Validating Password (Sometimes i feel so dumb)
Moderator: General Moderators
Validating Password (Sometimes i feel so dumb)
Hi there this is my first post, i'm new to PHP and to Regex. I have been reading a lot of things for the last days about Regex in http://www.regular-expressions.info , but i couldn't figure this out.
I'm trying to validate a password that has to be:
6 to 10 characters long
all letters from a to z or A to Z
and at least one digit 0-9
so an example could be:
aAaaaAa11
11aaAAAAA
can someone please help me with the pattern to validate this?
Thanks in advance
I'm trying to validate a password that has to be:
6 to 10 characters long
all letters from a to z or A to Z
and at least one digit 0-9
so an example could be:
aAaaaAa11
11aaAAAAA
can someone please help me with the pattern to validate this?
Thanks in advance
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
Code: Select all
'/^(?=\D*\d)[a-zA-Z\d]{6,10}$/i'Re: Validating Password (Sometimes i feel so dumb)
I guess it's me but i've tried the pattern and it doesn't seem to work, i've been trying in the EditPad, and yes i've forgotten to say not only digits.prometheuzz wrote:Note that you don't forbid a password to be all digits.Code: Select all
'/^(?=\D*\d)[a-zA-Z\d]{6,10}$/i'
I leave you with a screenshot
- Attachments
-
- regex.jpg (96.16 KiB) Viewed 3325 times
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
Perhaps your text editor has a different notion of what ^ and $ are. Try to test one line at a time, not all lines at once.
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
As you see, the regex does it's work:
Try to understand what the regex does and adjust it in such a way that it doesn't accept passwords made from digits only. Post back if you run in to problems.
Good luck.
Code: Select all
<?php
$passwords = array(
'a123456',
'aAaAaAa1',
'123456a',
'Aa123456'
);
foreach($passwords as $pass) {
if(preg_match('/^(?=\D*\d)[a-z\d]{6,10}$/i', $pass)) {
echo "Accepted: '$pass'\n";
} else {
echo "Rejected: '$pass'\n";
}
}
/* the output when running this example:
Accepted: 'a123456'
Accepted: 'aAaAaAa1'
Accepted: '123456a'
Accepted: 'Aa123456'
*/
?>Good luck.
Re: Validating Password (Sometimes i feel so dumb)
This is what i did...
This is what i think it does
^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive
Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'
Thanks a lot prometheuzz
Code: Select all
'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive
Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'
Thanks a lot prometheuzz
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
No quite.tuga wrote:This is what i did...
This is what i think it doesCode: Select all
'/^(?=\D[a-zA-Z]*\d)[a-zA-Z\d]{6,10}$/i'
^ //start of string
(?= //look ahead
\D //not only digits
[a-zA-Z]* //match a character unlimited times
\d //only digits
[a-zA-Z\d] //from a-z, A-Z and digits
{6,10} //between 6 and 10 characters
$ //end of string
i //insensitive
Not sure but i think it works, i have to practice this.
Correction It doesn't validate for '123456a'
Thanks a lot prometheuzz
Because of the i-flag, there is no need to use [a-zA-Z], only [a-z] is sufficient.
Here's a way you could solve it:
Code: Select all
'/^(?=\D*\d)(?=\d*[a-z])[a-z\d]{6,10}$/i'Code: Select all
^ // The start of the string
(?=\D*\d) // Looking ahead from the start of the string, there should be at
// least one digit with an optional number of non-digit characters
// in front of it.
(?=\d*[a-z]) // Looking ahead from the start of the string, there should be at
// least one letter with an optional number of digit in front of it.
[a-z\d]{6,10} // The following characters should be letters or digits.
$ // Followed by the end ofthe string.Re: Validating Password (Sometimes i feel so dumb)
Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , but your explanation helped me finding a solution (i think).
i think now it works
thanks
Code: Select all
/^(?=\d*[a-z])(?=[a-z]*\d)[a-z\d]{6,10}$/iCode: Select all
(?=\d*[a-z]) //starting with an optional digit followed by a character
(?=[a-z]*\d) //starting with an optional character followed by a digit
thanks
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
No, it would not match 'aaaaaaa'. You ought to have tried it.tuga wrote:Well actually your code was not correct (i think) because it could validate 'aaaaaaa' , ...
That also works.tuga wrote:i think now it works
But how you have rewritten it is more intuitive: I like it better than my regex.
You're welcome.tuga wrote: ...
thanks
Re: Validating Password (Sometimes i feel so dumb)
You are completely right, I tested only in the text editor, I apologize for the mistake.No, it would not match 'aaaaaaa'. You ought to have tried it.
Thanks for all your help.
- prometheuzz
- Forum Regular
- Posts: 779
- Joined: Fri Apr 04, 2008 5:51 am
Re: Validating Password (Sometimes i feel so dumb)
No problem!tuga wrote:...You are completely right, I tested only in the text editor, I apologize for the mistake.
You're most welcome.tuga wrote:Thanks for all your help.
Re: Validating Password (Sometimes i feel so dumb)
incidentally, I would strongly recommend against forcing people to use only certain characters for passwords (i.e. alphanumeric only). I usually allow any character, hash it (which results in an alphanumeric string), then send it to my database.
Also, I would have solved your stated goal much differently. I would check each character individually with /[^a-z0-9]/i if I got any matches I would know they had invalid characters. Then I would make a separate regex to make sure there is at least one letter and one number in the password. That's far simpler in my opinion.
Also, I would have solved your stated goal much differently. I would check each character individually with /[^a-z0-9]/i if I got any matches I would know they had invalid characters. Then I would make a separate regex to make sure there is at least one letter and one number in the password. That's far simpler in my opinion.