I have to have a regular expression that contains at least one lowercase letter, uppercase letter, number, and symbol (non letter or number). I must also contain no spaces and must be between 8 and 16 characters long. I must use the 0-9a-zA-z Expression. I cannot use any other to represent the letters and numbers.
I have run into a few problems which I hope you guys can help me with. I will seperate the issues with line.
1) Quantifier not working
<?php
$Password = "Fondulious16";
echo preg_match("/[0-9a-zA-Z]{8,16}[^\s]/", $Password);
?>
Now, It does return 0 if i change the password to go below 8 chacters. But it still returns a 1 if I go above 16 characters.
2) Requirements not working
If I change the brackets to parenthesis it always returns 0 and I can remove the capital letter. So i need to make it to where It will require a capital, lower case, and number. I've tried adding in the + symbol but to no avail:
<?php
$Password = "Fondulious16";
echo preg_match("/[0-9+a-z+A-Z+]{8,16}[^\s]/", $Password);
?>
This did nothing, and nothing changed when I changed the password to something like "fondulious".
<?php
$Password = "Fondulious16";
echo preg_match("/(0-9a-zA-Z){8,16}[^\s]/", $Password);
?>
This always returns 0.
Thanks in advance for any help.
Your problem in both cases is the fact that [^\s] is essentially the same as \S; in short: Anything but a space character.
So this last part of the expression will match anything as long as there is indeed at least some character (i.e. not the end of the string).
Also you can't use the + quantifier within one selection/range ([...]). It's just a normal character in there and by default the quantifier following will be able to pick any valid character as often as necessary (there's no easy way to force the elements to be unique anyway).
So, to fix your problem, you should use the following regular expression:
<?php
$password = "Fondulious16";
echo preg_match('/^\w{8,16}$/', $password);
?>
Here's a short explanation of the elements:
^ will match the beginning of the string.
\w will match any alphanumerical character plus underscores (essentially [a-z0-9_], but case-insensitive).
{8,16} is a quantifier "8 to 16 times" as you used it.
$ will match the end of the string.
If you don't want underscores to be valid, you can use the following variant.
<?php
$password = "Fondulious16";
echo preg_match('/^[0-9a-z]{8,16}$/i', $password);
?>
You might have noticed that I didn't list uppercase characters. Instead, I've used the modifier i after the trailing delimiter (/i) which will tell the algorithm to ignore the case of all characters when trying to match them.
Although it's important to note that this check will not force the user to use lowercase and uppercase characters as well as numbers. It will only check whether the user used any other characters (like punctuation or spaces) as well as the length!
To force the user to use all those things in addition, you can use the following check:
<?php
$password = "Fondulious16";
echo preg_match('/[A-Z]/', $password) // at least one uppercase character
&& preg_match('/[a-z]/', $password) // at least one lowercase character
&& preg_match('/\d/', $password); // at least one number
?>
If you'd like to do these checks and you want to verify the length as well, then you can use the following expression to look for illegal characters (and a simple string length check to ensure the length is fine):
<?php
$password = "Fondulious16";
echo ($pwlen = strlen($password)) >= 8 && $pwlen <= 16 // has the proper length
&& preg_match('/[A-Z]/', $password) // at least one uppercase character
&& preg_match('/[a-z]/', $password) // at least one lowercase character
&& preg_match('/\d/', $password) // at least one number
&& !preg_match('/[^a-z\d]/i', $password); // no forbidden character
?>
Please look at the below
example
if (!preg_match('/([a-z]{1,})/', $value)) {
// atleast one lowercase letter
}
if (!preg_match('/([A-Z]{1,})/', $value)) {
// atleast one uppercase letter
}
if (!preg_match('/([\d]{1,})/', $value)) {
// altelast one digit
}
if (strlen($value) < 8) {
// atleast 8 characters length
}
Related
I need a regular expression with condition:
min 6 characters, max 50 characters
must contain 1 letter
must contain 1 number
may contain special characters like !##$%^&*()_+
Currently I have pattern: (?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{6,50})$
However it doesn't allow special characters, does anybody have a good regex for that?
