We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

My login form works, how do I enforce Strong Password?

selms
selms asked
on
Medium Priority
221 Views
Last Modified: 2013-12-24

There are two files below;  the first is the Application.cfm which includes logindump.cfm to check the password against a database.  If they get a green light, logindump directs them to index.cfm.

Please note:   the login form is a FLASH FORM.

How do I incorporate a Strong Password (8 char +upper + lowercase + special character) verification into this code????

THANKS IN ADVANCE!!!!


<!---//--------------------------------------------------------------------
Name:                     Application.cfm
Purpose:            Display login form
---------------------------------------------------------------------//--->

<cfapplication name="MyApplication">


<!--- Datasource Name--->
<cfset DSN="MyApplication">

<!--- LOGIN SECTION --->
<cflogin>

      <!--- SECTION 1: If not logged in, include the login form--->
      <cfif NOT isDefined("Form.username")>      
            <cfinclude template="webroot/logindump.cfm">
            <cfabort>
      <cfelse>
      
            
            <!--- SECTION 2:User submitted name, password, check for match --->
            <cfquery name="qValidLogin" datasource="#Variables.dsn#">
            SELECT Users.UserID, Users.UserLogin, Users.UserPassword,                     
            UserGroups.UserRoleID
            FROM Users, UserGroups
            
            WHERE 0=0
            AND Users.UserID=UserGroups.UserID
            AND Users.UserLogin='#Form.username#'
            AND Users.UserPassword ='#Form.password#'
            </cfquery>
            
            
            <!--- SECTION 3: User has submitted a valid name and password --->
            <cfif qValidLogin.RecordCount>
            
            <!--- Use <cfloginuser> here to identify the user to for access into site --->
            <cfloginuser name="#Form.username#" password="#Form.password#"
            roles="#qValidLogin.UserRoleID#">
                  
                  <cfset loggedin="1">      
                  
                                    
            <!--- SECTION 4: User has submitted invalid name and/or password,
                    so show the form again with error message --->
            <cfelse>
            <cfinclude template="webroot/loginerror.cfm">
                  <cfabort>
                  
            </cfif>
</cfif>            

</cflogin>







<!---//--------------------------------------------------------------------
Name:                  login.cfm
Purpose:            Display login form
---------------------------------------------------------------------//--->


<cfif isDefined("Variables.loggedin") AND GetFileFromPath(CGI.script_name) IS "logindump.cfm">
      <cflocation url="index.cfm" addtoken="no">
</cfif>


<html>
<head>
  <title>Login</title>

</head>
 

<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<cfparam name="errorMessage" default="">


<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
 
<td width="275">
      
<!--- This is the login form --->
<cfform name="loginform" action="#CGI.script_name#" method="Post" format="flash" style="background-color:##4696CB;" skin="haloBlue" height="135" width="310">

<table cellspacing="0" cellpadding="3">
<tr>

<td id="email">       
<cfformgroup type="panel" label="Please Log in" style="headerColors:##D6EFFE, ##D6EFFE; fontSize:12; text-align: left;">

<cfinput name="username"  
      title="Email"
      type="text"                               
      required="yes"
      validate="email"
      message="An email is required"
      label="email"
      size="20"  
      id="email"
      width="50" />
</td>
</tr>            

<tr>
<td id="password">
<cfinput name="password" title="Password"
      type="password"  
      required="yes"
      message="A password is required"
      label="password"
      size="20"  
      id="password"
      width="100"/>
</td>
</tr>

</table>
</cfformgroup>
</cfform>


</td>
</tr>  
</table>


</body>
</html>
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Try this:
<cfset string="A1$Bc@3D">
<cfset strong=false>

<cfif len(trim(string)) is 8 and ReFind("[a-z]",string) and ReFind("[A-Z]",string) and ReFind("([^[a-zA-Z]]*)",string)>
<cfset strong=true>
</cfif>

#strong#

I didn't read your post but this will tell you if you have lowercase AND uppercase AND other characters in string

Author

Commented:
Sorry it's late in the day... do I put it in the Application.cfm or login.cfm ????????????
CERTIFIED EXPERT
Commented:
You have a form for users to login.
This code goes on the form action page where you have form variables.
Like before your query that checks for valid username - password

<cfif NOT(len(trim(Form.password)) is 8 and ReFind("[a-z]",Form.password) and ReFind("[A-Z]",Form.password) and ReFind("([^[a-zA-Z]]*)",Form.password))>
<cfinclude template="webroot/loginerror.cfm">
<cfabort>
</cfif>

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.