14

I want to check if the user has successfully met the following requirements:

  • The password has at least 8 characters
  • Consists of one capital & one lowercase letter

How would I do this?

I am using the PHP script below:

if ( strlen( $password ) < 8 ) {
     false
} else {
   if ( preg_match( "/[^0,9]/", $password ) ) {
     // how to check the upper case and lower case
   }
}
tshepang
  • 12,111
  • 21
  • 91
  • 136
Glen Mongaya
  • 151
  • 1
  • 1
  • 7

9 Answers9

10

You can do that with a regex:

if (!preg_match('/^(?=[a-z])(?=[A-Z])[a-zA-Z]{8,}$/', $password))
{
    //error
}
John Conde
  • 217,595
  • 99
  • 455
  • 496
4

Use preg_match("/[A-Z]/") and preg_match("/[a-z]/")

Andrew Cooper
  • 32,176
  • 5
  • 81
  • 116
3
if( strlen($password) < 8 ) {
     return false;
}
if(preg_match("/[^0,9]/", $password)) {
     how to check the upper case and lower case
}
if($password == strtoupper($password) || $password == strtolower($password)){
//pass fails because its either all upcase, or lowercase
}
Tudor Constantin
  • 26,330
  • 7
  • 49
  • 72
2

You may use a password ranking technique: 

$x = "a12ASD!@#$";
$rank = Array();


$rank['length'] = strlen($x);

$matches = Array();
preg_match_all("/([a-z]+)/", $x, $matches);
$rank['lowercase'] = strlen(implode('', $matches[0]))/count($matches[0]);

$matches = Array();
preg_match_all("/([A-Z]+)/", $x, $matches);
$rank['uppercase'] = strlen(implode('', $matches[0]))/count($matches[0]);

$matches = Array();
preg_match_all("/([0-9]+)/", $x, $matches);
$rank['numbers'] = strlen(implode('', $matches[0]))/count($matches[0]);

$matches = Array();
preg_match_all("/([^a-zA-Z0-9]+)/", $x, $matches);
$rank['symbols'] = strlen(implode('', $matches[0]))/count($matches[0]);


echo "<pre>";
var_dump($rank);
echo "</pre>";
Quamis
  • 10,924
  • 12
  • 50
  • 66
  • When one is not used it returned an error about dividing by 0 due to the `/count()` function. Any idea to fix this without a mess of code? – Tarquin May 04 '16 at 00:39
  • @Tarquin: why not simply use if/else's? Not sure what you mean by "mess of code" – Quamis May 04 '16 at 09:24
  • thanks for your reply! I was struggling to apply if or else, what should I be checking as `$matches` and `$matches[0]` both return only 'Array' - I tried to use some others also but failed to get results. --- I ended up calling the function as `@function_name()` to supress errors and used an if/else to set empty variables to 0 as a patch solution. – Tarquin May 04 '16 at 23:00
1
if (
  strlen($password) >= 8) &&
  preg_match('/[A-Z]/', $password) > 0 &&
  preg_match('/[a-z]/', $password) > 0 )
{
  /* Password validation passes, do stuff. */
}
else {
  /* Password validation fails, show error. */
}
King Skippus
  • 3,801
  • 1
  • 24
  • 24
  • You don't *have* to include the "> 0", but since preg_match returns an integer and not a boolean value, I prefer to explicitly test for this condition in case they ever change it later. – King Skippus May 31 '11 at 04:03
1

You can use trim, which is actually much faster than regexp

if ( trim( $password, 'a..z') != '' && trim( $password, 'A..Z') != '' && strlen($password) >= 8 )
{
  /* Password validation passes, do stuff. */
}
else {
  /* Password validation fails, show error. */
}
ts.
  • 10,510
  • 7
  • 47
  • 73
1

To verify that a user has met the password requirements on the php side, it would be as follows.

// Given password
$password = 'user-input-pass';

// Validate password strength
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$number    = preg_match('@[0-9]@', $password);
$specialChars = preg_match('@[^\w]@', $password);

if(!$uppercase || !$lowercase || !$number || !$specialChars || mb_strlen($password) < 8) {
    echo 'Password should be at least 8 characters in length and should include at least one upper case letter, one number, and one special character.';
}else{
    echo 'Strong password.';
}

the script that I give you; check length, complexity (contain numbers, uppercase, lowercase and if you want special characters)

0
preg_match('/[a-z]/', $password) && preg_match('/[A-A]/', $password)
Sampson
  • 265,109
  • 74
  • 539
  • 565
ideawu
  • 2,287
  • 1
  • 23
  • 28
0

This function lets you set the minimum requirements by counting occurrences using the count parameter in preg_replace:

  function password_validate($password, $min_length=8, $min_lowercases=1, $min_uppercases=1, $min_numbers=1, $min_specials=0) {

    preg_replace('#[a-z]#', '', $password, -1, $lowercases);
    preg_replace('#[A-Z]#', '', $password, -1, $uppercases);
    preg_replace('#[0-9]#', '', $password, -1, $numbers);
    preg_replace('#[^\w]#', '', $password, -1, $specials);

    return (mb_strlen($password) >= $min_length && $lowercases >= $min_lowercases && $uppercases >= $min_uppercases && $numbers >= $min_numbers && $specials >= $min_specials);
  }

It can be used like this:

  if (!password_validate($new_password)) {
    echo 'Password did not meet requirements';
  }

Or passing the requirements:

  if (!password_validate($new_password, 6, 1, 0, 0, 0)) {
    echo 'Password did not meet requirements';
  }
tim
  • 2,530
  • 3
  • 26
  • 45