user.password.minimum
Permalink 1 user found helpful
Hello,
so with Concrete5 version 8.x where can I make changes to the "user.password.minimum" to enforce longer passwords?
Are there other password policies that can be configured now? for example upper case, lower case, numbers, special characters ?
I guess it has to go somewhere in the Application directory so it doesn't get overwritten with the next update...
Thank you for your help!
so with Concrete5 version 8.x where can I make changes to the "user.password.minimum" to enforce longer passwords?
Are there other password policies that can be configured now? for example upper case, lower case, numbers, special characters ?
I guess it has to go somewhere in the Application directory so it doesn't get overwritten with the next update...
Thank you for your help!
Thank you for your quick response!
I think the "copy this" code didn't come with the message ?...
I understand I have to override a class to make it work.
I think the "copy this" code didn't come with the message ?...
I understand I have to override a class to make it work.
Sorry :-)
Here is the stuff you need:
https://gist.github.com/hissy/9cd16ec05b0c988a915167df6bd11ded...
In my installation I require small characters, big characters, a number and a special character:
['/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W).+$/']
Here is the stuff you need:
https://gist.github.com/hissy/9cd16ec05b0c988a915167df6bd11ded...
In my installation I require small characters, big characters, a number and a special character:
['/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W).+$/']
Awesome!
Definitely something I can work with now :)
Thank you.
One more thing though, where do I set the "password.minimal" again?
Company policy requires 15 characters, Concrete5's default is 4 characters.
Definitely something I can work with now :)
Thank you.
One more thing though, where do I set the "password.minimal" again?
Company policy requires 15 characters, Concrete5's default is 4 characters.
Never mind. I figured it out.
I can simply add it to the RegEx
['/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W).{15,}+$/']
Thank you again !!
I can simply add it to the RegEx
['/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W).{15,}+$/']
Thank you again !!
I am not sure how reliable it is to do it this way so if you want to do it directly in C5 config, open the file application\config\generated_overrides\concrete.php
If it doesn't exist, create it.
If it already exists, you will see inside it just return a multidimensional array.
Because C5 stores that minimum password length value in concrete.user.password.minimum it means in the file concrete.php and in 3 level arrays with keys user, password, and minimum
So you have this
Of course you might already find values there so for instance you might have
Sorry I often explain too much when I'm not sure of the code-understanding level of someone so please forgive the extra explanation if not needed.
Also, if you often have to play with settings like that I strongly suggest you buy the plugin HandyMan which allows you to do all that easily from your dashboard. You might even discover settings you had no idea existed :)
http://www.concrete5.org/marketplace/addons/handyman...
If it doesn't exist, create it.
If it already exists, you will see inside it just return a multidimensional array.
Because C5 stores that minimum password length value in concrete.user.password.minimum it means in the file concrete.php and in 3 level arrays with keys user, password, and minimum
So you have this
<?php return [ 'user' => [ 'password' => [ 'minimum' => 15, ], ], ];
Of course you might already find values there so for instance you might have
'version_installed' => '8.2.1', 'version_db_installed' => '20170802000000', 'misc' => [ 'login_redirect' => 'DESKTOP', 'access_entity_updated' => 1520001107, 'do_page_reindex_check' => false, 'basic_thumbnailer_generation_strategy' => 'now', 'latest_version' => '8.3.2', ], 'debug' => [ 'detail' => 'debug', 'display_errors' => true, ], 'cache' => [ 'blocks' => true,
Viewing 15 lines of 46 lines. View entire code block.
Sorry I often explain too much when I'm not sure of the code-understanding level of someone so please forgive the extra explanation if not needed.
Also, if you often have to play with settings like that I strongly suggest you buy the plugin HandyMan which allows you to do all that easily from your dashboard. You might even discover settings you had no idea existed :)
http://www.concrete5.org/marketplace/addons/handyman...
Since /application/config/concrete.php is a generated file, I wouldn't touch it.
See the comment "DO NOT EDIT THIS FILE DIRECTLY".
See the comment "DO NOT EDIT THIS FILE DIRECTLY".
In that case create a concrete.php file in application/config and put your code in that file..
@core77 I know it says that but that warning is only there to prevent users who don't know what they're doing to change manually something that was set through code.
The password minimum length, however, is not set anywhere through code and the value won't be deleted by C5 as it doesn't delete those concrete config values unless done through code which is not the case.
Having said so, @weyboat's suggestion should work.
The password minimum length, however, is not set anywhere through code and the value won't be deleted by C5 as it doesn't delete those concrete config values unless done through code which is not the case.
Having said so, @weyboat's suggestion should work.
In line 9 (in the gist) you can change/add the rules.