Regex for password ver [duplicate] - php
I need a regular expression with condition:
min 6 characters, max 50 characters
must contain 1 letter
must contain 1 number
may contain special characters like !##$%^&*()_+
Currently I have pattern: (?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{6,50})$
However it doesn't allow special characters, does anybody have a good regex for that?
Thanks
Perhaps a single regex could be used, but that makes it hard to give the user feedback for which rule they aren't following. A more traditional approach like this gives you feedback that you can use in the UI to tell the user what pwd rule is not being met:
function checkPwd(str) {
if (str.length < 6) {
return("too_short");
} else if (str.length > 50) {
return("too_long");
} else if (str.search(/\d/) == -1) {
return("no_num");
} else if (str.search(/[a-zA-Z]/) == -1) {
return("no_letter");
} else if (str.search(/[^a-zA-Z0-9\!\#\#\$\%\^\&\*\(\)\_\+]/) != -1) {
return("bad_char");
}
return("ok");
}
following jfriend00 answer i wrote this fiddle to test his solution with some little changes to make it more visual:
http://jsfiddle.net/9RB49/1/
and this is the code:
checkPwd = function() {
var str = document.getElementById('pass').value;
if (str.length < 6) {
alert("too_short");
return("too_short");
} else if (str.length > 50) {
alert("too_long");
return("too_long");
} else if (str.search(/\d/) == -1) {
alert("no_num");
return("no_num");
} else if (str.search(/[a-zA-Z]/) == -1) {
alert("no_letter");
return("no_letter");
} else if (str.search(/[^a-zA-Z0-9\!\#\#\$\%\^\&\*\(\)\_\+\.\,\;\:]/) != -1) {
alert("bad_char");
return("bad_char");
}
alert("oukey!!");
return("ok");
}
btw, its working like a charm! ;)
best regards and thanks to jfriend00 of course!
Check a password between 7 to 16 characters which contain only characters, numeric digits, underscore and first character must be a letter-
/^[A-Za-z]\w{7,14}$/
Check a password between 6 to 20 characters which contain at least one numeric digit, one uppercase, and one lowercase letter
/^(?=.\d)(?=.[a-z])(?=.*[A-Z]).{6,20}$/
Check a password between 7 to 15 characters which contain at least one numeric digit and a special character
/^(?=.[0-9])(?=.[!##$%^&])[a-zA-Z0-9!##$%^&]{7,15}$/
Check a password between 8 to 15 characters which contain at least one lowercase letter, one uppercase letter, one numeric digit, and one special character
/^(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[^a-zA-Z0-9])(?!.*\s).{8,15}$/
I hope this will help someone. For more please check this article and this site regexr.com
A more elegant and self-contained regex to match these (common) password requirements is:
^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d^a-zA-Z0-9].{5,50}$
The elegant touch here is that you don't have to hard-code symbols such as $ # # etc.
To accept all the symbols, you are simply saying: "accept also all the not alphanumeric characters and not numbers".
Min and Max number of characters requirement
The final part of the regex {5,50} is the min and max number of characters, if the password is less than 6 or more than 50 characters entered the regex returns a non match.
I have a regex, but it's a bit tricky.
^(?:(?<Numbers>[0-9]{1})|(?<Alpha>[a-zA-Z]{1})|(?<Special>[^a-zA-Z0-9]{1})){6,50}$
Let me explain it and how to check if the tested password is correct:
There are three named groups in the regex.
1) "Numbers": will match a single number in the string.
2) "Alpha": will match a single character from "a" to "z" or "A" to "Z"
3) "Special": will match a single character not being "Alpha" or "Numbers"
Those three named groups are grouped in an alternative group, and {6,50} advises regex machine to capture at least 6 of those groups mentiond above, but not more than 50.
To ensure a correct password is entered you have to check if there is a match, and after that, if the matched groups are capture as much as you desired. I'm a C# developer and don't know, how it works in javascript, but in C# you would have to check:
match.Groups["Numbers"].Captures.Count > 1
Hopefully it works the same in javascript! Good luck!
