The examples on this site are currently tested to work on Phalcon V3.4 and Phalcon Devtools V3.2 Some issues may arise when using later versions.

Please get in touch or post a comment below the post if you encounter a problem.

In a modern web application it is vital that users be forced to choose a strong password. This will ensure the system being created is less vulnerable to dictionary and rainbow table attacks. Although Phalcon validation provides for regular expression matching which can be used as a way to verify that the user has chosen a strong password this process is really better done at the client-side as the user is entering the information. This distribution of the intelligence of your application allows for better performance and will also deliver a richer user experience. The  w3schools article on the link below describes how use javascript to ensure the user enters a strong password. Before you can use this code you need to correct an issue with the code generated by devtools.

Phalcon javascript issue with comments and newline characters

There is a line in the /public/index.php page (the starting point of the application) which strips newline, carriage-return and tab characters from the content generated by views. Unfortunately this line causes a number of problems for javascript code. The first issue is that any comments within javascript break your application. The second problem is that where there are multiple functions within a script block, syntax errors occur. To resolve this issue edit /public/index.php - find the following line of code and add a // in front of it to comment it out as follows:

//echo str_replace(["\n","\r","\t"], '', $application->handle()->getContent());

add a line just below this comment as follows

echo $application->handle()->getContent();

It's not clear to me at this point why it is necessary to strip out these special characters but altering the code so that they are not stripped does not appear to have any negative effects so far. If you encounter a problem related to this please post in the comment section below.

https://www.w3schools.com/howto/howto_js_password_validation.asp

To use the code from this example together with the app/views/user/new.phtml form -  do the following:

Now to ensure the form will not submit unless the password is strong. Modify the line of code which generates the submit button so it will initially be set to "disabled" - as below.

"disabled" => "true", "id"=>"save",

Add the following block of javascript code inside the onKeyup function just before the last block identifier at the end of the block

if (number.classList.contains("valid")&&
	capital.classList.contains("valid")&&
	length.classList.contains("valid")&&
	letter.classList.contains("valid")) {
	document.getElementById("save").disabled = false;
}
else {
     document.getElementById("save").disabled = true;
}

This will sure the submit button is only enabled once all criteria are met.