To be effective this should ideally contain at least one digit and not match a natural language word

78

New! Save questions or answers and organize your favorite content.
Learn more.

How to added password validation rule in the validator?

Validation rule:

The password contains characters from at least three of the following five categories:

• English uppercase characters (A – Z)
• English lowercase characters (a – z)
• Base 10 digits (0 – 9)
• Non-alphanumeric (For example: !, $, #, or %)
• Unicode characters

How to add above rule in the validator rule?

My Code Here

// create the validation rules ------------------------
    $rules = array(
        'name'             => 'required',                        // just a normal required validation
        'email'            => 'required|email|unique:ducks',     // required and must be unique in the ducks table
        'password'         => 'required',
        'password_confirm' => 'required|same:password'           // required and has to match the password field
    );

    // do the validation ----------------------------------
    // validate against the inputs from our form
    $validator = Validator::make(Input::all(), $rules);

    // check if the validator failed -----------------------
    if ($validator->fails()) {

        // get the error messages from the validator
        $messages = $validator->messages();

        // redirect our user back to the form with the errors from the validator
        return Redirect::to('home')
            ->withErrors($validator);

    }

Maytham Fahmi

28.3k13 gold badges103 silver badges124 bronze badges

asked Jul 21, 2015 at 12:59

BharanikumarBharanikumar

25.2k50 gold badges130 silver badges195 bronze badges

2

I have had a similar scenario in Laravel and solved it in the following way.

The password contains characters from at least three of the following five categories:

• English uppercase characters (A – Z)
• English lowercase characters (a – z)
• Base 10 digits (0 – 9)
• Non-alphanumeric (For example: !, $, #, or %)
• Unicode characters

First, we need to create a regular expression and validate it.

Your regular expression would look like this:

^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$

I have tested and validated it on this site. Yet, perform your own in your own manner and adjust accordingly. This is only an example of regex, you can manipulate the way you want.

So your final Laravel regex rule should be like this:

'password' => [
    'required',
    'min:6',
    'regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$/',
    'confirmed'
]

Note:

1. I have tested and validated it on both the regular expression site and a Laravel 5 test environment, and it works.
2. I have used min:6, this is optional, but it is always a good practice to have a security policy that reflects different aspects, one of which is minimum password length.
3. I suggest you to use password confirmed to ensure user typing correct password.
4. Within the 6 characters, our regex should contain at least 3 of a-z or A-Z and number and special character.
5. Always test your code in a test environment before moving to production.
6. What I have done in this answer is just example of regex password

Regarding your custom validation message for the regex rule in Laravel, here are a few links to look at:

• Laravel Validation custom message
• Custom validation message for regex rule in Laravel?
• Laravel custom validation messages

miken32

40.6k16 gold badges100 silver badges140 bronze badges

answered Jul 21, 2015 at 21:24

Maytham FahmiMaytham Fahmi

28.3k13 gold badges103 silver badges124 bronze badges

7

This doesn't quite match the OP requirements, though hopefully it helps. With Laravel you can define your rules in an easy-to-maintain format like so:

    $inputs = [
        'email'    => 'foo',
        'password' => 'bar',
    ];

    $rules = [
        'email'    => 'required|email',
        'password' => [
            'required',
            'string',
            'min:10',             // must be at least 10 characters in length
            'regex:/[a-z]/',      // must contain at least one lowercase letter
            'regex:/[A-Z]/',      // must contain at least one uppercase letter
            'regex:/[0-9]/',      // must contain at least one digit
            'regex:/[@$!%*#?&]/', // must contain a special character
        ],
    ];

    $validation = \Validator::make( $inputs, $rules );

    if ( $validation->fails() ) {
        print_r( $validation->errors()->all() );
    }

Would output:

    [
        'The email must be a valid email address.',
        'The password must be at least 10 characters.',
        'The password format is invalid.',
    ]

(The regex rules share an error message by default—i.e. four failing regex rules result in one error message)

answered Jan 22, 2019 at 14:55

6

Since Laravel version 8, you can use built-in password validation:

// Require at least 8 characters...
Password::min(8)

// Require at least one letter...
Password::min(8)->letters()

// Require at least one uppercase and one lowercase letter...
Password::min(8)->mixedCase()

// Require at least one number...
Password::min(8)->numbers()

// Require at least one symbol...
Password::min(8)->symbols()

or you can chain them all

use Illuminate\Validation\Rules\Password;