I use this
export const validatePassword = password => {
const re = /^(?=.*[A-Za-z])(?=.*\d)[a-zA-Z0-9!##$%^&*()~¥=_+}{":;'?/>.<,`\-\|\[\]]{6,50}$/
return re.test(password)
}
DEMO https://jsfiddle.net/ssuryar/bjuhkt09/
Onkeypress the function triggerred.
HTML
<form>
<input type="text" name="testpwd" id="testpwd" class="form=control" onkeyup="checksPassword(this.value)"/>
<input type="submit" value="Submit" /><br />
<span class="error_message spassword_error" style="display: none;">Enter minimum 8 chars with atleast 1 number, lower, upper & special(##$%&!-_&) char.</span>
</form>
Script
function checksPassword(password){
var pattern = /^.*(?=.{8,20})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[##$%&!-_]).*$/;
if(!pattern.test(password)) {
$(".spassword_error").show();
}else
{
$(".spassword_error").hide();
}
}
International UTF-8
None of the solutions here allow international letters, i.e. éÉöÖæÆóÓúÚáÁ, but are mainly focused on the english alphabet.
The following regEx uses unicode, UTF-8, to recognise upper and lower case and thus, allow international characters:
// Match uppercase, lowercase, digit or #$!%*?& and make sure the length is 6 to 50 in length
const pwdFilter = /^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|##$!%*?&])[\p{L}\d##$!%*?&]{6,50}$/gmu
if (!pwdFilter.test(pwd)) {
// Show error that password has to be adjusted to match criteria
}
This regEx
/^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|##$!%*?&])[\p{L}\d##$!%*?&]{6,50}$/gmu
checks if an uppercase, lowercase, digit or #$!%*?& are used in the password. It also limits the length to be 6 minimum and maximum 50 (note that the length of 😀🇺🇸🇪🇸🧑💻 emojis counts as more than one character in the length).
The u in the end, tells it to use UTF-8.
First, we should make the assumption that passwords are always hashed (right? always hashed, right?). That means we should not specify the exact characters allowed (as per the 4th bullet). Rather, any characters should be accepted, and then validate on minimum length and complexity (must contain a letter and a number, for example). And since it will definitely be hashed, we have no concerns over a max length, and should be able to eliminate that as a requirement.
I agree that often this won't be done as a single regex but rather a series of small regex to validate against because we may want to indicate to the user what they need to update, rather than just rejecting outright as an invalid password. Here's some options:
As discussed above - 1 number, 1 letter (upper or lower case) and min 8 char. Added a second option that disallows leading/trailing spaces (avoid potential issues with pasting with extra white space, for example).
^(?=.*\d)(?=.*[a-zA-Z]).{8,}$
^(?=.*\d)(?=.*[a-zA-Z])\S.{6,}\S$
Lastly, if you want to require 1 number and both 1 uppercase and 1 lowercase letter, something like this would work (with or without allowing leading/trailing spaces)
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\S.{6,}\S$
Lastly as requested in the original post (again, don't do this, please try and push back on the requirements!!) - 1 number, 1 letter (upper or lower case), 1 special char (in list) and min 8 char, max 50 char. Both with/without allowing leading/trailing spaces, note the min/max change to account for the 2 non-whitespace characters specified.
^(?=.*\d)(?=.*[a-zA-Z])(?=.*[!##$%^&*()_+]).{8,50}$
^(?=.*\d)(?=.*[a-zA-Z])(?=.*[!##$%^&*()_+])\S.{6,48}\S$
Bonus - separated out is pretty simple, just test against each of the following and show the appropriate error in turn:
/^.{8,}$/ // at least 8 char; ( /^.{8,50}$/ if you must add a max)
/[A-Za-z]/ // one letter
/[A-Z]/ // (optional) - one uppercase letter
/[a-z]/ // (optional) - one lowercase letter
/\d/ // one number
/^\S+.*\S+$/ // (optional) first and last character are non-whitespace)
Note, in these regexes, the char set for a letter is the standard English 26 character alphabet without any accented characters. But my hope is this has enough variations so folks can adapt from here as needed.