Thanks
Perhaps a single regex could be used, but that makes it hard to give the user feedback for which rule they aren't following. A more traditional approach like this gives you feedback that you can use in the UI to tell the user what pwd rule is not being met:
function checkPwd(str) {
if (str.length < 6) {
return("too_short");
} else if (str.length > 50) {
return("too_long");
} else if (str.search(/\d/) == -1) {
return("no_num");
} else if (str.search(/[a-zA-Z]/) == -1) {
return("no_letter");
} else if (str.search(/[^a-zA-Z0-9\!\#\#\$\%\^\&\*\(\)\_\+]/) != -1) {
return("bad_char");
}
return("ok");
}
following jfriend00 answer i wrote this fiddle to test his solution with some little changes to make it more visual:
http://jsfiddle.net/9RB49/1/
and this is the code:
checkPwd = function() {
var str = document.getElementById('pass').value;
if (str.length < 6) {
alert("too_short");
return("too_short");
} else if (str.length > 50) {
alert("too_long");
return("too_long");
} else if (str.search(/\d/) == -1) {
alert("no_num");
return("no_num");
} else if (str.search(/[a-zA-Z]/) == -1) {
alert("no_letter");
return("no_letter");
} else if (str.search(/[^a-zA-Z0-9\!\#\#\$\%\^\&\*\(\)\_\+\.\,\;\:]/) != -1) {
alert("bad_char");
return("bad_char");
}
alert("oukey!!");
return("ok");
}
btw, its working like a charm! ;)
best regards and thanks to jfriend00 of course!
Check a password between 7 to 16 characters which contain only characters, numeric digits, underscore and first character must be a letter-
/^[A-Za-z]\w{7,14}$/
Check a password between 6 to 20 characters which contain at least one numeric digit, one uppercase, and one lowercase letter
/^(?=.\d)(?=.[a-z])(?=.*[A-Z]).{6,20}$/
Check a password between 7 to 15 characters which contain at least one numeric digit and a special character
/^(?=.[0-9])(?=.[!##$%^&])[a-zA-Z0-9!##$%^&]{7,15}$/
Check a password between 8 to 15 characters which contain at least one lowercase letter, one uppercase letter, one numeric digit, and one special character
/^(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[^a-zA-Z0-9])(?!.*\s).{8,15}$/
I hope this will help someone. For more please check this article and this site regexr.com
A more elegant and self-contained regex to match these (common) password requirements is:
^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d^a-zA-Z0-9].{5,50}$
The elegant touch here is that you don't have to hard-code symbols such as $ # # etc.
To accept all the symbols, you are simply saying: "accept also all the not alphanumeric characters and not numbers".
Min and Max number of characters requirement
The final part of the regex {5,50} is the min and max number of characters, if the password is less than 6 or more than 50 characters entered the regex returns a non match.
I have a regex, but it's a bit tricky.
^(?:(?<Numbers>[0-9]{1})|(?<Alpha>[a-zA-Z]{1})|(?<Special>[^a-zA-Z0-9]{1})){6,50}$
Let me explain it and how to check if the tested password is correct:
There are three named groups in the regex.
1) "Numbers": will match a single number in the string.
2) "Alpha": will match a single character from "a" to "z" or "A" to "Z"
3) "Special": will match a single character not being "Alpha" or "Numbers"
Those three named groups are grouped in an alternative group, and {6,50} advises regex machine to capture at least 6 of those groups mentiond above, but not more than 50.
To ensure a correct password is entered you have to check if there is a match, and after that, if the matched groups are capture as much as you desired. I'm a C# developer and don't know, how it works in javascript, but in C# you would have to check:
match.Groups["Numbers"].Captures.Count > 1
Hopefully it works the same in javascript! Good luck!
I use this
export const validatePassword = password => {
const re = /^(?=.*[A-Za-z])(?=.*\d)[a-zA-Z0-9!##$%^&*()~¥=_+}{":;'?/>.<,`\-\|\[\]]{6,50}$/
return re.test(password)
}
DEMO https://jsfiddle.net/ssuryar/bjuhkt09/
Onkeypress the function triggerred.
HTML
<form>
<input type="text" name="testpwd" id="testpwd" class="form=control" onkeyup="checksPassword(this.value)"/>
<input type="submit" value="Submit" /><br />
<span class="error_message spassword_error" style="display: none;">Enter minimum 8 chars with atleast 1 number, lower, upper & special(##$%&!-_&) char.</span>
</form>
Script
function checksPassword(password){
var pattern = /^.*(?=.{8,20})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[##$%&!-_]).*$/;
if(!pattern.test(password)) {
$(".spassword_error").show();
}else
{
$(".spassword_error").hide();
}
}
International UTF-8
None of the solutions here allow international letters, i.e. éÉöÖæÆóÓúÚáÁ, but are mainly focused on the english alphabet.
The following regEx uses unicode, UTF-8, to recognise upper and lower case and thus, allow international characters:
// Match uppercase, lowercase, digit or #$!%*?& and make sure the length is 6 to 50 in length
const pwdFilter = /^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|##$!%*?&])[\p{L}\d##$!%*?&]{6,50}$/gmu
if (!pwdFilter.test(pwd)) {
// Show error that password has to be adjusted to match criteria
}
This regEx
/^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|##$!%*?&])[\p{L}\d##$!%*?&]{6,50}$/gmu
checks if an uppercase, lowercase, digit or #$!%*?& are used in the password. It also limits the length to be 6 minimum and maximum 50 (note that the length of 😀🇺🇸🇪🇸🧑💻 emojis counts as more than one character in the length).
