Evina D
Evina D
Offline
In Arastta cart is there a way to implement a strong customer/user password policy?

Like:

Passwords must be at least 10 characters in length.
Passwords should include at least two alphabetical characters.
Passwords should yse both lower-case and upper-case letters.
Passwords should have at least two special characters (such as & ^ % * $).


Thanks
Monday, January 22 2018, 05:20 AM
Share this post:
Responses (3)
  • Accepted Answer

    Thursday, March 01 2018, 09:23 PM - #Permalink
    [Spam]
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 16 2019, 09:34 AM - #Permalink
    [Spam]
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 17 2019, 11:39 PM - #Permalink
    Hi Evina,

    The Arastta "Registration" controller verifies the password strength as well as some of the other input fields such as "email" too.

    This is the checkout controller file containing the verification code used once you have an item in the cart and would like to register and purchase the product (there is another in the direct registration without the need to "checkout" and another in accounts when changing the password.

    /catalog/controller/checkout/register.php (line 163 - 202)

            if (!$json) {
    $this->load->model('account/customer');

    if ((utf8_strlen(trim($this->request->post['firstname'])) < 1) || (utf8_strlen(trim($this->request->post['firstname'])) > 32)) {
    $json['error']['firstname'] = $this->language->get('error_firstname');
    }

    if ((utf8_strlen(trim($this->request->post['lastname'])) < 1) || (utf8_strlen(trim($this->request->post['lastname'])) > 32)) {
    $json['error']['lastname'] = $this->language->get('error_lastname');
    }

    if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@][email protected]*.[a-z]{2,15}$/i', $this->request->post['email'])) {
    $json['error']['email'] = $this->language->get('error_email');
    }

    if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
    $json['error']['warning'] = $this->language->get('error_exists');
    }

    if ((utf8_strlen($this->request->post['telephone']) < 3) || (utf8_strlen($this->request->post['telephone']) > 32)) {
    $json['error']['telephone'] = $this->language->get('error_telephone');
    }

    if ((utf8_strlen($this->request->post['password']) < 4) || (utf8_strlen($this->request->post['password']) > 20)) {
    $json['error']['password'] = $this->language->get('error_password');
    }

    if ($this->request->post['confirm'] != $this->request->post['password']) {
    $json['error']['confirm'] = $this->language->get('error_confirm');
    }

    if ($this->config->get('config_account_id')) {
    $this->load->model('catalog/information');

    $information_info = $this->model_catalog_information->getInformation($this->config->get('config_account_id'));

    if ($information_info && !isset($this->request->post['agree'])) {
    $json['error']['warning'] = sprintf($this->language->get('error_agree'), $information_info['title']);
    }
    }


    If you add this bit of code for example after the original password check:-

                if ((utf8_strlen($this->request->post['password']) < 4) || (utf8_strlen($this->request->post['password']) > 20)) {
    $json['error']['password'] = $this->language->get('error_password');
    }
    if (!preg_match('/^[^\@][email protected]*.[a-z]{2,15}$/i', $this->request->post['password'])) {
    $json['error']['password'] = 'Password must contain a number a letter and a special character [email protected]#$%';
    }


    Between start -> ^
    And end -> $
    of the string there has to be at least one number -> (?=.*\d)
    and at least one letter -> (?=.*[A-Za-z])
    and there has to be a number, a letter or one of the following: [email protected]#$% -> [[email protected]#$%]
    and there have to be 8-12 characters -> {8,12}

    You just need to change the regular expression to suit your requirements now.

    '/^[^\@][email protected]*.[a-z]{2,15}$/i'


    This might be closer to code you need:-
            if (!preg_match('/^(?=.*\d)(?=.*[@#\-_$%^&+=§!\?])(?=.*[a-z])(?=.*[A-Z])[[email protected]#\-_$%^&+=§!\?]{8,20}$/', $this->request->post['password'])) {
    $json['error']['password'] = $this->language->get('error_password');
    }


    at least one lowercase char
    at least one uppercase char
    at least one digit
    at least one special sign of @#-_$%^&+=§!?


    Perhaps it wouldn't be a good idea to be too strict with registration process as this could potentially prevent a sale.

    At least this shows where you would need to make the checks as means of an explanation.


    Regards,


    Hackasacka
    The reply is currently minimized Show
Your Reply