You are here

Home » API reference » Password Strength 6 » password_strength.module

function password_strength_confirm_validate in Password Strength 6

Same name and namespace in other branches
  1. 5 password_strength.module \password_strength_confirm_validate()

Validate password strength according to configured rules. Confirmation that both passwords provided match is already handled by password_confirm_validate.

1 string reference to 'password_strength_confirm_validate'
password_strength_expand_password_confirm in ./password_strength.module
Add the necessary classes, and validation to password_confirm elements

File

./password_strength.module, line 183
Server side checks for newly submittted passwords

Code

function password_strength_confirm_validate($form, &$form_state) {
  $pass1 = trim($form_state['values']['pass']['pass1']);
  if (!empty($pass1)) {
    global $user;
    $min_length = variable_get('password_strength_min_length', '6');
    $min_level = variable_get('password_strength_min_level', 4);
    $pass = $form_state['values']['pass']['pass1'];
    $has_letters = preg_match("/[a-zA-Z]/", $pass);
    $has_numbers = preg_match("/[0-9]/", $pass);
    $has_punctuation = preg_match("/[^a-zA-Z0-9]/", $pass);
    $has_casing = preg_match("/[a-z]+.*[A-Z]+|[A-Z]+.*[a-z]/", $pass);

    // Check if length is less than 6 characters.
    if (strlen($pass) < $min_length) {
      form_error($form, t('Password is not long enough. Password must be at least @l characters.', array(
        '@l' => $min_length,
      )));
    }
    else {
      if (strtolower($pass) == strtolower($user->name) && variable_get('password_strength_not_username', 1)) {
        form_error($form, t('Password cannot be the same as the username.'));
      }
      else {

        // Extremely bad passwords still count as low.
        $count = ($has_letters ? 1 : 0) + ($has_numbers ? 1 : 0) + ($has_punctuation ? 1 : 0) + ($has_casing ? 1 : 0);
        if ($count < $min_level) {
          $msgs = array();
          if (!$has_letters || !$has_casing) {
            $msgs[] = t('Adding both upper and lowercase letters.');
          }
          if (!$has_numbers) {
            $msgs[] = t('Adding numbers.');
          }
          if (!$has_punctuation) {
            $msgs[] = t('Adding punctuation.');
          }
          if (count($msgs)) {
            $msg = t('The password does not include enough variation to be secure. Try:') . '<ul><li>' . implode('</li><li>', $msgs) . '</li></ul>';
            form_error($form, $msg);
          }
        }
      }
    }
  }

  // Password field must be converted from a two-element array into a single
  // string regardless of validation results.
  form_set_value($form['pass1'], NULL, $form_state);
  form_set_value($form['pass2'], NULL, $form_state);
  form_set_value($form, $pass1, $form_state);
  return $form;
}