## Overview
The UserSpice password meter is a real-time password strength validation system with two main features:
1. Visual Password Meter - Provides immediate feedback on password requirements
2. Rule Enforcement - Optional server-side validation of password rules
## Configuration Options
The following items can be configured on the UserSpice Dashboard's Registration & Password Page
### Core Settings
1. Show Password Meter (meter_active)
- Enables/disables the visual password guidance system
- When enabled, shows users real-time feedback on password requirements
2. Enforce Password Rules (enforce_rules)
- Enables server-side validation of password rules
- Only works when password meter is active
- Disables submit button on join forms until all conditions are met
### Password Requirements
1. Character Requirements
- Minimum Length (min_length): Minimum number of characters required
- Maximum Length (max_length): Maximum number of characters allowed
- Require Numbers (require_numbers): Must contain at least one number
- Require Uppercase (require_uppercase): Must contain at least one capital letter
- Require Lowercase (require_lowercase): Must contain at least one lowercase letter
- Require Symbols (require_symbols): Must contain at least one special character
### Scoring System
The password strength is calculated using a point-based system:
1. Basic Character Type Scores
- Number Score (number_score): Points for including numbers
- Uppercase Letter Score (uppercase_score): Points for uppercase letters
- Lowercase Letter Score (lowercase_score): Points for lowercase letters
- Symbol Score (symbol_score): Points for special characters
2. Length Bonus Scores
- Greater than 8 characters (greater_eight): Bonus points
- Greater than 12 characters (greater_twelve): Additional bonus points
- Greater than 16 characters (greater_sixteen): Additional bonus points
3. Minimum Score Requirement (min_score)
- Default recommended setting: 75
- Scores above 100 are rounded down to 100
- Special condition: Scores >75 without required capitals/symbols are reduced to 74
## Implementation Example
To implement the password meter in a form:
// Check if password meter is active
if(!isset($pw_settings)){ $pw_settings = $db->query("SELECT * FROM us_password_strength")->first();
}
if ($pw_settings->meter_active == 1) {
// Include the password meter
if (file_exists($abs_us_root . $us_url_root . 'usersc/includes/password_meter.php')) {
include($abs_us_root . $us_url_root . 'usersc/includes/password_meter.php');
} else {
include($abs_us_root . $us_url_root . 'users/includes/password_meter.php');
}
}
## JavaScript Integration
The password meter uses JavaScript for real-time validation:
// Function parameters:
// passwordSelector: ID of password input field
// confirmSelector: ID of confirm password field
// submitButtonId: ID of submit button
## Visual Feedback
The meter provides visual feedback using:
- Check marks for met requirements
- X marks for unmet requirements
- Color-coded strength indicator:
- Red: Very weak (< min_score/4)
- Yellow: Weak (< min_score/2)
- Blue: Medium (< min_score)
- Green: Strong (? min_score)
## Security Notes
1. The system performs both client-side (JavaScript) and server-side validation when enforce_rules is enabled
2. The submit button is only disabled on join forms to prevent unintended consequences on other forms
3. Password score calculations consider both character variety and length
4. Server-side validation prevents JavaScript manipulation attempts
## Best Practices
1. Keep minimum score at 75 or higher for secure passwords
2. Enable both meter and enforcement for maximum security
3. Require a mix of character types (uppercase, lowercase, numbers, symbols)
4. Set reasonable minimum (8+) and maximum lengths
5. Consider customizing scoring based on your security requirements
This system provides a robust way to ensure password strength while giving users immediate feedback on their password choices.
If you would like to put a mini score on a random input field to show password strength without doing the full meter, you can download an example from https://userspice.com/pw-test.zip.