This function checks a plain text password to make sure it meets our minimum complexity requirements.

Complexity requirement is based on NIST minimum requirements, which stresses length over arbitrarily complicated rules. This is why our complexity rules are faily basic.

Returns TRUE if password satisfies complexity.

Returns FALSE if it does not.

File

includes/password.inc, line 355

Secure password hashing functions for user authentication.

Code

function password_validate_complexity($plain_text_password) {


  // At least 1 text character
  // At least 1 non-character number
  // At least 12 characters in length
  // No digit or text character can appear more than twice in a row.

  $pattern = '/^(?=.*\D)(?=.*\d)(?!.*(.)\1\1).{12,}$/';
  return preg_match($pattern, $plain_text_password);

}