Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ArthurGuy's avatar

Password validation reccomendations

Hi all, I have been looking at password requirements for a couple of sites I am working on and how to perform validation on these. Ideally I want the password to confirm to several complexity requirements but I want to try and centralise this validation.

At the moment I have a signup, reset password and user profile edit page where the password can be set, this is 3 sets of validation rules.

I am thinking about creating a single password validator object and running the validate method alongside the main form validation for each of the 3 situations.

Has anyone tackled this problem before or have any good ideas? Thanks

For reference I am not using a command bus on either of these projects.

0 likes
5 replies
NoorDeen's avatar

you can make trait to hold the general rules for validating password in any form . and concat this trait rules array with your specific form rule for a password

pmall's avatar
pmall
11 years ago
Best Answer
Level 56

I think the cleanest way would be to create your own custom rules for password http://laravel.com/docs/4.2/validation#custom-validation-rules .

class CustomValidator extends Illuminate\Validation\Validator {

    public function validatePassword($attribute, $value, $parameters)
    {
      $length = $this->validateMin($attribute, $value, 8); // Minimum 8 char
      $whatever = $this->validateWhatever($attribute, $value, 'whatever parameter') // Whatever other rules

      // ... other rules

      // Return true if all rules passed
      return $length && $whatever && ...;
    }

}

Then extends the validator (in the app service provider for example)

Validator::resolver(function($translator, $data, $rules, $messages)
{
    return new CustomValidator($translator, $data, $rules, $messages);
});
2 likes
ArthurGuy's avatar

The validation rules themselves are looking good, its more how do I apply them to various forms that may require them in a consistent way.

I am using a variation of this validation method (https://github.com/laracasts/Validation) so on the controller method that handles the form submission I call $this->userValidator->validate($formData);

This means I end up having 2 or 3 different validator objects each responsible for checking the password. If there is a change such as the minimum length I don't want to update code in multiple places.

I had considered doing this type of thing

$this->passwordValidator->validate($formData); //this would then be used whenever a password is being submitted
$this->userValidator->validate($formData);

But I think @AlnourAltegani suggestion of using traits is probably the better option.

pmall's avatar

This means I end up having 2 or 3 different validator objects each responsible for checking the password. If there is a change such as the minimum length I don't want to update code in multiple places.

That's why I suggested to create your own validation rule for the password.

In your three validator service, instead of having 'password' => 'required|min:8' you use your custom validation rule for password : 'password' => 'required|password'.

This way if you change your custom rule, it is changed everywhere.

ArthurGuy's avatar

Thanks @pmall, I hadn't considered that. I was planning on using a combination of rules such as min:8|numbers|letters|case but centralising it as a single rule makes more sense

Please or to participate in this conversation.