In Arastta cart is there a way to implement a strong customer/user password policy?
Like:
Passwords must be at least 10 characters in length.
Passwords should include at least two alphabetical characters.
Passwords should yse both lower-case and upper-case letters.
Passwords should have at least two special characters (such as & ^ % * $).
Thanks
Like:
Passwords must be at least 10 characters in length.
Passwords should include at least two alphabetical characters.
Passwords should yse both lower-case and upper-case letters.
Passwords should have at least two special characters (such as & ^ % * $).
Thanks
In Security
Share this post:
Responses (3)
-
Accepted Answer
Hi Evina,
The Arastta "Registration" controller verifies the password strength as well as some of the other input fields such as "email" too.
This is the checkout controller file containing the verification code used once you have an item in the cart and would like to register and purchase the product (there is another in the direct registration without the need to "checkout" and another in accounts when changing the password.
/catalog/controller/checkout/register.php (line 163 - 202)
if (!$json) {
$this->load->model('account/customer');
if ((utf8_strlen(trim($this->request->post['firstname'])) < 1) || (utf8_strlen(trim($this->request->post['firstname'])) > 32)) {
$json['error']['firstname'] = $this->language->get('error_firstname');
}
if ((utf8_strlen(trim($this->request->post['lastname'])) < 1) || (utf8_strlen(trim($this->request->post['lastname'])) > 32)) {
$json['error']['lastname'] = $this->language->get('error_lastname');
}
if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['email'])) {
$json['error']['email'] = $this->language->get('error_email');
}
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}
if ((utf8_strlen($this->request->post['telephone']) < 3) || (utf8_strlen($this->request->post['telephone']) > 32)) {
$json['error']['telephone'] = $this->language->get('error_telephone');
}
if ((utf8_strlen($this->request->post['password']) < 4) || (utf8_strlen($this->request->post['password']) > 20)) {
$json['error']['password'] = $this->language->get('error_password');
}
if ($this->request->post['confirm'] != $this->request->post['password']) {
$json['error']['confirm'] = $this->language->get('error_confirm');
}
if ($this->config->get('config_account_id')) {
$this->load->model('catalog/information');
$information_info = $this->model_catalog_information->getInformation($this->config->get('config_account_id'));
if ($information_info && !isset($this->request->post['agree'])) {
$json['error']['warning'] = sprintf($this->language->get('error_agree'), $information_info['title']);
}
}
If you add this bit of code for example after the original password check:-
if ((utf8_strlen($this->request->post['password']) < 4) || (utf8_strlen($this->request->post['password']) > 20)) {
$json['error']['password'] = $this->language->get('error_password');
}
if (!preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['password'])) {
$json['error']['password'] = 'Password must contain a number a letter and a special character !@#$%';
}
Between start -> ^
And end -> $
of the string there has to be at least one number -> (?=.*\d)
and at least one letter -> (?=.*[A-Za-z])
and there has to be a number, a letter or one of the following: !@#$% -> [0-9A-Za-z!@#$%]
and there have to be 8-12 characters -> {8,12}
You just need to change the regular expression to suit your requirements now.
'/^[^\@]+@.*.[a-z]{2,15}$/i'
This might be closer to code you need:-
if (!preg_match('/^(?=.*\d)(?=.*[@#\-_$%^&+=§!\?])(?=.*[a-z])(?=.*[A-Z])[0-9A-Za-z@#\-_$%^&+=§!\?]{8,20}$/', $this->request->post['password'])) {
$json['error']['password'] = $this->language->get('error_password');
}
at least one lowercase char
at least one uppercase char
at least one digit
at least one special sign of @#-_$%^&+=§!?
Perhaps it wouldn't be a good idea to be too strict with registration process as this could potentially prevent a sale.
At least this shows where you would need to make the checks as means of an explanation.
Regards,
Hackasacka
Your Reply
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »