fix(security): resolve F-07 — standardize password policy to Password::defaults()

src/app/Http/Controllers/AdminController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Validation\Rules\Password;
 
 class AdminController extends Controller
 {
@@ -95,8 +96,8 @@ class AdminController extends Controller
                 $validated = $request->validate([
                     'name' => 'required|string|min:5|max:255|unique:users,name',
                     'email' => 'nullable|string|email|max:255|unique:users,email',
-                    'password' => 'required|string|min:6|confirmed',
-                    'access_level' => 'required|integer', // e.g., 1 = admin, 2 = normal user
+                    'password' => ['required', 'confirmed', Password::defaults()],
+                    'access_level' => 'required|integer',
                 ]);
 
                 DB::table('users')->insert([
@@ -226,7 +227,7 @@ class AdminController extends Controller
         try{
             
             $validated = $request->validate([
-               'password' => 'required|string|min:6|confirmed',
+               'password' => ['required', 'confirmed', Password::defaults()],
            
             ]);