We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


My login form works, how do I enforce Strong Password?

selms asked
Medium Priority
Last Modified: 2013-12-24

There are two files below;  the first is the Application.cfm which includes logindump.cfm to check the password against a database.  If they get a green light, logindump directs them to index.cfm.

Please note:   the login form is a FLASH FORM.

How do I incorporate a Strong Password (8 char +upper + lowercase + special character) verification into this code????


Name:                     Application.cfm
Purpose:            Display login form

<cfapplication name="MyApplication">

<!--- Datasource Name--->
<cfset DSN="MyApplication">

<!--- LOGIN SECTION --->

      <!--- SECTION 1: If not logged in, include the login form--->
      <cfif NOT isDefined("Form.username")>      
            <cfinclude template="webroot/logindump.cfm">
            <!--- SECTION 2:User submitted name, password, check for match --->
            <cfquery name="qValidLogin" datasource="#Variables.dsn#">
            SELECT Users.UserID, Users.UserLogin, Users.UserPassword,                     
            FROM Users, UserGroups
            WHERE 0=0
            AND Users.UserID=UserGroups.UserID
            AND Users.UserLogin='#Form.username#'
            AND Users.UserPassword ='#Form.password#'
            <!--- SECTION 3: User has submitted a valid name and password --->
            <cfif qValidLogin.RecordCount>
            <!--- Use <cfloginuser> here to identify the user to for access into site --->
            <cfloginuser name="#Form.username#" password="#Form.password#"
                  <cfset loggedin="1">      
            <!--- SECTION 4: User has submitted invalid name and/or password,
                    so show the form again with error message --->
            <cfinclude template="webroot/loginerror.cfm">


Name:                  login.cfm
Purpose:            Display login form

<cfif isDefined("Variables.loggedin") AND GetFileFromPath(CGI.script_name) IS "logindump.cfm">
      <cflocation url="index.cfm" addtoken="no">



<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<cfparam name="errorMessage" default="">

<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">
<td width="275">
<!--- This is the login form --->
<cfform name="loginform" action="#CGI.script_name#" method="Post" format="flash" style="background-color:##4696CB;" skin="haloBlue" height="135" width="310">

<table cellspacing="0" cellpadding="3">

<td id="email">       
<cfformgroup type="panel" label="Please Log in" style="headerColors:##D6EFFE, ##D6EFFE; fontSize:12; text-align: left;">

<cfinput name="username"  
      message="An email is required"
      width="50" />

<td id="password">
<cfinput name="password" title="Password"
      message="A password is required"



Watch Question


Try this:
<cfset string="A1$Bc@3D">
<cfset strong=false>

<cfif len(trim(string)) is 8 and ReFind("[a-z]",string) and ReFind("[A-Z]",string) and ReFind("([^[a-zA-Z]]*)",string)>
<cfset strong=true>


I didn't read your post but this will tell you if you have lowercase AND uppercase AND other characters in string


Sorry it's late in the day... do I put it in the Application.cfm or login.cfm ????????????
You have a form for users to login.
This code goes on the form action page where you have form variables.
Like before your query that checks for valid username - password

<cfif NOT(len(trim(Form.password)) is 8 and ReFind("[a-z]",Form.password) and ReFind("[A-Z]",Form.password) and ReFind("([^[a-zA-Z]]*)",Form.password))>
<cfinclude template="webroot/loginerror.cfm">

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.