Questioning about PasswordStrength Constraint

I would like to use the Constraint PasswordStrength to validate that the user passwords are strong enough. Ideally I would like to not create my custom PasswordStrengthValidator, but I also would like to return custom messages to help user to create a correct password if their are not strong enough (e.g tell them that the password needs uppercase, lowercase, special chars, and a given length).

But regarding the PasswordStrengthValidator I can't really understand what are the rules behind each levels


Here is the method that validate the strength in symfony/validator

    public static function estimateStrength(#\SensitiveParameter string $password): int
    {
        if (!$length = \strlen($password)) {
            return PasswordStrength::STRENGTHVERYWEAK;
        }
        $password = countchars($password, 1);
        $chars = \count($password);

        $control = $digit = $upper = $lower = $symbol = $other = 0;
        foreach ($password as $chr => $count) {
            match (true) {
                $chr < 32 || 127 === $chr => $control = 33,
                48 <= $chr && $chr <= 57 => $digit = 10,
                65 <= $chr && $chr <= 90 => $upper = 26,
                97 <= $chr && $chr <= 122 => $lower = 26,
                128 <= $chr => $other = 128,
                default => $symbol = 33,
            };
        }

        $pool = $lower + $upper + $digit + $symbol + $control + $other;
        $entropy = $chars * log($pool, 2) + ($length - $chars) * log($chars, 2);

        return match (true) {
            $entropy >= 120 => PasswordStrength::STRENGTHVERYSTRONG,
            $entropy >= 100 => PasswordStrength::STRENGTHSTRONG,
            $entropy >= 80 => PasswordStrength::STRENGTHMEDIUM,
            $entropy >= 60 => PasswordStrength::STRENGTHWEAK,
            default => PasswordStrength::STRENGTHVERYWEAK,
        };
    }
    public static function estimateStrength(#\SensitiveParameter string $password): int
    {
        if (!$length = \strlen($password)) {
            return PasswordStrength::STRENGTHVERYWEAK;
        }
        $password = countchars($password, 1);
        $chars = \count($password);


        $control = $digit = $upper = $lower = $symbol = $other = 0;
        foreach ($password as $chr => $count) {
            match (true) {
                $chr < 32 || 127 === $chr => $control = 33,
                48 <= $chr && $chr <= 57 => $digit = 10,
                65 <= $chr && $chr <= 90 => $upper = 26,
                97 <= $chr && $chr <= 122 => $lower = 26,
                128 <= $chr => $other = 128,
                default => $symbol = 33,
            };
        }


        $pool = $lower + $upper + $digit + $symbol + $control + $other;
        $entropy = $chars * log($pool, 2) + ($length - $chars) * log($chars, 2);


        return match (true) {
            $entropy >= 120 => PasswordStrength::STRENGTHVERYSTRONG,
            $entropy >= 100 => PasswordStrength::STRENGTHSTRONG,
            $entropy >= 80 => PasswordStrength::STRENGTHMEDIUM,
            $entropy >= 60 => PasswordStrength::STRENGTHWEAK,
            default => PasswordStrength::STRENGTHVERYWEAK,
        };
    }



So imagining I would like to use PasswordStrength Constraint with STRENGTH_MEDIUM what should be the prerequisite of a correct password ?

https://redd.it/1k8mzcf
@r_php

Requesting feedback on my SQL querybuilder

Throughout the years, i've developed a framework i use for personal (sometimes professional) projects. It suits most of my needs for a back-end/microservice framework, but i've grown particulairly fond of my querybuilder/ORM.

Here is the public repo: https://github.com/Sentience-Framework/sentience-v2/

For a quick look at some examples: https://github.com/Sentience-Framework/sentience-v2/blob/main/src/controllers/ExampleController.php

Database documentation: https://github.com/Sentience-Framework/sentience-v2/blob/main/documentation/documents/database.md


The feedback i'm mostly interested in, is which features you'd like to see added to the querybuilder. Security / performance / coding principle conceirns are always welcome ofcourse :)

https://redd.it/1k8ojj0
@r_php

CORS issue on PHP backend hosted on Hostinger (some APIs work in browser, some don't

Hey everyone,
I'm facing a strange CORS issue and need some help.

