Laravel password validation rule
I have had a similar scenario in Laravel and solved it in the following way.
The password contains characters from at least three of the following five categories:
- English uppercase characters (A – Z)
- English lowercase characters (a – z)
- Base 10 digits (0 – 9)
- Non-alphanumeric (For example: !, $, #, or %)
- Unicode characters
First, we need to create a regular expression and validate it.
Your regular expression would look like this:
^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$
I have tested and validated it on this site. Yet, perform your own in your own manner and adjust accordingly. This is only an example of regex, you can manipulate the way you want.
So your final Laravel regex rule should be like this:
'password' => [
'required',
'min:6',
'regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$/',
'confirmed'
]
Note:
- I have tested and validated it on both the regular expression site and a Laravel 5 test environment, and it works.
- I have used min:6, this is optional, but it is always a good practice to have a security policy that reflects different aspects, one of which is minimum password length.
- I suggest you to use password confirmed to ensure user typing correct password.
- Within the 6 characters, our regex should contain at least 3 of a-z or A-Z and number and special character.
- Always test your code in a test environment before moving to production.
- What I have done in this answer is just example of regex password
Regarding your custom validation message for the regex rule in Laravel, here are a few links to look at:
- Laravel Validation custom message
- Custom validation message for regex rule in Laravel?
- Laravel custom validation messages
Strong passwords validation laravel
Use the principle of contrast:
^
(?=[^a-z]*[a-z]) # ensure one lower case letter
(?=[^A-Z]*[A-Z]) # ensure one upper case letter
(?=\D*\d) # ensure a digit
(?=[^!@?]*[!@?]) # special chars
.{10,} # at least 10 characters long
$
You can extend the special char section, of course.
See a demo on regex101.com.
Validating Password rules with a custom error message
According to this comment in the original pull request, you can't do this in code, and have to use the JSON localization files.
So check the validation class for the default text and then in resources/lang/ar.json
add a translation for it, like so:
{
"The :attribute must contain at least one letter.": ":attribute يجب أن يحتوي على الأقل حرف واحد.",
"The :attribute must contain at least one uppercase and one lowercase letter.": ":attribute يجب أن يحتوي على الأقل حرف كبير واحد وحرف صغير واحد.",
"The :attribute must contain at least one number.": ":attribute يجب أن يحتوي على الأقل رقم واحد.",
"The :attribute must contain at least one symbol.": ":attribute يجب أن يحتوي على الأقل رمز واحد."
}
The length message uses the standard one found in resources/lang/ar/validation.php
:
<?php
return [
"min" => [
"string" => "يجب أن يكون طول نص حقل :attribute على الأقل :min حروفٍ/حرفًا.",
],
];
Or it can be declared in your code above.
$messages = [
'password.required' => 'يجب ادخال كلمة المرور',
'password.confirmed' => 'كلمة المرور غير متطابقة',
'password.min' => 'whatever',
];
Note there are packages such as Laravel Lang that can do all these translations for you.
Laravel Password & Password_Confirmation Validation
You can use the confirmed validation rule.
$this->validate($request, [
'name' => 'required|min:3|max:50',
'email' => 'email',
'vat_number' => 'max:13',
'password' => 'required|confirmed|min:6',
]);
Laravel Validation of password failed, when it must be ok. Why?
The password
validation rule checks the field under validation against the current authenticated user's password. So you shouldn't use it if you want to check only it's length. If you want more specific validation rules, you can use regex. For example, this rule checks if the given password contains at least one small letter, one capital letter and a digit and it's length shouldn't be less than 8:
'password' => 'required|min:8|regex:#(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])#'
Related Topics
Why Does File_Get_Contents Work with Google.Com But Not with My Site
How to Use Perl Libraries from PHP
Mysqli - Fetch_Array Error Call to a Member Function Fetch_Array() on a Non-Object MySQLi
How Does SQL-Injection Work and How to Protect Against It
Why Is My Number Value Changing Using Number_Format()
Pdo and MySQL Fulltext Searches
Getting the Text Portion of a Node Using PHP Simple Xml
PHP Script to Execute at Certain Times
Forbidden Error When Submitting Simple PHP Form
How to Bind Decimal/Double/Float Values with Pdo in PHP
How to Convert PHP Regex to JavaScript Regex
Change Innerhtml of a PHP Domelement
Get Number of Rows Matched by Update Query with PHP MySQLi