Page 1 of 1
Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 9:17 am
by tuga
Hi there this is my first post, i'm new to PHP and to Regex. I have been reading a lot of things for the last days about Regex in
http://www.regular-expressions.info , but i couldn't figure this out.
I'm trying to validate a password that has to be:
6 to 10 characters long
all letters from a to z or A to Z
and at least one digit 0-9
so an example could be:
aAaaaAa11
11aaAAAAA
can someone please help me with the pattern to validate this?
Thanks in advance
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 9:35 am
by prometheuzz
Note that you don't forbid a password to be all digits.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 10:12 am
by tuga
prometheuzz wrote:
Note that you don't forbid a password to be all digits.
I guess it's me but i've tried the pattern and it doesn't seem to work, i've been trying in the EditPad, and yes i've forgotten to say not only digits.
I leave you with a screenshot
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 10:19 am
by prometheuzz
Perhaps your text editor has a different notion of what ^ and $ are. Try to test one line at a time, not all lines at once.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 11:34 am
by prometheuzz
As you see, the regex does it's work:
Code: Select all
<?php
$passwords = array(
'a123456',
'aAaAaAa1',
'123456a',
'Aa123456'
);
foreach($passwords as $pass) {
if(preg_match('/^(?=\D*\d)[a-z\d]{6,10}$/i', $pass)) {
echo "Accepted: '$pass'\n";
} else {
echo "Rejected: '$pass'\n";
}
}
/* the output when running this example:
Accepted: 'a123456'
Accepted: 'aAaAaAa1'
Accepted: '123456a'
Accepted: 'Aa123456'
*/
?>
Try to understand what the regex does and adjust it in such a way that it doesn't accept passwords made from digits only. Post back if you run in to problems.
Good luck.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 1:00 pm
by tuga
This is what i did...
Code: Select all
'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'
This is what i think it does
^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive
Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'
Thanks a lot prometheuzz
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 1:40 pm
by prometheuzz
tuga wrote:This is what i did...
Code: Select all
'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'
This is what i think it does
^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive
Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'
Thanks a lot prometheuzz
No quite.
Because of the i-flag, there is no need to use [a-zA-Z], only [a-z] is sufficient.
Here's a way you could solve it:
Code: Select all
'/^(?=\D*\d)(?=\d*[a-z])[a-z\d]{6,10}$/i'
A short explanation:
Code: Select all
^ // The start of the string
(?=\D*\d) // Looking ahead from the start of the string, there should be at
// least one digit with an optional number of non-digit characters
// in front of it.
(?=\d*[a-z]) // Looking ahead from the start of the string, there should be at
// least one letter with an optional number of digit in front of it.
[a-z\d]{6,10} // The following characters should be letters or digits.
$ // Followed by the end ofthe string.
That should do it! Good luck.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 2:01 pm
by tuga
Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , but your explanation helped me finding a solution (i think).
Code: Select all
/^(?=\d*[a-z])(?=[a-z]*\d)[a-z\d]{6,10}$/i
Code: Select all
(?=\d*[a-z]) //starting with an optional digit followed by a character
(?=[a-z]*\d) //starting with an optional character followed by a digit
i think now it works
thanks
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 2:32 pm
by prometheuzz
tuga wrote:Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , ...
No, it would not match 'aaaaaaa'. You ought to have tried it.
tuga wrote:i think now it works
That
also works.
But how you have rewritten it is more intuitive: I like it better than my regex.
tuga wrote: ...
thanks
You're welcome.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Mon Aug 25, 2008 4:30 pm
by tuga
No, it would not match 'aaaaaaa'. You ought to have tried it.
You are completely right, I tested only in the text editor, I apologize for the mistake.
Thanks for all your help.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Tue Aug 26, 2008 1:58 am
by prometheuzz
tuga wrote:...You are completely right, I tested only in the text editor, I apologize for the mistake.
No problem!
tuga wrote:Thanks for all your help.
You're most welcome.
Re: Validating Password (Sometimes i feel so dumb)
Posted: Wed Aug 27, 2008 11:17 am
by Chalks
incidentally, I would strongly recommend against forcing people to use only certain characters for passwords (i.e. alphanumeric only). I usually allow any character, hash it (which results in an alphanumeric string), then send it to my database.
Also, I would have solved your stated goal much differently. I would check each character individually with /[^a-z0-9]/i if I got any matches I would know they had invalid characters. Then I would make a separate regex to make sure there is at least one letter and one number in the password. That's far simpler in my opinion.