// more secure regex password must be :
// more than 8 chars
// at least one number
// at least one special character
const PASSWORD_REGEX_3 = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!##$%^&*]).{8,}$/;
Related
How can I validate a password based on my rules? [duplicate]
My password strength criteria is as below : 8 characters length 2 letters in Upper Case 1 Special Character (!##$&*) 2 numerals (0-9) 3 letters in Lower Case Can somebody please give me regex for same. All conditions must be met by password .
You can do these checks using positive look ahead assertions: ^(?=.*[A-Z].*[A-Z])(?=.*[!##$&*])(?=.*[0-9].*[0-9])(?=.*[a-z].*[a-z].*[a-z]).{8}$ Rubular link Explanation: ^ Start anchor (?=.*[A-Z].*[A-Z]) Ensure string has two uppercase letters. (?=.*[!##$&*]) Ensure string has one special case letter. (?=.*[0-9].*[0-9]) Ensure string has two digits. (?=.*[a-z].*[a-z].*[a-z]) Ensure string has three lowercase letters. .{8} Ensure string is of length 8. $ End anchor.
You should also consider changing some of your rules to: Add more special characters i.e. %, ^, (, ), -, _, +, and period. I'm adding all the special characters that you missed above the number signs in US keyboards. Escape the ones regex uses. Make the password 8 or more characters. Not just a static number 8. With the above improvements, and for more flexibility and readability, I would modify the regex to. ^(?=(.*[a-z]){3,})(?=(.*[A-Z]){2,})(?=(.*[0-9]){2,})(?=(.*[!##$%^&*()\-__+.]){1,}).{8,}$ Basic Explanation (?=(.*RULE){MIN_OCCURANCES,}) Each rule block is shown by (?=(){}). The rule and number of occurrences can then be easily specified and tested separately, before getting combined Detailed Explanation ^ start anchor (?=(.*[a-z]){3,}) lowercase letters. {3,} indicates that you want 3 of this group (?=(.*[A-Z]){2,}) uppercase letters. {2,} indicates that you want 2 of this group (?=(.*[0-9]){2,}) numbers. {2,} indicates that you want 2 of this group (?=(.*[!##$%^&*()\-__+.]){1,}) all the special characters in the [] fields. The ones used by regex are escaped by using the \ or the character itself. {1,} is redundant, but good practice, in case you change that to more than 1 in the future. Also keeps all the groups consistent {8,} indicates that you want 8 or more $ end anchor And lastly, for testing purposes here is a robulink with the above regex
Answers given above are perfect but I suggest to use multiple smaller regex rather than a big one. Splitting the long regex have some advantages: easiness to write and read easiness to debug easiness to add/remove part of regex Generally this approach keep code easily maintainable. Having said that, I share a piece of code that I write in Swift as example: struct RegExp { /** Check password complexity - parameter password: password to test - parameter length: password min length - parameter patternsToEscape: patterns that password must not contains - parameter caseSensitivty: specify if password must conforms case sensitivity or not - parameter numericDigits: specify if password must conforms contains numeric digits or not - returns: boolean that describes if password is valid or not */ static func checkPasswordComplexity(password password: String, length: Int, patternsToEscape: [String], caseSensitivty: Bool, numericDigits: Bool) -> Bool { if (password.length < length) { return false } if caseSensitivty { let hasUpperCase = RegExp.matchesForRegexInText("[A-Z]", text: password).count > 0 if !hasUpperCase { return false } let hasLowerCase = RegExp.matchesForRegexInText("[a-z]", text: password).count > 0 if !hasLowerCase { return false } } if numericDigits { let hasNumbers = RegExp.matchesForRegexInText("\\d", text: password).count > 0 if !hasNumbers { return false } } if patternsToEscape.count > 0 { let passwordLowerCase = password.lowercaseString for pattern in patternsToEscape { let hasMatchesWithPattern = RegExp.matchesForRegexInText(pattern, text: passwordLowerCase).count > 0 if hasMatchesWithPattern { return false } } } return true } static func matchesForRegexInText(regex: String, text: String) -> [String] { do { let regex = try NSRegularExpression(pattern: regex, options: []) let nsString = text as NSString let results = regex.matchesInString(text, options: [], range: NSMakeRange(0, nsString.length)) return results.map { nsString.substringWithRange($0.range)} } catch let error as NSError { print("invalid regex: \(error.localizedDescription)") return [] } } }
You can use zero-length positive look-aheads to specify each of your constraints separately: (?=.{8,})(?=.*\p{Lu}.*\p{Lu})(?=.*[!##$&*])(?=.*[0-9])(?=.*\p{Ll}.*\p{Ll}) If your regex engine doesn't support the \p notation and pure ASCII is enough, then you can replace \p{Lu} with [A-Z] and \p{Ll} with [a-z].
