Forum
Stronger Passwords in Members App
I wondered in Paranoid Security Mode also applied to the Members App? I've tried setting the config variables define(‘PERCH_STRONG_PASSWORDS’, true); and define(‘PERCH_PASSWORD_MIN_LENGTH’, 8); for a test, but it seems to have no effect. Can someone confirm that Paranoid Mode is indeed only for actual Perch Admin logins?
If correct, what can I do in or with the Members App to set a minimum password length and/or force stronger passwords?
Paranoid Mode is only for Perch, not for any add-ons that you might install with it.
If you want to add custom validation rules to the password field, you'll need to create a validation helper. (There's a custom one on the email field already.)
Thanks for the confirmation, Drew. I'll look at that next.
I've just read https://docs.grabaperch.com/api/validators/ and also looked at /perch_members/PerchMembers_Members.class.php. I see the function of 'check_email_exists' that's referred to in the Email field on the registration form. So, I get the idea of how it works.
If I'm going to write a helper for the password field, I can see that its not a good idea to add my function to /perch_members/PerchMembers_Members.class.php. Its modifying 'Perch code' and will get overwritten on each add-on update. So, I'd put my function into a file of (something like) MyApp_Validators.class.php.
Does this file have to be placed into /perch_members alongside the other class files? So, I therefore have to be careful not to 'lose' that file each time I apply an add-on release/update?
No, it just needs to be included somewhere or discoverable by an autoloader.
Great - thanks. Already got my 'check_password_quality' function working in a test system (by temporarily modifying /perch_members/PerchMembers_Members.class.php). So I know just need to move it to somewhere that updates won't clear my code and implement on the site that's in final development. Many thanks. :-)