You are here

Home » API reference » Password Strength 5 » password_strength.module

function password_strength_confirm_validate in Password Strength 5

Same name and namespace in other branches
  1. 6 password_strength.module \password_strength_confirm_validate()

Validate password strength according to configured rules. Confirmation that both passwords provided match is already handled by password_confirm_validate.

File

./password_strength.module, line 177

Code

function password_strength_confirm_validate($form) {
  $pass1 = trim($form['pass1']['#value']);
  if (!empty($pass1)) {
    global $user;
    $min_length = variable_get('password_strength_min_length', '6');
    $min_level = variable_get('password_strength_min_level', 4);
    $pass = $form['pass1']['#value'];
    $has_letters = ereg("[a-zA-Z]", $pass);
    $has_numbers = ereg("[0-9]", $pass);
    $has_punctuation = ereg("[^a-zA-Z0-9]", $pass);
    $has_casing = ereg("[a-z]+.*[A-Z]+|[A-Z]+.*[a-z]", $pass);

    // Check if length is less than 6 characters.
    if (strlen($pass) < $min_length) {
      form_error($form, t('Password is not long enough. Password must be at least @l characters.', array(
        '@l' => $min_length,
      )));
    }
    else {
      if (strtolower($pass) == strtolower($user->name) && variable_get('password_strength_not_username', 1)) {
        form_error($form, t('Password cannot be the same as the username.'));
      }
      else {

        // Extremely bad passwords still count as low.
        $count = ($has_letters ? 1 : 0) + ($has_numbers ? 1 : 0) + ($has_punctuation ? 1 : 0) + ($has_casing ? 1 : 0);
        if ($count < $min_level) {
          $msgs = array();
          if (!$has_letters || !$has_casing) {
            $msgs[] = t('Adding both upper and lowercase letters.');
          }
          if (!$has_numbers) {
            $msgs[] = t('Adding numbers.');
          }
          if (!$has_punctuation) {
            $msgs[] = t('Adding punctuation.');
          }
          if (count($msgs)) {
            $msg = t('The password does not include enough variation to be secure. Try:') . '<ul><li>' . implode('</li><li>', $msgs) . '</li></ul>';
            form_error($form, $msg);
          }
        }
      }
    }
  }

  // Password field must be converted from a two-element array into a single
  // string regardless of validation results.
  form_set_value($form['pass1'], NULL);
  form_set_value($form['pass2'], NULL);
  form_set_value($form, $pass1);
  return $form;
}