checking password format

Question

how to check user enterd password format. string not duplicate and use user must be choose numbers , strings (lowercase/uppercase)

hear is my code. whats my problem in preg_match?

function checkPassFormat($ip)
{
    if(preg_match('/^[a-A][0-9]/', $password))
        return TRUE;
    else 
        return FALSE;
}

Shouldn't you be telling us what the problem is and we tell you the solution? — Thorsten Dittmar, Nov 22 '12 at 07:54
this is a often asked question, did you check other questions? http://stackoverflow.com/questions/4796681/validate-password-with-preg-match-in-php e.g. — Rudolf Mühlbauer, Nov 22 '12 at 07:58

score 1 · Answer 1 · answered Nov 22 '12 at 08:08

I think this is a cute solution for the issue (you can also collect the errors and show the user a friendly message):

const SECURELEVEL_LOW = 1;
const SECURELEVEL_MEDIUM = 2;
const SECURELEVEL_HIGH = 3;
const SECURELEVEL_SERVICE = 4;

const CONTAINS_LETTERS = 1;
const CONTAINS_DIGITS = 2;
const CONTAINS_CASESENSITIVELETTERS = 4;
const CONTAINS_SPECIALCHARS = 8;

public function _isValid($value) {
    $valid = true;
    switch ($this->_options['secureLevel']) {
      case self::SECURELEVEL_SERVICE:
        $minLength = 20;
        $hasToContain = self::CONTAINS_LETTERS + self::CONTAINS_DIGITS + self::CONTAINS_CASESENSITIVELETTERS + self::CONTAINS_SPECIALCHARS;
        break;
      case self::SECURELEVEL_HIGH:
        $minLength = 8;
        $hasToContain = self::CONTAINS_LETTERS + self::CONTAINS_DIGITS + self::CONTAINS_CASESENSITIVELETTERS;
        break;
      case self::SECURELEVEL_LOW:
        $minLength = 4;
        $hasToContain = 0;
        break;
      case self::SECURELEVEL_MEDIUM:
      default:
        $minLength = 5;
        $hasToContain = self::CONTAINS_LETTERS + self::CONTAINS_DIGITS;
        break;
    }

    if (strlen($value) < $minLength) {
      $valid = false;
    }
    if (strpos($value, ' ') !== false) {
      $valid = false;
    }


    if ($hasToContain & self::CONTAINS_LETTERS) {
      // Password has to contain letters
      if (!preg_match('/[a-z]/i', $value)) {
        $valid = false;
      }
    }

    if ($hasToContain & self::CONTAINS_DIGITS) {
      // Password has to contain numbers
      if (!preg_match('/[0-9]/', $value)) {
        $valid = false;
      }
    }

    if ($hasToContain & self::CONTAINS_CASESENSITIVELETTERS) {
      // Password has to contain small and capital letters
      if (!preg_match('/[a-z]/', $value) || !preg_match('/[A-Z]/', $value)) {
        $valid = false;
      }
    }

    if ($hasToContain & self::CONTAINS_SPECIALCHARS) {
      // Password has to contain a special character
      if (!preg_match('/[^0-9a-zA-Z]/', $value)) {
        $valid = false;
      }
    }

    return $valid;
  }

Thorsten Dittmar · Answer 2 · 2012-11-22T08:00:41.413

I think [a-A] means that you're only allowing small and capital A. This should probably be [a-zA-Z]. You could also try [a-Z], but in C# for example this doesn't work as expected.

Also you probably need to say "more than one letter followed by more than one number": [a-zA-Z]+[0-9]+. That would allow for passwords like abDCkl98.

If you want to mix letters and numbers, you should do something like [a-zA-Z0-9]+. This is for passwords like a9Bdc4re.

score 0 · Answer 3 · answered Nov 22 '12 at 07:56

0

Try this:

preg_match("/^[a-zA-Z0-9]+$/", $password)

answered Nov 22 '12 at 07:56

bear

11,364
26
77
129

@Steve this definitely matches `a2`, well on PHP 5.4 is does. – bear Nov 22 '12 at 08:00
it also matches "a" but - on which security level is a password with a string length of 1 – iRaS Nov 22 '12 at 08:15

score 0 · Answer 4 · answered Nov 22 '12 at 07:56

0

Following your example, here's another option:

"/[:alpha:][:digit:]/"

answered Nov 22 '12 at 07:56

Ben

54,723
49
178
224

score 0 · Answer 5 · answered Nov 22 '12 at 07:59

0

Try out this
$pattern = "/^[a-zA-Z0-9]*$/i";
if(preg_match($pattern, $value)){           
   return true;
}else{
   return false;
}

answered Nov 22 '12 at 07:59

som

4,650
2
21
36

2

If you add `i`, you don't need `A-Z` as then comparison is case insensitive. – Thorsten Dittmar Nov 22 '12 at 08:01

checking password format

5 Answers5