CodeIgniter强密码策略,带有强制性的大写/小写字母和数字
[英]CodeIgniter strong password policy with compulsory uppercase/lowercase letters and digits
问题描述
I want to require the user to choose a strong password with at least one uppercase letter and one digit. 
我想要求用户选择一个至少包含一个大写字母和一个数字的强密码。 How do I enforce this policy when validating a form with CodeIgniter? 使用CodeIgniter验证表单时如何执行此策略?
1 个解决方案
解决方案1
1 已采纳 2015-09-03 06:02:23
Extend the default Form_validation class and create a custom validation rule for your custom password validation. 扩展默认的Form_validation类,并为您的自定义密码验证创建一个自定义验证规则。
To extend the default class you need to create a MY_Form_validation class and put it into your application/libraries/MY_Form_validation.php . 要扩展默认类,您需要创建一个MY_Form_validation类并将其放入您的application/libraries/MY_Form_validation.php 。 Here's an example: 这是一个例子:
<?php defined('BASEPATH') OR exit('No direct script access allowed');
/**
* Extension of CI's default form validation library.
*
* @see system/libraries/Form_validation.php
*/
class MY_Form_validation extends CI_Form_validation {
/**
* Custom password validation rule.
*
* @param string $pass Password to check.
*
* @return bool
*/
public function check_pass($pass)
{
// It's a good practice to make sure each validation rule does
// its own job. So we decide that this callback does not check
// for the password field being required. If we need so, we just
// prepend the "required" rule. For example: "required|min_length[8]|check_pass"
//
// So we just let it go if the value is empty:
if (empty($pass))
{
return TRUE;
}
// This sets the error message for your custom validation
// rule. %s will be replaced with the field name if needed.
$this->set_message('check_pass', 'Password needs to have at least one uppercase letter and a number.');
// The regex looks ahead for at least one lowercase letter,
// one uppercase letter and a number. IT'S NOT TESTED THOUGH.
return (bool) preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$/', $pass);
}
}
With this custom class in place, the check_pass validation rule will be available to your controllers when setting rules. 有了此自定义类,设置规则时, check_pass验证规则将对您的控制器可用。
If you're too lazy to add this custom class or you already have the validation function implemented somewhere else, you might want to use custom validation callbacks by prepending callback_ to the name of existing functions and use them as validation rules. 如果您懒于添加此自定义类,或者已经在其他地方实现了验证功能,则可能要使用自定义验证回调, callback_是将callback_放在现有函数的名称之前,并将它们用作验证规则。 See validation callbacks for more on this. 有关更多信息,请参见验证回调 。
I don't recommend the latter approach though as it messes up with where validation rules reside. 我不建议使用后一种方法,因为它会混淆验证规则所在的位置。 There are some cases that we MUST use custom callbacks that not reside in the validation class, outside those cases (which is not yours) all rules better be in your custom class. 在某些情况下,我们必须使用不在验证类中的自定义回调,在这些情况之外(不是您的情况),所有规则最好都在您的自定义类中。
PS Also consider this: PS还请考虑以下事项:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.