I have a PHP backend hosted on Hostinger.
When I test my APIs with Postman, everything works fine.
When I test from my frontend (browser), some APIs work — but some others give CORS errors on windows but all work when use Linux

After some research, I realized Postman doesn't care about CORS, but browsers do.

https://redd.it/1k8oai4
@r_php

A Week of Symfony #956 (April 21–27, 2025)
https://symfony.com/blog/a-week-of-symfony-956-april-21-27-2025?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1k8zm1n
@r_php

Effortless Laravel Reverb Deployment on a VPS: Start to Finish!
https://youtu.be/oxqNb4ppqSc

https://redd.it/1k92d40
@r_php

PHPStan: Restricted Usage Extensions – You Don't Always Need a Custom Rule!
https://phpstan.org/blog/restricted-usage-extensions-you-dont-always-need-custom-rule

https://redd.it/1k9315w
@r_php

Weekly /r/Laravel Help Thread

Ask your Laravel help questions here. To improve your chances of getting an answer from the community, here are some tips:

What steps have you taken so far?
What have you tried from the documentation?
Did you provide any error messages you are getting?
Are you able to provide instructions to replicate the issue?
Did you provide a code example?
Please don't post a screenshot of your code. Use the code block in the Reddit text editor and ensure it's formatted correctly.

For more immediate support, you can ask in the official Laravel Discord.

Thanks and welcome to the r/Laravel community!

https://redd.it/1k98qs4
@r_php

Would you prefer namespace-level privacy?

In some programming languages like Java you get more flexibility in your levels of privacy e.g.- a “protected” method can be accessed by any class in the same “package” (in PHP we use the term “namespace” instead of package but it’s the same idea).

Also a whole class itself in Java can be declared protected or private and this will affect its visibility in useful, subtle ways.

In PHP it’s possible to use attributes combined with static analysis to simulate this but it’s not as desirable as having the features built into the language.
I’m a real stickler for the defensive style of programming so that only certain classes can see/access other classes. Also, it’s good for DDD when one class can see the internal properties of another class in the same namespace (e.g.- for persistence or presentation) without needing lots of “getter” methods.

I’m interested in hearing the thoughts of the wider PHP community on this.

https://redd.it/1k9ccu0
@r_php

Question about TwigMarkup Extra bundle and league/commonmark

I am trying to put together a document from markup using the TwigExtra Markdown package with league/commonmark for the trasnpiler. I have several tables that need to be implemented from the markdown, and I need to tell commonmark to use the TableExtension. However, I cannot find a suitable piece of documentation to even start trying to figure out how to configure this. Anybody have any solutions? Thank you.

https://redd.it/1k9h798
@r_php

Weekly Ask Anything Thread

Feel free to ask any questions you think may not warrant a post. Asking for help here is also fine.

https://redd.it/1k9lvaa
@r_php

Weekly help thread

Hey there!

This subreddit isn't meant for help threads, though there's one exception to the rule: in this thread you can ask anything you want PHP related, someone will probably be able to help you out!

https://redd.it/1k9ojug
@r_php

Interviewing for a PHP & Etc. Developer without knowledge?

To cut the story short, I have a business and recently started looking for new developers for my site. My site is mostly coded in PHP, Laravel MVC, and SQL. I used to have a developer, however we are no longer in good terms anymore.

How would I go about hiring a new developer? I have no idea anything about PHP and everything, and I definitely don’t want to get ripped off by people just claiming to know PHP and such.

Note: Sorry if this is the wrong place to ask for this. Help redirect myself to the right resources. TIA!

https://redd.it/1k9pd6s
@r_php

New in Symfony 7.3: Twig Extension Attributes
https://symfony.com/blog/new-in-symfony-7-3-twig-extension-attributes?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1k9q7a3
@r_php

Distribute tests across multiple GitHub Action workers

In collaboration with u/localheinz I've build a small \#github \#actions utility workflow. It describes how to segment a projects phpunit overall test-suite and distribute the load over parallel running github actions jobs


https://github.com/staabm/phpunit-github-action-matrix

https://redd.it/1k9rdnk
@r_php

SymfonyOnline June 2025: Multi-Tenantize the Symfony components
https://symfony.com/blog/symfonyonline-june-2025-multi-tenantize-the-symfony-components?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1k9z42g
@r_php

Breaking File Layout Conventions—Does It Make Sense?


Hey everyone, I’ve been a hobbyist coder for almost 20 years and I’ve always become stuck trying to appease to everybody else’s standards and opinions.

I'm interested in hearing your thoughts on deviating from conventional file layouts. I’ve been experimenting with my own structure and want to weigh the pros and cons of breaking away from the norm.

