>
jQuery(document).ready(function() {
  new Form.PasswordStrength('password1', {
    threshold: 66,
    onUpdate: function(element, strength, threshold) {
      element.set('data-passwordstrength', strength);
    }
  });
});
Replace password1 with the id of your password input and 66 with your choice of password strength threshhold (66 is the default).

It shows a sliding 'meter' under the input - but doesn't stop you submitting a weak password. I guess you could add more code to disable the Submit button depending on the strength.

Bob
jm
jmahun 09 May, 2015
Thanks. I was hoping for a (relatively) simple solution but it looks like I've opened a can of worms.
This topic is locked and no more replies can be posted.