A tool for checking and creating password policies in PHP and JS.
Use composer to setup an autoloader
php composer.phar install
Require the composer autoload file:
require_once 'vendor/autoload.php';
To use, first instantiate the core policy object:
$policy = new \PasswordPolicy\Policy;
Then, add rules:
$policy->contains('lowercase', $policy->atLeast(2));
-
contains($class, $constraint = null, $description = ''): Checks to see if a password contains a class of charsSupported Short-Cut classes:
letter-a-zA-Zlowercase-a-zuppercase-A-Zdigit-0-9symbol-^a-zA-Z0-9(in other words, non-alpha-numeric)null-\0alnum-a-zA-Z0-9
The second param is a constraint (optional)
-
length($constraint): Checks the length of the password matches a constraint -
endsWith($class, $description = ''): Checks to see if the password ends with a character class. -
startsWith($class, $description = ''): Checks to see if the password starts with a character class. -
notMatch($regex, $description): Checks if the password does not match a regex. -
match($regex, $description): Checks if the password matches the regex.
The policy also has short-cut helpers for creating constraints:
-
atLeast($n): At least the param matchesEquivalent to
between($n, PHP_INT_MAX) -
atMost($n): At most the param matchesEquivalent to
between(0, $n) -
between($min, $max): Between $min and $max number of matches -
never(): No matchesEquivalent to
between(0, 0)
Once you setup the policy, you can then test it in PHP using the test($password) method.
$result = $policy->test($password);
The result return is a stdclass object with two members, result and messages.
-
$result->result- A boolean if the password is valid. -
$result->messages- An array of messages
Each message is an object of two members:
-
$message->result- A boolean indicating if the rule passed -
$message->message- A textual description of the rule
Once you've built the policy, you can call toJavaScript() to generate a JS anonymous function for injecting into JS code.
$js = $policy->toJavaScript();
echo "var policy = $js;";
Then, the policy object in JS is basically a wrapper for $policy->test($password), and behaves the same (same return values).
var result = policy(password);
if (!result.result) {
/* Process Messages To Display Failure To User */
}
One note for the JavaScript, any regular expressions that you write need to be deliminated by / and be valid JS regexes (no PREG specific functionality is allowed).