I’m facing the problem with password quality validation. I need to assure that password provided by user will:
- be of any length.
- contain at least one letter (no matter, capital or not),
- contain at least one number,
- contain at last one special character out of provided set of character.
What would be the best approach to achieve this:
a] CRegularExpressionValidator along with good regular expression,
b] custom validator,
c] custom validation rule in form model (similar to authenicate in LoginForm)
d] or maybe set of buili-in validators?
Unfortunately I’m both regular expressions and custom validators newbie.
My friend, good expert in regular expression told me that, reg. expr. for this would be hard, as at least one letter/number/special character is only required, without specifying position or order in which they’ll appear. If order would be specified (i.e. one or more letter, one or more number and one or more special characters - i.e. passwords qwe123!@# and a1@ match, but 123qwe!@# not) then there would be no problem doing this with regular expression. But since order or combination is fluent (i.e. both qwe123!@#, 123qwe!@#, !@#qwe123 and many more combinations are valid), this is beyond his knowledge.
I have no experience in using custom validator and don’t have idea where to start with, to solve this problem.
So I decided to use custom validation rule directly in form model and to use simple ifs and/or loop to check if password contains what it is supposed to contain.
But before I do this, I would be grateful for the opinions on this subject.
BTW: Can someone explain me difference between custom validator and custom validation rule (function) defined directly in form class. For me they seems to be the same, doing exactly the same. And the only difference is that custom validator is reusable and can be attached to many models, while custom validation rule sits in particular model and is hard to be use in others. Am I right? Are there any other differences?