3

I am using preg match to validate password as:

(preg_match("/^.*(?=.{5,}).*$/", $password)

which accept special characters too.

but for some reason, i need to modify it which should accept

  • only alphanumeric
  • minimum 5 characters long
  • and very important that it must not have any repeating or incremental characters like: aaaa or 12345 or abc123 etc

.

sohal07
  • 440
  • 8
  • 21
  • 3
    Repeating can be detected with regex, but not for incremental... And restricting the password to alphanumeric only is a **very bad** idea. – nhahtdh Apr 27 '13 at 12:05
  • Another thing - there are many types of "incremental" - `abc` is incremental according to English alphabet, but there is also "incremental" according to the keyboard: `qwerty` which is top row of keyboard or `asdf` which is the main row of the keyboard. According to your scheme `qwerty` will be accepted, while `correcthorsebatterystaple` (http://xkcd.com/936/) will be rejected. – nhahtdh Apr 27 '13 at 13:03
  • thanks nhahtdh..... i meant to say incremental numbers like 12345.....so on and – sohal07 Apr 27 '13 at 14:09
  • series of alphabetics like aaaaa or bbbbb......etc – sohal07 Apr 27 '13 at 14:10
  • @sohal07 you may very well benefit from reading [Reference - Password Validation](https://stackoverflow.com/questions/48345922/reference-password-validation) – ctwheels Feb 13 '18 at 18:26

2 Answers2

6
if (preg_match(
    '%^           # Start of string
    (?!.*(.)\1)   # Assert no repeated characters
                  # Assert no sequential digits/characters
    (?!.*(?:01|12|23|34|45|56|67|78|89|90|
            ab|bc|cd|de|ef|fg|gh|hi|ij|jk|
            kl|lm|mn|no|op|pq|qr|rs|st|tu|
            uv|vw|wx|xy|yz))
    [a-z0-9]{5,}  # Match at least five alnum characters
    $             # End of string%ix', 
    $password)) {
    # Successful match
    }
Tim Pietzcker
  • 328,213
  • 58
  • 503
  • 561
  • it worked exactly what i wanted to be.....i just changed the pairs of characters to triple....thanx again. – sohal07 Apr 27 '13 at 14:08
  • @sohal07: Do note that this solution will reject `01JOMflsjdsf` due to `01` appearing - you need to generate the "incremental" sequences of length 3 or more by string concatenation. – nhahtdh Apr 27 '13 at 14:12
  • another quicj question... wat about if i need to accept sohaal1 ??? i rejects because there are two continuous letters 'a'.... – sohal07 Apr 27 '13 at 14:18
  • 1
    @sohal07: Of course - if you remove the check for repeated characters, then it won't reject `aaaaa`. If you want to make the check stricter (i. e. only reject triples and up but allow doubles), then use `(?!.*(.)\1{2})` instead of `(?!.*(.)\1)`. – Tim Pietzcker Apr 27 '13 at 15:15
  • @TimPietzcker *(or anybody)* how would I go about getting this to work with the `$matches` parameters so that I could display the characters that are in violation of the pattern? – Abela Mar 23 '19 at 09:06
  • 1
    It's probably impossible to do it at the same time as the general check because that will stop at the first match it finds, and you would want to display all the offensive substrings. But you could do a second pass on the failed strings and search for `(.*)\1+|01|12|23|...\yz` and display those matches. – Tim Pietzcker Mar 23 '19 at 11:40
0

expanding on @TimPietzcker and he should take all credit. So be sure to upvote his answer. But I needed this:

no triple repeated characters

no triple incremental characters / digits

because double incremental characters is odd, you won't even notice you did it.

E.g. test4x3x6 should work right? wrong, st is an incremental character. This will just drive your users crazy.

So I used this:

function is_password_strong($password){
  $preg_res = preg_match(
      '%^           # Start of string
    (?!.*(.)\1{2})   # Assert no triple repeated characters
                  # Assert no sequential digits/characters
    (?!.*(?:012|123|234|345|456|567|678|789|890|
            abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|
            klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|
            uvw|vwx|wxy|xyz))
    .{8,}  # Match at least 8 characters
    $             # End of string%ix',
      $password);

  if ($preg_res) {

    return true;
  }else{
    return false;
  }
}
Toskan
  • 13,911
  • 14
  • 95
  • 185