The u in the end, tells it to use UTF-8.
First, we should make the assumption that passwords are always hashed (right? always hashed, right?). That means we should not specify the exact characters allowed (as per the 4th bullet). Rather, any characters should be accepted, and then validate on minimum length and complexity (must contain a letter and a number, for example). And since it will definitely be hashed, we have no concerns over a max length, and should be able to eliminate that as a requirement.
I agree that often this won't be done as a single regex but rather a series of small regex to validate against because we may want to indicate to the user what they need to update, rather than just rejecting outright as an invalid password. Here's some options:
As discussed above - 1 number, 1 letter (upper or lower case) and min 8 char. Added a second option that disallows leading/trailing spaces (avoid potential issues with pasting with extra white space, for example).
^(?=.*\d)(?=.*[a-zA-Z]).{8,}$
^(?=.*\d)(?=.*[a-zA-Z])\S.{6,}\S$
Lastly, if you want to require 1 number and both 1 uppercase and 1 lowercase letter, something like this would work (with or without allowing leading/trailing spaces)
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\S.{6,}\S$
Lastly as requested in the original post (again, don't do this, please try and push back on the requirements!!) - 1 number, 1 letter (upper or lower case), 1 special char (in list) and min 8 char, max 50 char. Both with/without allowing leading/trailing spaces, note the min/max change to account for the 2 non-whitespace characters specified.
^(?=.*\d)(?=.*[a-zA-Z])(?=.*[!##$%^&*()_+]).{8,50}$
^(?=.*\d)(?=.*[a-zA-Z])(?=.*[!##$%^&*()_+])\S.{6,48}\S$
Bonus - separated out is pretty simple, just test against each of the following and show the appropriate error in turn:
/^.{8,}$/ // at least 8 char; ( /^.{8,50}$/ if you must add a max)
/[A-Za-z]/ // one letter
/[A-Z]/ // (optional) - one uppercase letter
/[a-z]/ // (optional) - one lowercase letter
/\d/ // one number
/^\S+.*\S+$/ // (optional) first and last character are non-whitespace)
Note, in these regexes, the char set for a letter is the standard English 26 character alphabet without any accented characters. But my hope is this has enough variations so folks can adapt from here as needed.
// more secure regex password must be :
// more than 8 chars
// at least one number
// at least one special character
const PASSWORD_REGEX_3 = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!##$%^&*]).{8,}$/;
I want regular expression for password in php that must match following conditions :
1) password must contain at least one letter and one digit.
2) password can be start from letter or number.
eg. adfjs345, 454dkfj, kfj45kj45, 870jdfk56fdjk are valid input.
1- password must contain at least one letter and one digit
/^(?:[0-9]+[a-z]|[a-z]+[0-9])[a-z0-9]*$/i
2- password start with letter or number
^[a-zA-z0-9]+
Keep it simple. Use two regular expressions.
if( preg_match("[a-zA-Z]", $password) && preg_match("[0-9]", $password) ) {
all_ok();
}
^(?=.*\d)(?=.*[A-Za-z])[A-Za-z\d]
(?=.*\d) - string contains digit
(?=.*[A-Za-z]) - string contains letter
^[A-Za-z\d] - string starts with letter or number
demo
My password strength criteria is as below :
8 characters length
2 letters in Upper Case
1 Special Character (!##$&*)
2 numerals (0-9)
3 letters in Lower Case
Can somebody please give me regex for same. All conditions must be met by password .
You can do these checks using positive look ahead assertions:
^(?=.*[A-Z].*[A-Z])(?=.*[!##$&*])(?=.*[0-9].*[0-9])(?=.*[a-z].*[a-z].*[a-z]).{8}$
Rubular link
Explanation:
^ Start anchor
(?=.*[A-Z].*[A-Z]) Ensure string has two uppercase letters.
(?=.*[!##$&*]) Ensure string has one special case letter.
(?=.*[0-9].*[0-9]) Ensure string has two digits.
(?=.*[a-z].*[a-z].*[a-z]) Ensure string has three lowercase letters.
.{8} Ensure string is of length 8.
$ End anchor.
You should also consider changing some of your rules to:
Add more special characters i.e. %, ^, (, ), -, _, +, and period. I'm adding all the special characters that you missed above the number signs in US keyboards. Escape the ones regex uses.
Make the password 8 or more characters. Not just a static number 8.
With the above improvements, and for more flexibility and readability, I would modify the regex to.
