Using any validator to do extensive password validation


I need to implement extensive password validation - i.e., if (when creating new account) password is equal to predefined pattern. A classical situation, for example - if the number of uppercase/lowercase/special characters and numbers is at least that, like minimum set in pattern.

I need to validate this at two situations. Easier, and more obvious one, when creating account – to check, if password simple meets pattern requirements.

And harder and not so obvious - when defining pattern, to check, if each pattern elements do not interfere with each other – for example, if sum of minimum number of uppercase/lowercase/special characters and numbers isn’t longer than minimum password length at all (to avoid situations, where someone define for example that password must have at least three lower letter, three upper letters, three numbers and three special characters, but minimum password length is not 12, but for example 10, which makes meeting all pattern requirements not possible).

I would like to ask for an opinion, if it is worth to try to code such logic basing on validators (either Yii built-in or own-extended ones) or if it would be easier, faster and better to do simple PHP checks, using if, else etc.



Sounds like a job for a custom validator to me. They are quite easy to build.

Thanks for your opinion.

Extensive password validation has dropped of my project right know and currently I’m not working on it any more. Even though, I’m still thinking that it would be easier to validate such passwords using simple PHP’s ifs. The thing is that you have to write a little bit more code, when developing custom validator and I don’t see a reason to develop such solution, when it is going to be applied in one and only place.

Maybe I’m missing whole custom validators idea, but writing them has sense in my opinion, when you’ll be using them in at least two separate forms in a project.

Just to clarify… Custom validator in Yii are all validators that are not in the core… so if you need some validation that is not provided by default you need to create a custom one even if you use it only once…

For example… you mentioned that you would do a classic if/else check… but where would that code be? - In the custom validator (be it a method or a separate class) ;)

Those if/else checks could be placed in controller code, right where data from form is being processed.

But this is only strict answer to you question. I understand that this is bad (lazy?) approach and using validators are better. preffered, more professional way of doing this.