As you can probably tell, I've been working on a project to include more user-facing javascript to make the shopper more aware of what is going in the shop. Here's the next script that I was asked to create for the project;

Banned Passwords in osCommerce

Put simply, my client wanted to stop people from using passwords that are too obvious or too easy to crack. So…he found a list of passwords that Twitter has banned and wanted me to ban them also. He also wanted to ban any passwords below 6 characters and any passwords made of numbers only.

A few lines of code later (some PHP, some javascript) and this is the result;

In this example, the password used is the word "password" which is in the Twitter Banned List. If I change it to "p455w0rd", a small piece of javascript fires which checks it again and tells the shopper if it's OK or not – this is done "on the fly" as part of the form filling out process.

Note that for the purpose of this Blog Post, I changed the password input to a 2tep_draw_input_field" rather than a "tep_draw_password_field" in order to show the passwords in the images.

Note also that this script does not check for the "strength" of the password – I suppose that this could be achieved rather easily by checking if the password has at least 1 number and perhaps 1 or more upper-case characters. That may be something I blog about another time.