QREATiv | Tutorial: How to Customize the MODX Password Validator


The Goal

Create a PHP form validator that checks a password field for alphanumeric, hyphen and underscore characters only.

Profession: Web Designer
Specialties: hand-drawing
Years’ Experience: 20
Employer: Self-employed
Tutorial Details
Difficulty Level: ★★
  • Basic / Inexperienced
  • ★★ Easy / Beginner
  • ★★★ Moderate / Experienced
  • ★★★★ Difficult / Expert
  • ★★★★★ Complex / Über Geek
Skills: PHP, Regex
Tools: MODX, Login Extra
Completion Time: Less than 15 minutes
Tags: modx, password, validator, regex
Memo +

The validator should work with any text field/form, not only MODX.

This is a member-contributed tutorial. If possible, contact the author with questions or comments.

MODX Alphanumeric Password Validator

When it comes to passwords the more character options the better so I wouldn’t normally recommend imposing limits on type, but there may come a time when you want (or need) to do exactly that. Maybe it’s a personal choice or maybe your server configuration chokes on obscure characters. It’s been known to happen. For those of you who need more control over such things then with a little PHP and regex this simple validator will do three1 things:

  • Check for alphanumeric, hyphens and underscores only. Anything else will throw an error.
  • Check for a minimum length of 12 characters.*
  • Check if the first character is a letter.*

Only the first item is required, the last two are optional and can be safely disabled or removed (see below).

Register Snippet

If you’re using MODX with the Register snippet (included with the Login Extra) then there’s a built-in validator that will check the password field for any value, it doesn’t care about the type of character.

But we want to be more specific so we need to override the default behavior with our own custom validator (below) and to do that we need to create a new Snippet and pass [ [!Register] ] its name via the built-in &customValidators property.

  1. Create a new Snippet and name it alphaNumericPassword, or whatever you prefer, and copy/paste the code below:
    /* alphaNumericPassword */
    if (preg_match('/[^a-zA-Z0-9_-]/', $value)) { // NOTE: Regex checks for alphanumeric, hyphens and underscores.
        $success = false;
        $validator->addError($key, 'Alphanumeric only.');
    $success = true;
    $value = trim($value);
    if (strlen($value) < 12) { // OPTIONAL: Checks for 12 character minimum. Can be safely removed.
        $success = false;
        $validator->addError($key, 'Minimum 12 characters.');
    if (!preg_match('/^[a-z]/i', $value)) { // OPTIONAL: Checks first character for letter. Can be safely removed.
        $success = false;
        $validator->addError($key, 'Must begin with a letter.');
    return $success;
  2. Back in the [ [!Register] ] call (where your form is located) we’ll use the &customValidators property to call our custom validator alphaNumericPassword.
    [ [!Register?
    ] ]
  3. Now we need to explicitly tell [ [!Register] ] to run the custom validator alphaNumericPassword on the password field using the &validate property:
    [ [!Register?
    ] ]

Together these two properties will, when the form is submitted, alert the user to any illegal characters in the password field and thus prevent the submission from being sent. If you’re skilled in regex you can define the validator however you like.

Outside MODX

The validation snippet in Step 1 is vanilla PHP and regex, there’s nothing unique to MODX so it could probably be used with any form field with little or no modification, though I haven’t tried myself. It could also be used with FormIt (MODX) which shares many of the same properties as Register.

However, the snippets in Steps 2 and 3 are specific to MODX and will not work outside that context.

Tutorials Archive show by year/month