[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

My login form works, how do I enforce Strong Password?


There are two files below;  the first is the Application.cfm which includes logindump.cfm to check the password against a database.  If they get a green light, logindump directs them to index.cfm.

Please note:   the login form is a FLASH FORM.

How do I incorporate a Strong Password (8 char +upper + lowercase + special character) verification into this code????

THANKS IN ADVANCE!!!!


<!---//--------------------------------------------------------------------
Name:                     Application.cfm
Purpose:            Display login form
---------------------------------------------------------------------//--->

<cfapplication name="MyApplication">


<!--- Datasource Name--->
<cfset DSN="MyApplication">

<!--- LOGIN SECTION --->
<cflogin>

      <!--- SECTION 1: If not logged in, include the login form--->
      <cfif NOT isDefined("Form.username")>      
            <cfinclude template="webroot/logindump.cfm">
            <cfabort>
      <cfelse>
      
            
            <!--- SECTION 2:User submitted name, password, check for match --->
            <cfquery name="qValidLogin" datasource="#Variables.dsn#">
            SELECT Users.UserID, Users.UserLogin, Users.UserPassword,                     
            UserGroups.UserRoleID
            FROM Users, UserGroups
            
            WHERE 0=0
            AND Users.UserID=UserGroups.UserID
            AND Users.UserLogin='#Form.username#'
            AND Users.UserPassword ='#Form.password#'
            </cfquery>
            
            
            <!--- SECTION 3: User has submitted a valid name and password --->
            <cfif qValidLogin.RecordCount>
            
            <!--- Use <cfloginuser> here to identify the user to for access into site --->
            <cfloginuser name="#Form.username#" password="#Form.password#"
            roles="#qValidLogin.UserRoleID#">
                  
                  <cfset loggedin="1">      
                  
                                    
            <!--- SECTION 4: User has submitted invalid name and/or password,
                    so show the form again with error message --->
            <cfelse>
            <cfinclude template="webroot/loginerror.cfm">
                  <cfabort>
                  
            </cfif>
</cfif>            

</cflogin>







<!---//--------------------------------------------------------------------
Name:                  login.cfm
Purpose:            Display login form
---------------------------------------------------------------------//--->


<cfif isDefined("Variables.loggedin") AND GetFileFromPath(CGI.script_name) IS "logindump.cfm">
      <cflocation url="index.cfm" addtoken="no">
</cfif>


<html>
<head>
  <title>Login</title>

</head>
 

<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<cfparam name="errorMessage" default="">


<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
 
<td width="275">
      
<!--- This is the login form --->
<cfform name="loginform" action="#CGI.script_name#" method="Post" format="flash" style="background-color:##4696CB;" skin="haloBlue" height="135" width="310">

<table cellspacing="0" cellpadding="3">
<tr>

<td id="email">       
<cfformgroup type="panel" label="Please Log in" style="headerColors:##D6EFFE, ##D6EFFE; fontSize:12; text-align: left;">

<cfinput name="username"  
      title="Email"
      type="text"                               
      required="yes"
      validate="email"
      message="An email is required"
      label="email"
      size="20"  
      id="email"
      width="50" />
</td>
</tr>            

<tr>
<td id="password">
<cfinput name="password" title="Password"
      type="password"  
      required="yes"
      message="A password is required"
      label="password"
      size="20"  
      id="password"
      width="100"/>
</td>
</tr>

</table>
</cfformgroup>
</cfform>


</td>
</tr>  
</table>


</body>
</html>
0
selms
Asked:
selms
  • 2
1 Solution
 
dgrafxCommented:
Try this:
<cfset string="A1$Bc@3D">
<cfset strong=false>

<cfif len(trim(string)) is 8 and ReFind("[a-z]",string) and ReFind("[A-Z]",string) and ReFind("([^[a-zA-Z]]*)",string)>
<cfset strong=true>
</cfif>

#strong#

I didn't read your post but this will tell you if you have lowercase AND uppercase AND other characters in string
0
 
selmsAuthor Commented:
Sorry it's late in the day... do I put it in the Application.cfm or login.cfm ????????????
0
 
dgrafxCommented:
You have a form for users to login.
This code goes on the form action page where you have form variables.
Like before your query that checks for valid username - password

<cfif NOT(len(trim(Form.password)) is 8 and ReFind("[a-z]",Form.password) and ReFind("[A-Z]",Form.password) and ReFind("([^[a-zA-Z]]*)",Form.password))>
<cfinclude template="webroot/loginerror.cfm">
<cfabort>
</cfif>
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now