All of above regex unfortunately didn't worked for me. A strong password's basic rules are Should contain at least a capital letter Should contain at least a small letter Should contain at least a number Should contain at least a special character And minimum length So, Best Regex would be ^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!##\$%\^&\*]).{8,}$ The above regex have minimum length of 8. You can change it from {8,} to {any_number,} Modification in rules? let' say you want minimum x characters small letters, y characters capital letters, z characters numbers, Total minimum length w. Then try below regex ^(?=.*[a-z]{x,})(?=.*[A-Z]{y,})(?=.*[0-9]{z,})(?=.*[!##\$%\^&\*]).{w,}$ Note: Change x, y, z, w in regex Edit: Updated regex answer Edit2: Added modification
I would suggest adding (?!.*pass|.*word|.*1234|.*qwer|.*asdf) exclude common passwords
import re RegexLength=re.compile(r'^\S{8,}$') RegexDigit=re.compile(r'\d') RegexLower=re.compile(r'[a-z]') RegexUpper=re.compile(r'[A-Z]') def IsStrongPW(password): if RegexLength.search(password) == None or RegexDigit.search(password) == None or RegexUpper.search(password) == None or RegexLower.search(password) == None: return False else: return True while True: userpw=input("please input your passord to check: \n") if userpw == "exit": break else: print(IsStrongPW(userpw))
codaddict's solution works fine, but this one is a bit more efficient: (Python syntax) password = re.compile(r"""(?#!py password Rev:20160831_2100) # Validate password: 2 upper, 1 special, 2 digit, 1 lower, 8 chars. ^ # Anchor to start of string. (?=(?:[^A-Z]*[A-Z]){2}) # At least two uppercase. (?=[^!##$&*]*[!##$&*]) # At least one "special". (?=(?:[^0-9]*[0-9]){2}) # At least two digit. .{8,} # Password length is 8 or more. $ # Anchor to end of string. """, re.VERBOSE) The negated character classes consume everything up to the desired character in a single step, requiring zero backtracking. (The dot star solution works just fine, but does require some backtracking.) Of course with short target strings such as passwords, this efficiency improvement will be negligible.
