Commonly password are vulnerable for user setup with weak passwords which attacker and exploit hack into their account. To prevent user using very simple/regular passwords like "qwerty" , "123456" , "admin" etc...Laravel have no built in function to check these kind of password but you can validate with regular expression. Another way you can use "unicodeveloper/laravel-password" package which provide easily setup and can prevent user from using weak password.
So let's get into the topic and follow the steps below:
NOTE: Well tested in Laravel 9
First we are going to install Laravel and we need to use database because we need table to store registerd users. To install Laravel project and connect to database you can read this short article.
Install the latest package required composer installed and run to following command
composer require unicodeveloper/laravel-password
For those who use Laravel < 5.5 you have to register class in service provider. Open the file and add the following to array providers
Open file app -> config.php
'providers' => [
....
Unicodeveloper\DumbPassword\DumbPasswordServiceProvider::class
]
If you already configure connection to database then run following command to create tables in database.
php artisan migrate
This step we will run following command to create auth scaffold which are login, register page.
Install Laravel UI:
composer require laravel/ui:*
Add Auth Bootstrap UI Scaffold:
php artisan ui bootstrap --auth
If you don't care how UI formed with bootstrap you may skip the below.
To able run command npm
you have to install node.js, in my case I use version v17.4.0, the command will compile css and javascript for layout authentication page. By default Laravel 9 will use vite plugin I will install Laravel mix instead
Open file package.json you may update following object to install laravel mix
"scripts": {
"dev": "npm run development",
"development": "mix"
},
Then command in terminal
npm install laravel-mix@latest --save-dev
npm install
npm run dev
Next we are going to use validate rule from the package with password validation in RegisterController with function validator()
. The rule that we are going to use is dumbpwd
Open file App -> Http -> Controllers -> Auth -> RegisterController.php
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use App\Models\User;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Validator;
class RegisterController extends Controller
{
use RegistersUsers;
protected $redirectTo = RouteServiceProvider::HOME;
public function __construct()
{
$this->middleware('guest');
}
protected function validator(array $data)
{
return Validator::make($data, [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => ['required', 'string', 'min:6', 'confirmed','dumbpwd'],
]);
}
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
}
}
That's done! if you want to change default message "This password is just too common. Please try another!" . You can customized error message in file below. Modified and add an array below.
Open file lang -> en -> validation.php
'dumbpwd' => 'You are using a weak password'
Now we are going to test the application, we are using following command to start server.
php artisan serve
Open your browser naviaged to URL http://localhost:8000/register and try to register with common password which easily to guess.
You might Also Like:
As the founder and passionate educator behind this platform, I’m dedicated to sharing practical knowledge in programming to help you grow. Whether you’re a beginner exploring Machine Learning, PHP, Laravel, Python, Java, or Android Development, you’ll find tutorials here that are simple, accessible, and easy to understand. My mission is to make learning enjoyable and effective for everyone. Dive in, start learning, and don’t forget to follow along for more tips and insights!. Follow him