kartik-v/yii2-password Useful password strength validation utilities for Yii Framework 2.0

extensionbootstrapauthjqueryforminputpasswordstrength

Krajee Logo
yii2-password Donate       kartikv

[![Stable Version](https://poser.pugx.org/kartik-v/yii2-password/v/stable)](https://packagist.org/packages/kartik-v/yii2-password) [![Untable Version](https://poser.pugx.org/kartik-v/yii2-password/v/unstable)](https://packagist.org/packages/kartik-v/yii2-password) [![License](https://poser.pugx.org/kartik-v/yii2-password/license)](https://packagist.org/packages/kartik-v/yii2-password) [![Total Downloads](https://poser.pugx.org/kartik-v/yii2-password/downloads)](https://packagist.org/packages/kartik-v/yii2-password) [![Monthly Downloads](https://poser.pugx.org/kartik-v/yii2-password/d/monthly)](https://packagist.org/packages/kartik-v/yii2-password) [![Daily Downloads](https://poser.pugx.org/kartik-v/yii2-password/d/daily)](https://packagist.org/packages/kartik-v/yii2-password)

This extension provides a couple of great password management utilities for Yii Framework 2.0. The extension allows password strength validation through your model. In addition, it provides an advanced password input widget, that allows you to display/hide text and show the password strength.

Release Changes

Refer the CHANGE LOG for details of various releases.

Prerequisites

  • Ensure you have the right version of jQuery loaded (> v1.9.0).
  • In case you are upgrading from an older release, its recommended that you clean up your web assets, local browser cache, and restart your browsers before using the extension.

StrengthValidator

VIEW DEMO
This is a password strength validator for your model attributes. The strength validator allows you to configure the following parameters for validating passwords or strings.

  1. Whether password contains an username
  2. Whether password contains an email string
  3. Minimum number of characters
  4. Maximum number of characters
  5. Whether spaces are allowed
  6. Minimum number of lower space characters
  7. Minimum number of upper space characters
  8. Minimum number of numeric / digit characters
  9. Minimum number of special characters
  10. Whether password is compromised and part of Have I Been Pwned lists.

Other features:

  1. Includes 5 presets (simple, normal, fair, medium, and strong). Instead of setting each parameter above, you can call a preset which will auto-set each of the parameters above.
  2. It includes both server and client validation.
  3. This can work with the PasswordInput widget (described next) as per your needs. The strength validation routines for both are a bit different. The PasswordInput widget focuses on displaying the strength only, and does not restrict the user input in any way.

NOTE: The StrengthValidator does not validate if the password field is required. You need to use Yii's required rule for this.

PasswordInput

VIEW DEMO
This is an advanced password input widget with configurable options and a dynamic strength meter based on the Strength Meter JQuery Plugin by Krajee. The widget provides various features as mentioned below:

  1. Allows you to show/ hide a password text (using bootstrap styled input addons). You can configure this option to be shown or not.
  2. Allows you to display an advanced password strength meter to calculate and show your password strength as you type.
  3. Allows you to control and position/style your meter based on templates.
  4. A password strength meter consists of the meter bar, the score, and the verdict.
  5. Uses Bootstrap 3.0 styling wherever possible with inbuilt Yii 2.0 ActiveField functionality.
  6. Works independent and complements the StrengthValidator.

Demo

You can see a demonstration here on usage of these functions with documentation and examples.

Installation

The preferred way to install this extension is through composer.

Note: Check the composer.json for this extension's requirements and dependencies. Read this web tip /wiki on setting the minimum-stability settings for your application's composer.json.

Either run

$ php composer.phar require kartik-v/yii2-password "@dev"

or add

"kartik-v/yii2-password": "@dev"

to the require section of your composer.json file.

Usage

StrengthValidator

// add this in your model
use kartik\password\StrengthValidator;

// use the validator in your model rules
public function rules() {
    return [
        [['username', 'password'], 'required'],
        [['password'], StrengthValidator::className(), 'preset'=>'normal', 'userAttribute'=>'username']
    ];
}

PasswordInput

// add this in your view
use kartik\password\PasswordInput;
use kartik\widgets\ActiveForm; // optional

$form = ActiveForm::begin(['id' => 'login-form']);
echo $form->field($model,'username');
echo $form->field($model, 'password')->widget(PasswordInput::classname(), [
    'pluginOptions' => [
        'showMeter' => true,
        'toggleMask' => false
    ]
]);

License

yii2-password is released under the BSD-3-Clause License. See the bundled LICENSE.md for details.