For PHP, this works fine! if(preg_match("/^(?=(?:[^A-Z]*[A-Z]){2})(?=(?:[^0-9]*[0-9]){2}).{8,}$/", 'CaSu4Li8')){ return true; }else{ return fasle; } in this case the result is true Thsks for #ridgerunner
Another solution: import re passwordRegex = re.compile(r'''( ^(?=.*[A-Z].*[A-Z]) # at least two capital letters (?=.*[!##$&*]) # at least one of these special c-er (?=.*[0-9].*[0-9]) # at least two numeric digits (?=.*[a-z].*[a-z].*[a-z]) # at least three lower case letters .{8,} # at least 8 total digits $ )''', re.VERBOSE) def userInputPasswordCheck(): print('Enter a potential password:') while True: m = input() mo = passwordRegex.search(m) if (not mo): print(''' Your password should have at least one special charachter, two digits, two uppercase and three lowercase charachter. Length: 8+ ch-ers. Enter another password:''') else: print('Password is strong') return userInputPasswordCheck()
Password must meet at least 3 out of the following 4 complexity rules, [at least 1 uppercase character (A-Z) at least 1 lowercase character (a-z) at least 1 digit (0-9) at least 1 special character — do not forget to treat space as special characters too] at least 10 characters at most 128 characters not more than 2 identical characters in a row (e.g., 111 not allowed) '^(?!.(.)\1{2}) ((?=.[a-z])(?=.[A-Z])(?=.[0-9])|(?=.[a-z])(?=.[A-Z])(?=.[^a-zA-Z0-9])|(?=.[A-Z])(?=.[0-9])(?=.[^a-zA-Z0-9])|(?=.[a-z])(?=.[0-9])(?=.*[^a-zA-Z0-9])).{10,127}$' (?!.*(.)\1{2}) (?=.[a-z])(?=.[A-Z])(?=.*[0-9]) (?=.[a-z])(?=.[A-Z])(?=.*[^a-zA-Z0-9]) (?=.[A-Z])(?=.[0-9])(?=.*[^a-zA-Z0-9]) (?=.[a-z])(?=.[0-9])(?=.*[^a-zA-Z0-9]) .{10.127}
Password validation php regex
I'm new to regex. I need to validate passwords using php with following password policy using Regex: Passwords: Must have minimum 8 characters Must have 2 numbers Symbols allowed are : ! # # $ % * I have tried the following: /^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!##$%]$/
The following matches exactly your requirements: ^(?=.*\d.*\d)[0-9A-Za-z!##$%*]{8,}$ Online demo <<< You don't need the modifiers, they are just there for testing purposes. Explanation ^ : match begin of string (?=.*\d.*\d) : positive lookahead, check if there are 2 digits [0-9A-Za-z!##$%*]{8,} : match digits, letters and !##$%* 8 or more times $ : match end of string
I would first try and find two numbers, using non-regex (or preg_match_all('[0-9]', ...) >= 2, then validating against: ^[!##$%*a-zA-Z0-9]{8,}$ This should be faster and easier to understand. To do it using only regex sounds you need lookahead which basically scans the expression twice afaik, though I'm not sure of the PHP internals on that one. Be prepared for a lot of complaints about passwords not being accepted. I personally have a large subset of passwords that wouldn't validate against those restrictions. Also nonsensical passwords like 12345678 would validate, or even 11111111, but not f4#f#faASvCXZr$%%zcorrecthorsebatterystaple.
if(preg_match('/[!##$%*a-zA-Z0-9]{8,}/',$password) && preg_match_all('/[0-9]/',$password) >= 2) { // do }
Full Strong Password Validation With PHP Min 8 chars long Min One Digit Min One Uppercase Min One Lower Case Min One Special Chars /^\S*(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=\S*[\W])[a-zA-Z\d]{8,}\S*$/ Demo here
PHP - preg_match()
Alright, so I want the user to be able to enter every character from A-Z and every number from 0-9, but I don't want them entering "special characters". Code: if (preg_match("/^[a-zA-Z0-9]$/", $user_name)) { #Stuff } How is it possible for it to check all of the characters given, and then check if those were matched? I've tried preg_match_all(), but I didn't honestly understand much of it. Like if a user entered "FaiL65Mal", I want it to allow it and move on. But if they enter "Fail{]^7(,", I want it to appear with an error.
You just need a quantifier in your regex: Zero or more characters *: /^[a-zA-Z0-9]*$/ One or more characters +: /^[a-zA-Z0-9]+$/ Your regex as is will only match a string with exactly one character that is either a letter or number. You want one of the above options for zero or more or one or more, depending on if you want to allow or reject the empty string.
