CodeIgniter Strong Password Validation

When You are going to create a Registration Form then You should make sure that users always must have a strong password. It's quite easy to create a Strong password Validation with CodeIgniter, by using the Form Validation Library and REGEX.

CodeIgniter Strong Password Validation

For example, Set the minimum and maximum length of the password, It should contain a lowercase, uppercase, numbers, and special chars. You can also easily make sure that the data entered in the password field Should be equal to password confirmation field.

An example password policy could be:

  • Required
  • Lowercase
  • Uppercase
  • Number
  • Special Chars

PasswordValidation.php(view)


<!DOCTYPE html>
<html>
<head>
<title>Strong Password Validation</title>
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<div class="container-fluid ">
    <div class="row">
    <div class="col-md-9 offset-md-1"> 
     <div class="user_about_content_box">
       <div class="tab-pane">         
         <h3>Strong Password Validation</h3>
        </div>  
<div class="col-md-8">
	<?php 
	if($this->session->flashdata('success'))
	{
echo "<span class='text-success' style='font-weight:bold'>".$this->session->flashdata('success')."</span>";	
	}
	?>
</div>	
       <form method="post" action="<?php echo base_url('passwordcontroller/index'); ?>">
        <div class="col-md-8">
       <div class="form-group" id="prime_cat">
            <input type="email" value="<?php echo set_value('email'); ?>" name="email" class="form-control input-group-lg" placeholder="Email">  
       </div>
	   <?php if(form_error('email')){echo "<span style='color:red'>".form_error('email')."</span>";} ?>
	   
       <div class="form-group" id="prime_cat">
            <input type="text" value="<?php echo set_value('new_password'); ?>" name="new_password" class="form-control input-group-lg" placeholder="New Password">  
       </div>
	   <?php if(form_error('new_password')){echo "<span style='color:red'>".form_error('new_password')."</span>";} ?>
	   
       <div class="form-group" id="prime_cat">
            <input type="password" value="<?php echo set_value('confirm_password'); ?>" name="confirm_password" class="form-control input-group-lg" placeholder="Confirm Password">  
       </div>
	   <?php if(form_error('confirm_password')){echo "<span style='color:red'>".form_error('confirm_password')."</span>";} ?>
       <div class="form-group col-md-12">
            <input  class="btn btn-primary" type="submit" value="Create account">
        </div>
        </div>
       </form>
     </div>  <!--Content box ends-->
 	
 	</div>
	</div>
</div>
</div>
</body>
</html>

PasswordController.php(Controller)


<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class PasswordController extends CI_Controller 
{

	
	public function index()
	{
	
		
		$rules = array(
				[
					'field' => 'email',
					'label' => 'Email',
					'rules' => 'required',
				],
				[
					'field' => 'new_password',
					'label' => 'New Password',
					'rules' => 'callback_valid_password',
				],
				[
					'field' => 'confirm_password',
					'label' => 'Confirm Password',
					'rules' => 'matches[new_password]',
				],
			);
			$this->form_validation->set_rules($rules);
		
		
		if($this->form_validation->run()==FALSE)
		{
		$this->load->view('PasswordValidation');	
		}
		else
		{
			
	$this->session->set_flashdata('success','Congrates ');	
			
		redirect(base_url('PasswordController/index'));	
		}
		
	}
	
	//Create strong password 
	public function valid_password($password = '')
	{
		$password = trim($password);

		$regex_lowercase = '/[a-z]/';
		$regex_uppercase = '/[A-Z]/';
		$regex_number = '/[0-9]/';
		$regex_special = '/[!@#$%^&*()\-_=+{};:,<.>ยง~]/';

		if (empty($password))
		{
			$this->form_validation->set_message('valid_password', 'The {field} field is required.');

			return FALSE;
		}

		if (preg_match_all($regex_lowercase, $password) < 1)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field must be at least one lowercase letter.');

			return FALSE;
		}

		if (preg_match_all($regex_uppercase, $password) < 1)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field must be at least one uppercase letter.');

			return FALSE;
		}

		if (preg_match_all($regex_number, $password) < 1)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field must have at least one number.');

			return FALSE;
		}

		if (preg_match_all($regex_special, $password) < 1)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field must have at least one special character.' . ' ' . htmlentities('!@#$%^&*()\-_=+{};:,<.>ยง~'));

			return FALSE;
		}

		if (strlen($password) < 5)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field must be at least 5 characters in length.');

			return FALSE;
		}

		if (strlen($password) > 32)
		{
			$this->form_validation->set_message('valid_password', 'The {field} field cannot exceed 32 characters in length.');

			return FALSE;
		}

		return TRUE;
	}
	//strong password end

}
Output(validation error)
Output(validation success message)