CodeIgniter Validation Rules for Email and Password

Question

I was used to coding application with CodeIgniter and I'm a total newbie. I just started to learn CodeIgniter 3.0, and and reached to validation rules.

I notice that xss_clean is now gone from the validation class, so what rules should I use in the validation of email and password? Using just trim, valid_email, and required is enough for security?

Sorry if that question has been asked, but I searched around and I see old topics where people is using xss_clean.

Answer 1

Include Email Helper:

$this->load->helper('email');

For Email:

$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|xss_clean');

Or you can also use PHP Filter for email validation as

filter_var($email, FILTER_VALIDATE_EMAIL);

For Password Expression

   public function chk_password_expression($str)

    {

    if (1 !== preg_match("/^.*(?=.{6,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $str))

    {
        $this->form_validation->set_message('chk_password_expression', '%s must be at least 6 characters and must contain at least one lower case letter, one upper case letter and one digit');
        return FALSE;
    }

    else

    {
        return TRUE;
    }
} 

To call the function you should use:

$this->form_validation->set_rules(  'password', 'Password', 'trim|required|min_length[6]|max_length[15]|callback_chk_password_expression');

Note: chk_password_expression should be in same class controller or in parent class. Email helper should be included as $this->load->helper('email');