Need to improve logic of password system

Question

So I've got this basic password system going, and so far, I've sorted out my length checker code (in my system, password can only be between 6 and 12 characters long.)

However, the strength checker is more complicated, because I want to sort passwords into three categories, WEAK, STRONG, and MEDIUM. The categories are determined by the types of characters in the password, so "alpha" would be WEAK, "Alpha" would be MEDIUM, and "Alpha1234" would be STRONG.

If the password strength is WEAK, I want the program to prompt the user to go back and enter another password, if the strength is MEDIUM, then I give the user the option to either enter another password or keep the one they entered, and if the strength is STRONG, the the password is kept automatically

So far, I've written three arrays which define the character sets:

public static String[] uppercase = {"A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"};

public static String[] lowercase = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"};

public static int[] numbers; {
    numbers  = new int[10];
    numbers[0] = 0;
    numbers[1] = 1;
    numbers[2] = 2;
    numbers[3] = 3;
    numbers[4] = 4;
    numbers[5] = 5;
    numbers[6] = 6;
    numbers[7] = 7;
    numbers[8] = 8;
    numbers[9] = 9;
}

Here are the character checker methods:

public static boolean containsUppercase(String p) {
    for (int i=0; i < p.length(); i++) {
        for (int j = 0; j < uppercase.length; j++) {
            if (Character.toString(p.charAt(i)).equals(uppercase[j])) {
                return true;
            }
        }
    }
 return false;
}
public static boolean containsLowercase(String p) {
    for (int i=0; i < p.length(); i++) {
        for (int j = 0; j < lowercase.length; j++) {
            if (Character.toString(p.charAt(i)).equals(lowercase[j])) {
                return true;
            }
        }
    }
 return false;
}
public static boolean containsNumbers(String p) {
    for (int i=0; i < p.length(); i++) {
        for (int j = 0; j < numbers.length; j++) {
            if (Character.toString(p.charAt(i)).equals(numbers[j])) {
                return true;
            }
        }
    }
 return false;
}

And here are the password strength checkers:

if ((containsUppercase(password)) || (containsLowercase(password)) || (containsNumbers(password))) {
            JOptionPane.showMessageDialog(null, "Your password strength is WEAK. You must enter another password");
            passwordreenter = 0;
        } 
        if ((containsUppercase(password) && (containsLowercase(password)) || (containsUppercase(password)) && (containsNumbers(password)) || (containsLowercase(password)) && (containsNumbers(password)))) {
            passwordreenter = JOptionPane.showConfirmDialog(null, "Your password strength is MEDIUM. Would you like to enter another password anyway?");
            System.out.println(passwordreenter);
        } 
        if ((containsUppercase(password)) && (containsLowercase(password) && (containsNumbers(password)))) {
            JOptionPane.showMessageDialog(null, "Your password strength is STRONG. The program will now close");
            System.exit(0);
        }

When I run the program, how to I get it to go straight to the correct password strength, as right now it goes through every single if statement if I enter what would be a STRONG password

Answer 1

Just replace the last 2 if statements with else. Also reorder your statements so the strong password is processed first.

Answer 2

If your password is "strong" then every check will return true, so of course every if statement is going to pass. What you're looking to do is to classify a password as "weak" if it only passes one of the checks, "medium" if it passes two checks, and "strong" if it passes all three. One way to do this is to start with an int set to 0, and increment it for every check that it passes, then use that final number in your ifs.

int level = 0;
if (containsUppercase(password)) {
    level++;
}
if (containsLowercase(password)) {
    level++;
}
if (containsNumbers(password)) {
    level++;
}

if (level <= 1) {
    JOptionPane.showMessageDialog(null, "Your password strength is WEAK. You must enter another password");
    passwordreenter = 0;
} else if (level == 2) {
    passwordreenter = JOptionPane.showConfirmDialog(null, "Your password strength is MEDIUM. Would you like to enter another password anyway?");
    System.out.println(passwordreenter);
} else if (level == 3) {
    JOptionPane.showMessageDialog(null, "Your password strength is STRONG. The program will now close");
    System.exit(0);
}

Answer 3

Your strength check logic is incorrect. If the given password contains uppercase, lowercase, and numbers, then all 3 if statements are true. You aren't using if-else statements, so they will all execute.

I'd also recommend checking out https://codereview.stackexchange.com/; they can help clean up your code.

Answer 4

public static void main(String[] args) {
    String password = "A";
    String passwordStrength = "";
    if(password.length() >= 6 && password.length() <= 12)
        passwordStrength= passStrength(password);

}

public static String passStrength(String password) {
    String[] desc = new String[3];
    desc[0] = "Weak";
    desc[1] = "Medium";
    desc[2] = "Strong";



    int score   = -1;


            String pattern = "(.*)(\\d+)(.*)";
            Pattern r = Pattern.compile(pattern);
            Matcher m = r.matcher(password);
            if(m.find( )) score++;

            pattern = "(.*)([a-z]+)(.*)";
            r = Pattern.compile(pattern);
            m = r.matcher(password);
            if(m.find( )) score++;

            pattern = "(.*)([A-Z]+)(.*)";
            r = Pattern.compile(pattern);
            m = r.matcher(password);
            if(m.find( )) score++;

            return desc[score];

}