I want to get a strong password from users with numbers capital laters simple laters and special characters. A valid password like this example - Ex: Tesing#123
minimum one capital latter
minimum one special character
The password has more than 8 characters.
I am using PHP.
Thank you.
<?php
function password_generate($chars)
{
$data = '1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcefghijklmnopqrstuvwxyz##$%&-';
return substr(str_shuffle($data), 0, $chars);
}
echo password_generate(8)."\n";
?>
Related
I'm trying to create a filter to allow users to use only English letters (Lowercase & uppercase) and numbers. how can I do that? (ANSI)
(not trying to sanitize, only to tell if a string contain non-english letters)
That filter should get me a clean database with only english usernames, without multibyte and UTF-8 characters.
And can anyone explain to me why echo strlen(À) outputs '2'? it means two bytes right? wans't UTF-8 chars supposed to contain a single byte?
Thanks
You should use regular expressions to see if a string matches a pattern. This one is pretty simple:
if (preg_match('/^[a-zA-Z0-9]+$/', $username)) {
echo 'Username is valid';
} else {
echo 'Username is NOT valid';
}
And the reason why strlen('À') equals 2 is because strlen doesn't know that string is UTF-8. Try using:
echo strlen(utf8_decode('À'));
This is how you check whether a string contains only letters from the English alphabet.
if (!preg_match('/[^A-Za-z0-9]/', $string)) {
//string contains only letters from the English alphabet
}
The other question:
strlen(À)
will not return 2. Maybe you meant
strlen('À')
strlen returns
The length of the string on success, and 0 if the string is empty.
taken from here. So, that character is interpreted as two characters, probably due to your encoding.
A user enters a password, say 'tomorrow1234'. I'm aware that I can split it into an array with str_split, but after that, I want to go through each value and search them for things such as capitalization, number, or white space.
How would I go about doing this?
This is an old standby function I use to valiate password complexity. It requires that the password contains upper and lowercase letters, as well as non-alpha characters. Length checks are trivial and are handled elsewhere.
$req_regex = array(
'/[A-Z]/', //uppercase
'/[a-z]/', //lowercase
'/[^A-Za-z]/' //non-alpha
);
foreach($req_regex as $regex) {
if( !preg_match($regex, $password) ) {
return NULL;
}
}
I use the array and a loop so it's easy to add/remove conditions if necessary.
Sounds like your trying to verify password strength.
Check out this web page, your solution would be pretty complex to write a specific answer for, but you can use regex to check for things like capitalization, symbols and digits. This page has several examples you could modify for your needs.
http://www.cafewebmaster.com/check-password-strength-safety-php-and-regex
This is what I would use:
(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$
Checks for 1 letter, 1 number, 1 special character and at least 8 characters long.
I'm newest and happy to be here in Stackoverflow. I am following this website since a long time.
I have an input/text field. (e.g. "Insert your name")
The script starts the following controls when the user sends data:
1) Control whether the field is empty or not.
2) Control whether the field goes over maximum characters allowed.
3) Control whether the field contain a wrong matched preg_match regex. (e.g. it contains numbers instead of only letters - without symbols and accents -).
The question is: why if i put this characters "w/", the script doesn't make the control? And it seems like the string bypass controls?
Hello to all guys and sorry if I'm late with the answer (and also for the non-code posted ^^).
Now, talking about my problem. I checked that the problem is on ONLY if I work offline (I use EasyPhp 5.3.6.1). Otherwise the regEx tested online is ok.
This is the code I use to obtain only what I said above:
if (!preg_match('/^[a-zA-Z]+[ ]?[a-zA-Z]+$/', $name)) {
echo "Error";
}
As you can see, this code match:
A string that start (and finish) with only letters;
A string with only 0 or 1 empty space (for persons who has two name, i.e.: Anna Maria);
...right?!
(Please correct me if I am wrong)
Thanks to all!
Wart
My reading of the requirements is
Only letters (upper or lower) can be provided.
Something must be provided (i.e. a non-zero length string).
There is a maximum length.
The code below checks this in a very simple manner and just echos any errors it finds; you probably want to do something more useful when you detect an error.
<?php
$max = 10;
$string = 'w/';
// Check only letters; the regex searches for anything that isn't a plain letter
if (preg_match('/[^a-zA-Z]/', $string)){
echo 'only letters are allowed';
}
// Check a value is provided
$len = strlen($string);
if ($len == 0) {
echo 'you must provide a value';
}
// Check the string is long to long
if ($len > $max) {
echo 'the value cannot be longer than ' . $max;
}
You can also try this:
if (preg_match('/^[a-z0-9]{1,12}/im', $subject)) {
\\ match
}
The above will only match similar to #genesis' post, but will only match if the $subject is between and including 1 - 12 characters long. The regex is also case insensitive.
