0

Working on code similar to this previous post but for passwords ($email is now $password). Trying have validation check to see if password field has at least one number, one lowercase letter, one uppercase letter, and one of the symbols !@#$%^&*

PHP-side validation uses regex

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*])[a-zA-Z\d!@#$%^&*]{6,20}$/

which works fine. However for js validation I'm using this for "if password does not contain one of each"

if (preg_match('/([^a-z]{1})([^A-Z]{1})(^\d{1})([^!@#$%^&*]{1})+/', $password, $matches)) {
echo 'Password must contain _, _, _';

Total beginner and very confused.

Qwerty
  • 75
  • 8
  • 1
    The simplest thing to do is just toss this. It doesn't improve password security, is annoying to users and incomprehensible gibberish to anyone trying to maintain this code later. – pvg Sep 30 '17 at 04:08

1 Answers1

1

Why don't you use the same regex pattern in js too??

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*])[a-zA-Z\d!@#$%^&*]{6,20}$/

This would work fine in js as well. If only you need to see if password does not contain one of each use a negation as 

if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*])[a-zA-Z\d!@#$%^&*]{6,20}$/', $password, $matches)) {
echo 'Password must contain _, _, _';
Rajeev Ranjan
  • 3,588
  • 6
  • 28
  • 52
  • was testing out code and did this while waiting. Set as if true do nothing and else show the echo and works perfectly – Qwerty Sep 30 '17 at 04:34
  • You could replace the quantifier `{6,20}` by a `+` if you need to do the length check separately (this being a character validation only as per the message). – Rajeev Ranjan Sep 30 '17 at 04:46