My login form works, how do I enforce Strong Password?

Posted on 2006-03-28
Last Modified: 2013-12-24

There are two files below;  the first is the Application.cfm which includes logindump.cfm to check the password against a database.  If they get a green light, logindump directs them to index.cfm.

Please note:   the login form is a FLASH FORM.

How do I incorporate a Strong Password (8 char +upper + lowercase + special character) verification into this code????


Name:                     Application.cfm
Purpose:            Display login form

<cfapplication name="MyApplication">

<!--- Datasource Name--->
<cfset DSN="MyApplication">

<!--- LOGIN SECTION --->

      <!--- SECTION 1: If not logged in, include the login form--->
      <cfif NOT isDefined("Form.username")>      
            <cfinclude template="webroot/logindump.cfm">
            <!--- SECTION 2:User submitted name, password, check for match --->
            <cfquery name="qValidLogin" datasource="#Variables.dsn#">
            SELECT Users.UserID, Users.UserLogin, Users.UserPassword,                     
            FROM Users, UserGroups
            WHERE 0=0
            AND Users.UserID=UserGroups.UserID
            AND Users.UserLogin='#Form.username#'
            AND Users.UserPassword ='#Form.password#'
            <!--- SECTION 3: User has submitted a valid name and password --->
            <cfif qValidLogin.RecordCount>
            <!--- Use <cfloginuser> here to identify the user to for access into site --->
            <cfloginuser name="#Form.username#" password="#Form.password#"
                  <cfset loggedin="1">      
            <!--- SECTION 4: User has submitted invalid name and/or password,
                    so show the form again with error message --->
            <cfinclude template="webroot/loginerror.cfm">


Name:                  login.cfm
Purpose:            Display login form

<cfif isDefined("Variables.loggedin") AND GetFileFromPath(CGI.script_name) IS "logindump.cfm">
      <cflocation url="index.cfm" addtoken="no">



<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<cfparam name="errorMessage" default="">

<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">
<td width="275">
<!--- This is the login form --->
<cfform name="loginform" action="#CGI.script_name#" method="Post" format="flash" style="background-color:##4696CB;" skin="haloBlue" height="135" width="310">

<table cellspacing="0" cellpadding="3">

<td id="email">       
<cfformgroup type="panel" label="Please Log in" style="headerColors:##D6EFFE, ##D6EFFE; fontSize:12; text-align: left;">

<cfinput name="username"  
      message="An email is required"
      width="50" />

<td id="password">
<cfinput name="password" title="Password"
      message="A password is required"



Question by:selms
    LVL 24

    Expert Comment

    Try this:
    <cfset string="A1$Bc@3D">
    <cfset strong=false>

    <cfif len(trim(string)) is 8 and ReFind("[a-z]",string) and ReFind("[A-Z]",string) and ReFind("([^[a-zA-Z]]*)",string)>
    <cfset strong=true>


    I didn't read your post but this will tell you if you have lowercase AND uppercase AND other characters in string

    Author Comment

    Sorry it's late in the day... do I put it in the Application.cfm or login.cfm ????????????
    LVL 24

    Accepted Solution

    You have a form for users to login.
    This code goes on the form action page where you have form variables.
    Like before your query that checks for valid username - password

    <cfif NOT(len(trim(Form.password)) is 8 and ReFind("[a-z]",Form.password) and ReFind("[A-Z]",Form.password) and ReFind("([^[a-zA-Z]]*)",Form.password))>
    <cfinclude template="webroot/loginerror.cfm">

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now