It works fine.
<?php
$string = '\with';
if (preg_match('~[^0-9a-z]~i', $string)){
echo "only a-Z0-9 is allowed"; //true
}
http://sandbox.phpcode.eu/g/18535/3
You have to make sure you don't put user input into your regex, because that would mean you'll probably check something wrong.
I'm writing a mobile website and I would like the user to be able to login via username or phone number. I think the easist way to validate their response it to not allow them to signup using a phone number as their user name.
The problem is that I'll need to check if the input of the username field is JUST a 10 or 11 digit number. This is where my inexperance in regex comes to my disadvantage. I'm hoping to try something like
function do_reg($text, $regex)
{
if (preg_match($regex, $text)) {
return TRUE;
}
else {
return FALSE;
}
}
$username = $_POST['username'];
if(do_reg($username, '[0-9]{10,11}')){
die('cannot use a 10 or 11 digit number as a username');
}
The above regex is matching all numbers that are 10-11 digits long. I think maybe I need a way to say if the ONLY thing in the user input field is a 10-11 digit number get mad otherwise release the butterflies and rainbows.
EDIT: For the record I decided to make sure the username wasn't JUST a number. Thought this would be simpler and I didn't like the idea of having people use numbers as logins.
So I ended up with
if (!empty($username) && preg_match('/^\d+$/', $username )) {
die('username cannot be a number');
}
Thanks for the help all.
You are almost correct, except PCRE in PHP requires delimiters, and probably some anchors to make sure the field consists only of numbers.
if(do_reg($username, '/^\d{10,11}$/')){
// ^^ ^^
And probably use \d instead of [0-9].
(BTW, you should just call preg_match directly:
if (!preg_match('/^\d{10,11}$/', $username)) {
release('bufferflies', 'rainbows');
}
You need to anchor the regex to match the entire string: ^[0-9]{10,11}$.
^ matches the beginning of a string; $ matches the end.
Limit usernames to only 10 characters and require there username to start with a letter. How would a user write a 10 digit phone number as their username if they are required to enter in at least 1 alpha character (since phone numbers can't start with a 0/o or a 1/l)? (Heck I would require at least 3 alpha chars just to be safe).
When your app gets bigger then you can allow for longer usernames and take into account some of these issues:
Do not use ^ or $ signs if you are only testing the username: if(do_reg($username, '/^\d{10,11}$/')){
The reason I say this is anyone could defeat that by placing a letter in their username, a1235551212
instead use this:
if(do_reg($username, '/\d{10,11}/')){ because that will flag a1235551212d
Also, importantly, remember, that all of these regular expressions are only checking for numbers, there's nothing to stop a user from doing the following: ltwo3for5six7890. Unless of course you limit the username size.
You just should include start and end of the string in the regex
^[0-9]{10,11}$
What is the easiest or best way in PHP to validate true or false that a string only contains characters that can be typed using a standard US or UK keyboard with the keyboard language set to UK or US English?
To be a little more specific, I mean using a single key depression with or without using the shift key.
I think the characters are the following. 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!##$%^&*()_-+={[}]|\:;"'<,>.?/£ and Space
You can cover every ASCII character by [ -~] (i.e. range from space to tilde). Then just add £ too and there you go (you might need to add other characters as well, such as ± and §, but for that, have a look at the US and UK keyboard layouts).
Something like:
if(preg_match('#^[ -~£±§]*$#', $string)) {
// valid
}
The following regular expression may be of use for you:
/^([a-zA-Z0-9!"#$%&'()*+,\-.\/:;<=>?#[\\\]^_`{|}~\t ])*$/m
Use this as:
$result = (bool)preg_match('/^([a-zA-Z0-9!"#$%&\'()*+,\-.\/:;<=>?#[\\\]^_`{|}~\t ])*$/m', $input);
Or create a reusable function from this code:
function testUsUkKeyboard($input)
{
return (bool)preg_match('/^([a-zA-Z0-9!"#$%&\'()*+,\-.\/:;<=>?#[\\\]^_`{|}~\t ])*$/m', $input);
}
The easier way to check is to check if chars exist rather then they do not, so first you would need a list of chars that do not exists, you can get these from the ascii range 128 - 255 where as 0 - 127 is the regular key set.
Tio create the invalid array uou can do:
$chars = range(128,255);
The above array would contain all the chars in the table below:
then you should check agains the string in question, people say use regex, but i dont really think thats needed
$string = "testing a plain string";
for($s=0;$s<strlen($string);$s++)
{
if(in_array(ord($string[$s]),$chars))
{
//Invalid
}
}