$rules = [
    'password' => [
        'required',
        'string',
        Password::min(8)
            ->mixedCase()
            ->numbers()
            ->symbols()
            ->uncompromised(),
        'confirmed'
    ],
]

miken32

40.6k16 gold badges100 silver badges140 bronze badges

answered May 24, 2021 at 10:30

Moode OsmanMoode Osman

1,37515 silver badges14 bronze badges

2

A Custom Laravel Validation Rule will allow developers to provide a custom message with each use case for a better UX experience.

php artisan make:rule IsValidPassword

namespace App\Rules;

use Illuminate\Support\Str;
use Illuminate\Contracts\Validation\Rule;

class isValidPassword implements Rule
{
    /**
     * Determine if the Length Validation Rule passes.
     *
     * @var boolean
     */
    public $lengthPasses = true;

    /**
     * Determine if the Uppercase Validation Rule passes.
     *
     * @var boolean
     */
    public $uppercasePasses = true;

    /**
     * Determine if the Numeric Validation Rule passes.
     *
     * @var boolean
     */
    public $numericPasses = true;

    /**
     * Determine if the Special Character Validation Rule passes.
     *
     * @var boolean
     */
    public $specialCharacterPasses = true;

    /**
     * Determine if the validation rule passes.
     *
     * @param  string  $attribute
     * @param  mixed  $value
     * @return bool
     */
    public function passes($attribute, $value)
    {
        $this->lengthPasses = (Str::length($value) >= 10);
        $this->uppercasePasses = (Str::lower($value) !== $value);
        $this->numericPasses = ((bool) preg_match('/[0-9]/', $value));
        $this->specialCharacterPasses = ((bool) preg_match('/[^A-Za-z0-9]/', $value));

        return ($this->lengthPasses && $this->uppercasePasses && $this->numericPasses && $this->specialCharacterPasses);
    }

    /**
     * Get the validation error message.
     *
     * @return string
     */
    public function message()
    {
        switch (true) {
            case ! $this->uppercasePasses
                && $this->numericPasses
                && $this->specialCharacterPasses:
                return 'The :attribute must be at least 10 characters and contain at least one uppercase character.';

            case ! $this->numericPasses
                && $this->uppercasePasses
                && $this->specialCharacterPasses:
                return 'The :attribute must be at least 10 characters and contain at least one number.';

            case ! $this->specialCharacterPasses
                && $this->uppercasePasses
                && $this->numericPasses:
                return 'The :attribute must be at least 10 characters and contain at least one special character.';

            case ! $this->uppercasePasses
                && ! $this->numericPasses
                && $this->specialCharacterPasses:
                return 'The :attribute must be at least 10 characters and contain at least one uppercase character and one number.';

            case ! $this->uppercasePasses
                && ! $this->specialCharacterPasses
                && $this->numericPasses:
                return 'The :attribute must be at least 10 characters and contain at least one uppercase character and one special character.';

            case ! $this->uppercasePasses
                && ! $this->numericPasses
                && ! $this->specialCharacterPasses:
                return 'The :attribute must be at least 10 characters and contain at least one uppercase character, one number, and one special character.';

            default:
                return 'The :attribute must be at least 10 characters.';
        }
    }
}

Then on your request validation:

$request->validate([
    'email'    => 'required|string|email:filter',
    'password' => [
        'required',
        'confirmed',
        'string',
        new isValidPassword(),
    ],
]);

answered Nov 19, 2020 at 14:56

ahinkleahinkle

1,8603 gold badges28 silver badges49 bronze badges

0

it's easy to do so with laravel 8:

 $rules = array(
    'name'             => ['required'],                        
    'email'            => ['required','email','unique:ducks'],     
    'password'         => ['required', 'confirmed',Password::min(8)
                                                   ->letters()
                                                   ->mixedCase()
                                                   ->numbers()
                                                   ->symbols()
                                                   ->uncompromised()
                           ],
);

See the doc , ( in your case you can ignore the uncompromised rule).

answered Jun 17, 2021 at 11:59

ali filali ali filali

1803 silver badges7 bronze badges

1

laravel 9 password validation




 $request->validate([
    'name' => 'required', 'string', 'max:255',
    'email' => 'required', 'string', 'email', 'max:255', 'unique:users',
    'password' => 'required|string|min:6|confirmed|regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/',
 ]);

answered Jun 16 at 5:14

Which of the following is a document that states in writing how a company plans to protect the company physical and IT assets?

Is a program in which malicious or harmful code is contained inside apparently harmless programming or data?

What is the process of conversion of data into a ciphertext that Cannot be easily understood by unauthorized people known as?

What is a program or file that is specifically developed for the purpose of doing harm?