Validating Password (Sometimes i feel so dumb)

Any questions involving matching text strings to patterns - the pattern is called a "regular expression."

Moderator: General Moderators

Post Reply
tuga
Forum Newbie
Posts: 7
Joined: Mon Aug 25, 2008 9:08 am

Validating Password (Sometimes i feel so dumb)

Post by tuga »

Hi there this is my first post, i'm new to PHP and to Regex. I have been reading a lot of things for the last days about Regex in http://www.regular-expressions.info , but i couldn't figure this out.

I'm trying to validate a password that has to be:
6 to 10 characters long
all letters from a to z or A to Z
and at least one digit 0-9

so an example could be:
aAaaaAa11
11aaAAAAA

can someone please help me with the pattern to validate this?

Thanks in advance
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

Code: Select all

'/^(?=\D*\d)[a-zA-Z\d]{6,10}$/i'
Note that you don't forbid a password to be all digits.
tuga
Forum Newbie
Posts: 7
Joined: Mon Aug 25, 2008 9:08 am

Re: Validating Password (Sometimes i feel so dumb)

Post by tuga »

prometheuzz wrote:

Code: Select all

'/^(?=\D*\d)[a-zA-Z\d]{6,10}$/i'
Note that you don't forbid a password to be all digits.
I guess it's me but i've tried the pattern and it doesn't seem to work, i've been trying in the EditPad, and yes i've forgotten to say not only digits.

I leave you with a screenshot
Attachments
regex.jpg
regex.jpg (96.16 KiB) Viewed 3324 times
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

Perhaps your text editor has a different notion of what ^ and $ are. Try to test one line at a time, not all lines at once.
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

As you see, the regex does it's work:

Code: Select all

<?php
$passwords = array(
  'a123456',
  'aAaAaAa1',
  '123456a',
  'Aa123456'
);
foreach($passwords as $pass) {
  if(preg_match('/^(?=\D*\d)[a-z\d]{6,10}$/i', $pass)) {
    echo "Accepted: '$pass'\n";
  } else {
    echo "Rejected: '$pass'\n";
  }
}
/* the output when running this example:
Accepted: 'a123456'
Accepted: 'aAaAaAa1'
Accepted: '123456a'
Accepted: 'Aa123456'
*/
?>
Try to understand what the regex does and adjust it in such a way that it doesn't accept passwords made from digits only. Post back if you run in to problems.

Good luck.
tuga
Forum Newbie
Posts: 7
Joined: Mon Aug 25, 2008 9:08 am

Re: Validating Password (Sometimes i feel so dumb)

Post by tuga »

This is what i did...

Code: Select all

'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'
This is what i think it does

^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive

Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'

Thanks a lot prometheuzz
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

tuga wrote:This is what i did...

Code: Select all

'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'
This is what i think it does

^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive

Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'

Thanks a lot prometheuzz
No quite.
Because of the i-flag, there is no need to use [a-zA-Z], only [a-z] is sufficient.
Here's a way you could solve it:

Code: Select all

'/^(?=\D*\d)(?=\d*[a-z])[a-z\d]{6,10}$/i'
A short explanation:

Code: Select all

^               // The start of the string
 
(?=\D*\d)       // Looking ahead from the start of the string, there should be at 
                // least one digit with an optional number of non-digit characters
                // in front of it.
 
(?=\d*[a-z])    // Looking ahead from the start of the string, there should be at 
                // least one letter with an optional number of digit in front of it.
                
[a-z\d]{6,10}   // The following characters should be letters or digits.
 
$               // Followed by the end ofthe string.
That should do it! Good luck.
tuga
Forum Newbie
Posts: 7
Joined: Mon Aug 25, 2008 9:08 am

Re: Validating Password (Sometimes i feel so dumb)

Post by tuga »

Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , but your explanation helped me finding a solution (i think).

Code: Select all

/^(?=\d*[a-z])(?=[a-z]*\d)[a-z\d]{6,10}$/i

Code: Select all

 
(?=\d*[a-z])  //starting with an optional digit followed by a character
(?=[a-z]*\d) //starting with an optional character followed by a digit
 
i think now it works

thanks
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

tuga wrote:Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , ...
No, it would not match 'aaaaaaa'. You ought to have tried it.
tuga wrote:i think now it works
That also works.
But how you have rewritten it is more intuitive: I like it better than my regex.
tuga wrote: ...
thanks
You're welcome.
tuga
Forum Newbie
Posts: 7
Joined: Mon Aug 25, 2008 9:08 am

Re: Validating Password (Sometimes i feel so dumb)

Post by tuga »

No, it would not match 'aaaaaaa'. You ought to have tried it.
You are completely right, I tested only in the text editor, I apologize for the mistake.

Thanks for all your help.
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: Validating Password (Sometimes i feel so dumb)

Post by prometheuzz »

tuga wrote:...You are completely right, I tested only in the text editor, I apologize for the mistake.
No problem!
tuga wrote:Thanks for all your help.
You're most welcome.
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Re: Validating Password (Sometimes i feel so dumb)

Post by Chalks »

incidentally, I would strongly recommend against forcing people to use only certain characters for passwords (i.e. alphanumeric only). I usually allow any character, hash it (which results in an alphanumeric string), then send it to my database.

Also, I would have solved your stated goal much differently. I would check each character individually with /[^a-z0-9]/i if I got any matches I would know they had invalid characters. Then I would make a separate regex to make sure there is at least one letter and one number in the password. That's far simpler in my opinion.
Post Reply