Take traits, for example: I know they’re commonly placed in app/Traits, but I prefer separating them into app/Models/Traits and app/Livewire/Traits. It just feels cleaner to me. For instance, I have a Searchable trait that will only ever be used by a Livewire component—never a model. In my setup, it’s housed in app/Livewire/Traits, which helps me immediately identify its purpose.

To me, the logic is solid: Why group unrelated traits together when we can make it clear which context they belong to? But I know opinions might differ, and I’m curious to hear from you all—are unconventional layouts worth it, or do they just create headaches down the line?

Let me know what you think. Are there other ways you've tweaked your file structures that have worked (or backfired)?

https://redd.it/1kai52q
@r_php

HELP ME I am stuck in the email sending system of WooCommerce WordPress

My functions.php:


add_filter('woocommerce_email_classes', 'add_custom_order_status_emails');

function add_custom_order_status_emails($emails) {

$emails['WC_Email_Customer_Doi_Xac_Nhan_Order'] = include get_stylesheet_directory() . '/woocommerce/emails/class-wc-email-customer-doi-xac-nhan-order.php';

$email_admin = include get_stylesheet_directory() . '/woocommerce/emails/class-wc-email-admin-da-cap-nhat.php';

$email_customer = include get_stylesheet_directory() . '/woocommerce/emails/class-wc-email-customer-da-cap-nhat.php';

$emails['WC_Email_Admin_Updated'] = $email_admin;

$emails['WC_Email_Customer_Updated'] = $email_customer;

return $emails;

}

add_action('woocommerce_order_status_changed', 'trigger_custom_order_email', 10, 4);

function trigger_custom_order_email($order_id, $old_status, $new_status, $order) {

if ($new_status === DOI_XAC_NHAN) {

WC()->mailer()->emails['WC_Email_Customer_Doi_Xac_Nhan_Order']->trigger($order_id);

}

if ($new_status === DA_CAP_NHAT) {

$email_admin = WC()->mailer()->emails['WC_Email_Admin_Updated'];

$email_customer = WC()->mailer()->emails['WC_Email_Customer_Updated'];

}

}

theme-child structure
/woocommerce

/emails

- admin-new-order.php

- admin-updated-status.php

- class-wc-email-admin-da-cap-nhat.php

- class-wc-email-customer-da-cap-nhat.php

- class-wc-email-customer-doi-xac-nhan-order.php

- customer-awaiting-confirmation.php

- customer-updated-status.php

/plain


The issue I'm facing is that when I call trigger() to send emails, the second email gets sent but it doesn't have any CSS. I already checked under WooCommerce → Settings → Emails → Template, and my custom email templates all display the correct layout. I've asked ChatGPT and Cursor, but I still haven't been able to fix it.

And when I switched the order of these two lines, the admin email was no longer sent to the admin:
if ($new_status === DA_CAP_NHAT) {

$email_customer = WC()->mailer()->emails['WC_Email_Customer_Updated'];

$email_admin = WC()->mailer()->emails['WC_Email_Admin_Updated'];

}

My code:

file class-wc-email-admin-da-cap-nhat.php
https://textdoc.co/NJPtjVHWwc1RCoyX

file template admin-updated-status.php

https://textdoc.co/WBfPAaELgC9JKGuh

file class-wc-email-customer-da-cap-nhat.php

https://textdoc.co/tEYw4TpK9HSzZ7Gy

file template customer-updated-status.php

https://textdoc.co/KH04c6RbTdB2IMre


Link Image:
email for admin: https://postimg.cc/QH6X4KCN
email for customer: https://postimg.cc/06SPytfr

https://redd.it/1kaj41i
@r_php

New in Symfony 7.3: Slug and Twig Constraints
https://symfony.com/blog/new-in-symfony-7-3-slug-and-twig-constraints?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1kak7i1
@r_php

Solved my "one more field" client nightmare in Filament without migrations - looking for feedback

https://redd.it/1kalhrh
@r_php

Create AI Agents In PHP Powered By Google Gemini LLMs
https://inspector.dev/create-ai-agents-in-php-powered-by-google-gemini-llms/

https://redd.it/1kaosu4
@r_php

SymfonyOnline June 2025: Automate Everything with Your Personal Army of Robots
https://symfony.com/blog/symfonyonline-june-2025-automate-everything-with-your-personal-army-of-robots?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1kaon7h
@r_php