1

I need to apply password complexity rules as follows:

  • min 8 characters
  • at least 1 uppercase
  • at least 1 lowercase
  • at least 1 digit
  • at least 1 special character
  • no character sequence like qwerty, asdf

I tried this

function valid_pass($password) {
    if (!preg_match_all('$\S*(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$', $password))
        return FALSE;
    return TRUE;
}

if(valid_pass($password))
    echo "$password is a valid password<br />";
else echo "$password is NOT a valid password<br />";

It works for all the rules except the character sequence. How can I fix this?

halfer
  • 19,824
  • 17
  • 99
  • 186
Passionate Coder
  • 7,154
  • 2
  • 19
  • 44
  • 3
    "no character sequence like qwerty, asdf". Are 'sdfg','dfgh', etc, etc... allowed? – sinisake Nov 28 '16 at 10:06
  • 1
    Possible duplicate of [Complex password Regular expression](http://stackoverflow.com/questions/3466850/complex-password-regular-expression) – Zagonine Nov 28 '16 at 10:07
  • 3
    Every time I'm faced to a password validator like this I end up with something like `ABCabc123` because my original 20-char passphrase is not considered safe enough. *sigh* – Álvaro González Nov 28 '16 at 10:08
  • 2
    Add a negative lookahead or even better maintain a list of forbidden sequences and use a simple stripos(). There's no need to overcomplicate this regex. – HamZa Nov 28 '16 at 10:08
  • 3
    Are you planning to do this for every keyboard layout? Tbh, personally, wouldn't bother. Even what you've currently got seems too much. – Jonnix Nov 28 '16 at 10:09
  • 2
    Where, in your code, do you think it is looking for "the character sequence"? As far as I can see, you have not attempted to solve the problem, not that your solution has failed. – symcbean Nov 28 '16 at 10:14

0 Answers0