Your regular expression needs to be changed to /^[a-zA-Z0-9]{1,8}$/ For usernames between 1 and 8 characters. Just adjust the 8 to the appropriate number and perhaps the 1. Currently your expression matches one character
Please keep in mid that preg_match() and other preg_*() functions aren't reliable because they return either 0 or false on fail, so a simple if won't throw on error. Consider using T-Regx: if (pattern(('^[a-zA-Z0-9]{1,8}$')->matches($input)) { // Matches! :) }
Validating International Phone Numbers in PHP [duplicate]
This question already has answers here: How to validate phone numbers using regex (43 answers) Closed 4 years ago. I've been searching for hours to find a regex that does this for me, all the ones I've found either require dashes or limit something else that I don't need. Like this one: ^(?([0-9]{3}))?[-. ]?([0-9]{3})[-. ]?([0-9]{4})$ Basically I want to allow these types of input for phone number, these are all valid: +000 111111111 +00011111111111 0022 111111111111 0022111111111 +333-4444-5555-6666 000-7878787-0000-4587 Note that the number of digits is not limited, I only want the validation to filter out empty inputs and the alphabet. Also filter out all other characters except a maximum of 4 dashes, max. 4 spaces and an optional single plus sign. Is this possible through preg_match or not? Any help is appreciated, thanks!
Sure its possible. But to my opinion dangerous to use stuff that is not understood. I would do something like this ^(?!(?:\d*-){5,})(?!(?:\d* ){5,})\+?[\d- ]+$ See it here on Regexr The last part \+?[\d- ]+ allows an optional + followed by at least one digit, dash or space The negative lookaheads ensure that there are not more than 4 dash or spaces. Limitations: - The dash or space can be in one row - it accepts also - as valid Try it yourself on the Regexr link, you can just add examples what you want.
Strip wanted characters out (" ", "-"), count the amount then chuck an if statement if count <= 4 (for the "+" character it would be == 1). So in total it would be if (countSpace <= 4 && countDash <= 4 && countPlus == 1) { ... } As for being empty, just use the standard form validation for checking if the input has been filled or not.
PHP / regular expression to check if a string contains a word of a certain length
I need to check whether a received string contains any words that are more than 20 characters in length. For example the input string : hi there asssssssssssssssssssskkkkkkkk how are you doing ? would return true. could somebody please help me out with a regexp to check for this. i'm using php. thanks in advance.
/\w{20}/ ...filller for 15 characters....
You can test if the string contains a match of the following pattern: [A-Za-z]{20} The construct [A-Za-z] creates a character class that matches ASCII uppercase and lowercase letters. The {20} is a finite repetition syntax. It's enough to check if there's a match that contains 20 letters, because if there's a word that contains more, it contains at least 20. References regular-expressions.info/Character Classes and Finite Repetition PHP snippet Here's an example usage: $strings = array( "hey what the (##$&*!#^#*&^#!#*^##*##*&^#!*#!", "now this one is just waaaaaaaaaaaaaaaaaaay too long", "12345678901234567890123 that's not a word, is it???", "LOLOLOLOLOLOLOLOLOLOLOL that's just unacceptable!", "one-two-three-four-five-six-seven-eight-nine-ten", "goaaaa...............aaaaaaaaaalll!!!!!!!!!!!!!!", "there is absolutely nothing here" ); foreach ($strings as $str) { echo $str."\n".preg_match('/[a-zA-Z]{20}/', $str)."\n"; } This prints (as seen on ideone.com): hey what the (##$&*!#^#*&^#!#*^##*##*&^#!*#! 0 now this one is just waaaaaaaaaaaaaaaaaaay too long 1 12345678901234567890123 that's not a word, is it??? 0 LOLOLOLOLOLOLOLOLOLOLOL that's just unacceptable! 1 one-two-three-four-five-six-seven-eight-nine-ten 0 goaaaa...............aaaaaaaaaalll!!!!!!!!!!!!!! 0 there is absolutely nothing here 0 As specified in the pattern, preg_match is true when there's a "word" (as defined by a sequence of letters) that is at least 20 characters long. If this definition of a "word" is not adequate, then simply change the pattern to, e.g. \S{20}. That is, any seqeuence of 20 non-whitespace characters; now all but the last string is a match (as seen on ideone.com).
I think the strlen function is what you looking for. you can do something like this: if (strlen($input) > 20) { echo "input is more than 20 characters"; }