Changelog

Change Log: yii2-password

Version 1.5.8

Date: under development

  • (enh #80): Add new password validation for checking repeating characters.

Version 1.5.7

Date: 16-May-2022

  • PHP 8.1 enhancements for native functions.
  • (enh #79): Enhancement to input group addons for Bootstrap 5.x.

Version 1.5.6

Date: 15-Jun-2020

  • (bug #73, #74): Validate haveIBeenPwned correctly and default to false for BC.

Version 1.5.5

Date: 08-Jun-2020

  • (enh #72): Add support to check password in haveibeenpwned.com online lists.
  • (enh #71): Correct German Translations.
  • (bug #70): Correct allowSpaces.
  • (bug #69): Correct code bug (multiple and conditions).
  • (enh #66, #67, #68): Correct allowSpaces.

Version 1.5.4

Date: 07-Sep-2018

  • Add github contribution and issue/PR log templates.
  • Updates for Bootstrap v4.x.
  • Reorganize source code in src directory.
  • (enh #61): Update Russian Translations.
  • (enh #60): Add Greek Translations.
  • (enh #58): Add Ukranian Translations.
  • (enh #56): Update Portugese BR Translations.
  • (enh #54): Add Lithuanian Translations.
  • (enh #53): Add Vietnamese Translations.
  • (enh #49): Correct Html::getAttributeValue.
  • (enh #45): Add Traditional Chinese Translations.
  • (enh #44): Add Estonian Translations.
  • (enh #42): Add Serbian Translations.
  • (enh #39): Update Spanish Translations.

Version 1.5.3

Date: 10-Jan-2016

  • (enh #37): Enhance code to generate Yii localization messages via config
  • (enh #37): Validate username without attribute
    • New usernameValue property that will be used without model or usernameAttribute. If this is provided the usernameAttribute will be skipped.
  • Eliminate StrengthValidator::strError property (BC Breaking). Use the StrengthValidator::message property instead.
  • (enh #36): Add Czech translations
  • (enh #35): Model is required to have a username attribute (or userAttribute)
  • (enh #34): Enhance StrengthValidator to support validateValue
  • (enh #33): Update Russian Translations
  • (enh #32): Correct Polish Translations
  • (enh #31): Fix for short-long language code conflict
  • (enh #30): Add Hungarian Translations
  • (enh #29): Add Simplified Chinese translation
  • (enh #28): Spaces validation via new properties allowSpaces and allowSpacesError.

Version 1.5.2

Date: 14-Jul-2015

  • (enh #27): Add ability to configure multi-language widgets on same page.

Version 1.5.1

Date: 17-Jun-2015

  • (enh #26): Set composer ## Version dependencies.
  • (bug #25): Fix strength validator callback.
  • (enh #24): Improve validation to retrieve the right translation messages folder.
  • Set copyright year to current.
  • (enh #22, #23): Updated German Translations.

Version 1.5.0

Date: 12-Jan-2015

  • (bug #21): Ensure empty username check when hasUser is true.
  • Code formatting updates as per Yii2 coding style.
  • Change message file category name to begin with kv prefix.
  • (enh #17): StrengthValidator client validation fix when not using username validation.
  • (bug #16): StrengthValidator strpos empty needle error fix.
  • (enh #15): Added Portugese Brazilian translations.

Version 1.4.0

Date: 20-Nov-2014

  • (enh #14): Enhance strength client validation plugin as a better reusable component.
  • (bug #13): Fix errors in client side validation of patterns (digit, special etc.)

Version 1.3.0

Date: 10-Nov-2014

  • Set dependency on Krajee base components
  • Set release to stable

Version 1.2.0

Date: 31-Oct-2014

  • (enh #10): Spanish translations.
  • (enh #9): Polish translations.
  • (enh #8): Dutch translations.
  • (enh #7, enh #11): Validate if translation locale file exists.

Version 1.1.0

Date: 28-Feb-2014

  • (enh #6): PasswordInput widget now wraps the enhanced JQuery Strength Meter Plugin.
  • (enh #4): Fix German translations.
  • The strength meter validation routines and rendering have been enhanced and offers ability to configure most options, call events, and methods.
  • PSR4 alias change

Version 1.0.0

Initial release

Statistics

Downloads
GitHub Stars
GitHub Forks

Releases

Comments



v1.5.7 is the latest of 13 releases



BSD-3-Clause license
Stats
75 github stars & 46 github forks
66 downloads in the last day
11704 downloads in the last 30 days
801043 total downloads