ACFE user frontend form : security rules

  • Resolved 1Spirit23

    (@1spirit23)


    4 years, 6 months ago

    Hello,

    We use ACFE to create a user account form on the frontend that allows – among other things – subscribers to change their password. It works very well but we notice that few or no security checks are done during the input. We would like to :

    – Force the user to enter a strong password (using the native functions of WordPress if possible)
    – Check the security level of the password on the fly

    and, ideally, send an email to the subscriber to confirm the password change.

    I’m not used to this kind of changes at all: I’m looking for tips and good practices to follow on this subject.

    And by the way, I would like to know if you have already considered adding this kind of functions on future versions of ACF Extended?

    Thanks a lot in advance!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Konrad Chmielewski

    (@hwk-fr)

    4 years, 6 months ago

    Hello,

    Thanks for the feedback!

    ACF Extended is just like ACF, a toolbox for developers. It won’t force any kind of minimal password strength in the ACF Password Field. If you want to define additional validation on your field, you can achieve that using the acf/validate_value hook. See documentation.

    Regarding your question about a password strength checker, WordPress use the zxcvbn JS library for its User Profile screen. Here is an article that will explain you how to use the builtin WordPress JS password strength checker.

    If you want to implement it in PHP, you’ll have to use the zxcvbn-php library.

    I have a feature request in the backlog that ask for such builtin setting within the ACF Password Field. I’ll see if that I manage to implement it in the future.

    Regarding the Email sent after the password change, well you can achieve that using the ACFE Form User Action, and check if the password was change then send an email using the wp_mail() function for example. See documentation.

    Hope it helps!

    Have a nice day!

    Regards.

    Thread Starter 1Spirit23

    (@1spirit23)

    4 years, 6 months ago

    Hi again and thank you for your detailed answer: I will soon dig into this!

    Best regards & have a nice day!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘ACFE user frontend form : security rules’ is closed to new replies.