Forums | Mahara Community
Support
/
Default password requirements
08 March 2010, 21:03
Is there a way to change the password requirement for Mahara users? I know strong passwords are good but there is always a security/usability tradeoff and it is nice to have the choice. It is annoying that Moodle and Mahara have different password policies too.08 March 2010, 21:16
Alistair,
The Mahara password policy is defined for "internal" in /auth/internal/lib.php:
public function is_password_valid($password) {
if (!preg_match('/^[a-zA-Z0-9 ~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{6,}$/', $password)) {
return false;
}
// The password must have at least one digit and two letters in it
if (!preg_match('/[0-9]/', $password)) {
return false;
}
$password = preg_replace('/[a-zA-Z]/', "\0", $password);
if (substr_count($password, "\0") < 2) {
return false;
}
return true;
You could edit these conditions to suit your requirements.
In Moodle, you can set the password policy in Security > Site Policies.
08 March 2010, 22:16
That is what I needed to know.
Thanks Steve, you have been very helpful.