Enforcing a Custom Password Policy in Convert Forms

Would you like to enforce a strict password policy in Convert Forms that requires a combination of uppercase letters, lowercase letters, numbers, and symbols? While Convert Forms doesn’t strictly enforce these requirements by default, you can easily achieve this with a custom PHP function. In this guide, we’ll walk you through adding a custom code snippet to implement your password validation rules, ensuring stronger, more secure passwords in your Joomla forms.

Setup

To force your password policy, copy the code below and place it into your form's PHP Scripts -> Form Process area.

$passwordFieldName = 'name'; // Set the name of the password field to check
$passwordLength = 8; // Set password length
$requireNumbers = true; // Check for numeric digits
$requireSymbols = true; // Check for symbols
$requireMixedCase = true; // Check for mixed case letters
$preventCommonPasswords = true; // Check for common passwords

// DO NOT EDIT BELOW
$password = $post[$passwordFieldName];

// Check password length
if (mb_strlen($password) < $passwordLength)
{
    throw new Exception("Password must be at least $passwordLength characters long.");
}

// Check for numeric digits if required
if ($requireNumbers && !preg_match('/[0-9]/', $password))
{
    throw new Exception('Password must contain at least one numeric digit.');
}

// Check for symbols if required
if ($requireSymbols && !preg_match('/[\W_]/u', $password))
{
    throw new Exception('Password must contain at least one special character (e.g., @, #, $, %).');
}

// Check for mixed case letters if required
if ($requireMixedCase)
{
    // Uppercase letters (Unicode-aware)
    if (!preg_match('/\p{Lu}/u', $password))
    {  
        throw new Exception('Password must contain at least one uppercase letter.');
    }

    // Lowercase letters (Unicode-aware)
    if (!preg_match('/\p{Ll}/u', $password))
    {  
        throw new Exception('Password must contain at least one lowercase letter.');
    }
}

// Check for common passwords if required
if ($preventCommonPasswords)
{
    $commonPasswords = [
        '123456', 
        'password', 
        'qwerty', 
        'abc123'
    ];

    if (in_array($password, $commonPasswords))
    {
        throw new Exception('Password is too common, please choose a more secure one.');
    }
}
Last updated on Nov 26th 2024 12:11