Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: Password Help

  1. #1
    Regular Coder
    Join Date
    Jan 2010
    Posts
    160
    Thanks
    10
    Thanked 1 Time in 1 Post

    Password Help

    Hi

    I have the following code but need it to error if the password does not contain 8 Characters and must contain one number and one upper case character.

    Any help much appecicated.

    Code:
    $(function(){$(".helpmsg").tooltip({position:"bottom center",offset:[10,20],effect:"fade",opacity:0.8,events:{def:"click,mouseout"}});$("#button_save_main_settings").click(function(){if($("#button_save_main_settings").text()!="Saving..."){$("#button_save_main_settings").prop("disabled",true);$("#button_save_main_settings").text("Saving...");$("#button_save_main_settings").after("<img style=\"margin-left: 10px\" src='images/loader_small_grey.gif' />");$("#ms_form").submit()}return false});$("#dialog-change-password").dialog({modal:true,autoOpen:false,closeOnEscape:false,width:400,position:["center",150],draggable:false,resizable:false,buttons:[{text:"Save Password",id:"dialog-change-password-btn-save-changes","class":"bb_button bb_small bb_green",click:function(){var b=$.trim($("#dialog-change-password-input1").val());var a=$.trim($("#dialog-change-password-input2").val());var c=$("#ms_box_account").data("userid");if(b==""||a==""){alert("Please enter both password fields!")}else{if(b!=a){alert("Please enter the same password for both fields!")}else{$("#dialog-change-password-btn-save-changes").prop("disabled",true);$("#dialog-change-password-btn-cancel").hide();$("#dialog-change-password-btn-save-changes").text("Saving...");$("#dialog-change-password-btn-save-changes").after("<div class='small_loader_box'><img src='images/loader_small_grey.gif' /></div>");$.ajax({type:"POST",async:true,url:"change_password.php",data:{np:b,user_id:c},cache:false,global:false,dataType:"json",error:function(g,d,f){alert("Unable to save the password!");$(this).dialog("close")},success:function(d){$("#dialog-change-password").dialog("close");$("#dialog-change-password-btn-save-changes").prop("disabled",false);$("#dialog-change-password-btn-cancel").show();$("#dialog-change-password-btn-save-changes").text("Save Password");$("#dialog-change-password-btn-save-changes").next().remove();$("#dialog-change-password-input1").val("");$("#dialog-change-password-input2").val("");if(d.status=="ok"){$("#dialog-password-changed").dialog("open")}}})}}}},{text:"Cancel",id:"dialog-change-password-btn-cancel","class":"btn_secondary_action",click:function(){$(this).dialog("close")}}]});$("#dialog-password-changed").dialog({modal:true,autoOpen:false,closeOnEscape:false,width:400,position:["center",150],draggable:false,resizable:false,buttons:[{text:"OK",id:"dialog-password-changed-btn-ok","class":"bb_button bb_small bb_green",click:function(){$(this).dialog("close")}}]});$("#ms_change_password").click(function(){$("#dialog-change-password").dialog("open");return false})});
    Thanks
    Roy

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,079
    Thanks
    203
    Thanked 2,542 Times in 2,520 Posts
    In fact requiring the password to contain a digit and an uppercase letter makes it less secure, not more, as a hacker (who knows that fact) has fewer combinations to try.

    Security is overwhelmingly achieved by the length (number of characters) of a password rather than the extent of the characters. Aim for 10 characters miniumum to make brute-force cracks infeasible. Whether or not a password contains numbers, uppercase letters or special characters does not affect an automatic cracking algorithm. To a computer "password" is no different from "Y6%jQg9z". But obviously a single dictionary word is very easily broken.

    The extra security offered by allowing special characters in a password is countered by just one more character in the password. In other words, a password of 8 alpha characters and digits is (in theory) more secure than one of 7 characters including special ones.

    The best user-friendly passwords are not random and quite unmemorable meaningless strings of characters, but 2 or more unrelated words (not proper names) concatenated such as purplestarlingfun or mostuglyfirefox.

    Passwords such as Julia1984 or Christopher1965 meet your specification but are very easily broken.

    But here is a vanilla Javascript to do what you want:-

    Code:
    <form id= "myForm">
    Enter password <input type = "text" name = "pwd" id = "pwd" onblur = "validate()">
    <span id = "message" style = "font-size:10pt" ></span>
    </form>
    
    <script type = "text/javascript">
    
    function validate() {
    document.getElementById("message").innerHTML = "";
    var val = document.getElementById("pwd").value;
    val = val.replace(/\s/gi,"");  // strip spaces
    document.getElementById("pwd").value = val;  // write it back to the field
    
    var check = {
      '.{8,16}':'eight and up to sixteen characters',
      '[0-9]':'one number (0-9)',
      '[a-z]':'one lowercase letter (a-z)',
      '[A-Z]':'one uppercase letter (A-Z)'
    }
    
    for (var exp in check) {
    if (!val.match(new RegExp(exp))) {
    var mg = 'Password must contain at least '+check[exp]+'. NOTE Passwords must contain at least one number and at least one upper and one lower case letter.'
    document.getElementById("message").style.color="red";
    document.getElementById("message").innerHTML = mg;
    document.getElementById("pwd").value = "";
    document.getElementById("pwd").focus();
    return false;
    }
    }
    var mg = "Valid Password";
    document.getElementById("message").style.color="green";
    document.getElementById("message").innerHTML = mg;
    return true;
    }
    
    </script>
    Last edited by Philip M; 01-07-2014 at 11:16 AM. Reason: Correction

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #3
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    You shouldn't specify length limits on passwords. Whether the password is one character or a million characters it will still take up exactly the same number of characters to store the password hash on the server.

    Specifying a minimum length so as to eliminate the easiest to guess passwords is useful but placing a maximum limit just makes the password less secure.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,079
    Thanks
    203
    Thanked 2,542 Times in 2,520 Posts
    Quote Originally Posted by felgall View Post
    You shouldn't specify length limits on passwords. Whether the password is one character or a million characters it will still take up exactly the same number of characters to store the password hash on the server.

    Specifying a minimum length so as to eliminate the easiest to guess passwords is useful but placing a maximum limit just makes the password less secure.
    See:- http://arstechnica.com/security/2012...-under-assault

    If the plaintext password is stolen it matters little how many characters it contains.

    In theory, once a string has been converted into a hash value, it's impossible to revert it to plaintext using cryptographic means. Password cracking, then, is the practice of running plaintext guesses through the same cryptographic function used to generate a compromised hash. When the two hash values match, the password has been identified.

    While a 20-character password may well be theoretically more secure than a 16-character password, both are of sufficient length to be unbreakable by any known technique. In reality 10-12 characters is completely secure. The longer the password the harder it is to remember. But ChristopherRobin1969 (20 characters incl proper names) is less secure than mostUglyFirefox (15 characters made up of concatenated words, capitals in the middle). 8-character passwords are much more vulnerable.

    It is never a good idea to use the same password for multiple sites. If my Coding Forums password is compromised that is not very damaging. But if I have used the same password for my bank then I am at serious risk. Above all, make your banking, Amazon, Ebay and PayPal passwords different from any other and strong.
    Last edited by Philip M; 01-08-2014 at 11:32 AM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by Philip M View Post
    The longer the password the harder it is to remember.
    Untrue. Making up a longer pass phrase such as

    MyUncleAndAuntLiveInBrisbaneQueensland4000AndHaveDoneSince1945WhenTheWarEnded

    is going to be far easier to remember than a shorter password such as

    fweghfdbGqL32jkl

    and is at least as secure.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •