-3

I'm trying to create a regex for my password validation in PHP. What I want is not at least 2 of both lowercase letter, uppercase letter, number and symbols, but at least one category from these three categories, for example, "Rose" would work, "Rose456" would also work, and "rose456" will work, "Rose456!" will also work.

Thank you so much!

user3639203
  • 11
  • 1
  • 3
  • 3
    [relevant xkcd](http://xkcd.com/936/); what have you tried? – Sam May 15 '14 at 17:39
  • Please do a search before asking. This question gets asked a _LOT_. e.g. See: [Regular expression for a string that must contain minimum 14 characters, where at minimum 2 are numbers, and at minimum 6 are letters](http://stackoverflow.com/a/5527428/433790) - there are many other answers here as well. – ridgerunner May 15 '14 at 17:50
  • "at least one of these" so basically any password so long as is not composed entirely of symbols? Why enforce *any* password policy at all? – Sammitch May 15 '14 at 18:20
  • @ridgerunner yeah..1 category of these three doesn't make any sense..I did do some research, but the example you give is basic asked for at least one of each, what I'm trying to do here is at least two of the three categories, so I'm kind of confused here – user3639203 May 15 '14 at 18:45
  • @Sammitch Yes, you are right, I didn't think it through..I just started to learn php and this is one of my exercise..I should say at least 2 categories from uppercase letter, lowercase letter, number and symbols? – user3639203 May 15 '14 at 18:46
  • Ok, I missed your multi-category requirements. In that case take a look at this one: [Password checking RegEx that matches multiple criteria](http://stackoverflow.com/a/13354788/433790). Not as pretty, but it _can_ be done in a single regex. – ridgerunner May 15 '14 at 19:03
  • You're welcome. And remember that the search tool is your friend! (_LOTs_ of good info here on StackOverfow...) – ridgerunner May 15 '14 at 21:51

2 Answers2

4

It is much simpler to separately validate individual password requirements than to create a single uber-expression to validate everything all at once.

if(
  // mandatory matches
  strlen($password) > $minlength   &&     // enforce length
  preg_match('/[a-z]/', $password) &&     // contains lowercase
  preg_match('/[A-Z]/', $password)        // contains uppercase
) {
    $passed_count = 0;
    if( preg_match('/[0-9]/', $password) ) { $passed_count++; }  // contains digit
    if( preg_match('/[^a-zA-Z0-9]/', $password) ) { $passed_count++; }  // contains symbol
    if( $passed_count > $min_passed ) {
        // valid password
    }
}

edited to illustrate mandatory/optional checks

shareef
  • 9,255
  • 13
  • 58
  • 89
Sammitch
  • 30,782
  • 7
  • 50
  • 77
0

So... you want either a lowercase letter, or an uppercase letter, or a number? In that case, /[a-zA-Z0-9]/ would suffice. You could even do /\w/ if you include underscores as well. But I can't really see how you're planning to use this.

Joel Hinz
  • 24,719
  • 6
  • 62
  • 75
  • What about at least 2 of the three categories? You are right..It doesn't make sense to use only one of these..I just started to learn php, and I'm just trying to do this as part of my learning.. thank you so much – user3639203 May 15 '14 at 18:42
  • Or maybe it's better to say : password contains at least 2 of the following: lowercase letters, uppercase letters, numbers, symbols?I did a lot of search online but it seems that most of them are basically requiring at least one of each of lowercase letters, uppercase letters, numbers, symbols. Thank you very much for the help! – user3639203 May 15 '14 at 18:51
  • 1
    Personally, I think that it's the responsibility of every person to keep their passwords safe. It's not _that_ much harder for a computer to guess that the password is "K1tt3n" instead of "kitten". If anything, longer passwords are stronger. I usually just cap min length at six characters or so. – Joel Hinz May 15 '14 at 19:00