Password Validation in JS using regex

Question

In the below code the first and last regex always gives "enter again" as output while the second one always gives "welcome" as output. where is the error?I'm passing values from code:<form action="homepage.php" name="myForm" method="post"> <input type="submit" name="s" value="GO" onclick="return validateForm()">
and i want to redirect to homepage.php after validation.

<script type="text/javascript">
  function validateForm() {
    var x = document.forms["myForm"]["user"].value;
    var atpos = x.indexOf("@");
    var dotpos = x.lastIndexOf(".");

    if (atpos < 1 || dotpos < atpos + 2 || dotpos + 2 >= x.length) {
      alert("Not a valid e-mail address");
      return false;
    }

    var y = document.forms["myForm"].elements["pass"].value;
    //var passw=/^.*(?=.{8,})(?=.*[a-zA-Z])(?=.*\d)(?=.*[!#$%&? "]).*$/;
    var passw = /^((?=.*[a-zA-Z])(?=.*\d)(?=.*[#@%$]).{5,10})$/;

    alert(x);
    alert(y);

    //var passw=/^[A-Za-z0-9]\w{5,10}$/; 

    if (y.match(passw)) {
      alert('Welcome')
      return true;
    } else {
      alert('enter again')
      return true;
      exit();
    }
  }
 </script>

also i forgot to mention that it takes any input as password. so that means that password validation is not working.. — Sp0T, Nov 19 '13 at 06:25
one capital letter one small letter one number and length of password between 5-10.actually length can be modified later on , but it doesn't work in any case. — Sp0T, Nov 19 '13 at 06:28
i modified my comment. it takes anything as password. even random values. if it could work for any one condition suppose accept only caps then i can modify the condition to my requirement. — Sp0T, Nov 19 '13 at 06:31
@sreepati Well what I would do is simply check if the input is empty, and require the password to be at least a certain length (with a high maximum.) A long password is probably going to be secure anyway rather than a short password with restrictions. — , Nov 19 '13 at 06:35
Maybe you should not return `true` in both cases? Also, maybe you should start indenting and formatting your code. No wonder you you lose track of how stuff works if all your code looks like this. And most of all, you should think about not forcing your users to use a "complex" password and forcing such ridiculous restrictions on them at the same time. — Tomalak, Nov 19 '13 at 06:35
actually when i copied my code into this site i lost all the indentation and formatting. i'm new to this site. and i modified my code for true and false return type. but same error is there. btw if the code could work for any one case then i can modify the regex to accept other conditions but it doesn't seem to work for any condition i try. — Sp0T, Nov 19 '13 at 06:37
The more restrictions you put for a password, the easier you make it for me to guess it. And length between 5 or 10 is just inviting hell in. (Go read http://xkcd.com/936/) — Kos, Nov 19 '13 at 08:07
[link](http://www.w3resource.com/javascript/form/password-validation.php) I found this page. and this condition **var passw = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,20}$/;** seems to work for me . though i still don't know what was wrong in my previous regex. — Sp0T, Nov 19 '13 at 08:56

score 0 · Accepted Answer · edited May 23 '17 at 10:31

Seems to me you found the first regex online and then modified it? The original regex was:

 ^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{5,10}$

Which should work correctly.

Credit to anubhava

As to why your attempts don't work:

/^.*(?=.{8,})(?=.*[a-zA-Z])(?=.*\d)(?=.*[!#$%&? "]).*$/

As far as I can tell, the only problem with this is that it doesn't restrict the length, and it doesn't check that there are capitals and lowercase ([a-zA-Z] matches any case character).

/^((?=.*[a-zA-Z])(?=.*\d)(?=.*[#@%$]).{5,10})$/

Only error I can see is that it doesn't enforce a character of each case. Like above it just requires a single letter of either case.

/^[A-Za-z0-9]\w{5,10}$/

This one says find a single character of [A-Za-z0-9], then find 5-10 word character (which are the the same except including _ i.e. [A-Za-z0-9_]). So this will match pretty much any string that is 6-11 character with no symbols, but it doesn't enforce 1 of each upper, lower and digit. It could be 0000000, aaaaaaaa, AAAAAAAA or even a______.

Password Validation in JS using regex

1 Answers1