^(?=(.*[a-z]){3,})(?=(.*[A-Z]){2,})(?=(.*[0-9]){2,})(?=(.*[!##$%^&*()\-__+.]){1,}).{8,}$
Basic Explanation
(?=(.*RULE){MIN_OCCURANCES,})
Each rule block is shown by (?=(){}). The rule and number of occurrences can then be easily specified and tested separately, before getting combined
Detailed Explanation
^ start anchor
(?=(.*[a-z]){3,}) lowercase letters. {3,} indicates that you want 3 of this group
(?=(.*[A-Z]){2,}) uppercase letters. {2,} indicates that you want 2 of this group
(?=(.*[0-9]){2,}) numbers. {2,} indicates that you want 2 of this group
(?=(.*[!##$%^&*()\-__+.]){1,}) all the special characters in the [] fields. The ones used by regex are escaped by using the \ or the character itself. {1,} is redundant, but good practice, in case you change that to more than 1 in the future. Also keeps all the groups consistent
{8,} indicates that you want 8 or more
$ end anchor
And lastly, for testing purposes here is a robulink with the above regex
Answers given above are perfect but I suggest to use multiple smaller regex rather than a big one.
Splitting the long regex have some advantages:
easiness to write and read
easiness to debug
easiness to add/remove part of regex
Generally this approach keep code easily maintainable.
Having said that, I share a piece of code that I write in Swift as example:
struct RegExp {
/**
Check password complexity
- parameter password: password to test
- parameter length: password min length
- parameter patternsToEscape: patterns that password must not contains
- parameter caseSensitivty: specify if password must conforms case sensitivity or not
- parameter numericDigits: specify if password must conforms contains numeric digits or not
- returns: boolean that describes if password is valid or not
*/
static func checkPasswordComplexity(password password: String, length: Int, patternsToEscape: [String], caseSensitivty: Bool, numericDigits: Bool) -> Bool {
if (password.length < length) {
return false
}
if caseSensitivty {
let hasUpperCase = RegExp.matchesForRegexInText("[A-Z]", text: password).count > 0
if !hasUpperCase {
return false
}
let hasLowerCase = RegExp.matchesForRegexInText("[a-z]", text: password).count > 0
if !hasLowerCase {
return false
}
}
if numericDigits {
let hasNumbers = RegExp.matchesForRegexInText("\\d", text: password).count > 0
if !hasNumbers {
return false
}
}
if patternsToEscape.count > 0 {
let passwordLowerCase = password.lowercaseString
for pattern in patternsToEscape {
let hasMatchesWithPattern = RegExp.matchesForRegexInText(pattern, text: passwordLowerCase).count > 0
if hasMatchesWithPattern {
return false
}
}
}
return true
}
static func matchesForRegexInText(regex: String, text: String) -> [String] {
do {
let regex = try NSRegularExpression(pattern: regex, options: [])
let nsString = text as NSString
let results = regex.matchesInString(text,
options: [], range: NSMakeRange(0, nsString.length))
return results.map { nsString.substringWithRange($0.range)}
} catch let error as NSError {
print("invalid regex: \(error.localizedDescription)")
return []
}
}
}
You can use zero-length positive look-aheads to specify each of your constraints separately:
(?=.{8,})(?=.*\p{Lu}.*\p{Lu})(?=.*[!##$&*])(?=.*[0-9])(?=.*\p{Ll}.*\p{Ll})
If your regex engine doesn't support the \p notation and pure ASCII is enough, then you can replace \p{Lu} with [A-Z] and \p{Ll} with [a-z].
All of above regex unfortunately didn't worked for me.
A strong password's basic rules are
Should contain at least a capital letter
Should contain at least a small letter
Should contain at least a number
Should contain at least a special character
And minimum length
So, Best Regex would be
^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!##\$%\^&\*]).{8,}$
The above regex have minimum length of 8. You can change it from {8,} to {any_number,}
Modification in rules?
let' say you want minimum x characters small letters, y characters capital letters, z characters numbers, Total minimum length w. Then try below regex
^(?=.*[a-z]{x,})(?=.*[A-Z]{y,})(?=.*[0-9]{z,})(?=.*[!##\$%\^&\*]).{w,}$
Note: Change x, y, z, w in regex
Edit: Updated regex answer
Edit2: Added modification
I would suggest adding
(?!.*pass|.*word|.*1234|.*qwer|.*asdf) exclude common passwords
import re
RegexLength=re.compile(r'^\S{8,}$')
RegexDigit=re.compile(r'\d')
RegexLower=re.compile(r'[a-z]')
RegexUpper=re.compile(r'[A-Z]')
def IsStrongPW(password):
if RegexLength.search(password) == None or RegexDigit.search(password) == None or RegexUpper.search(password) == None or RegexLower.search(password) == None:
return False
else:
return True
while True:
userpw=input("please input your passord to check: \n")
if userpw == "exit":
break
else:
print(IsStrongPW(userpw))
codaddict's solution works fine, but this one is a bit more efficient: (Python syntax)
password = re.compile(r"""(?#!py password Rev:20160831_2100)
# Validate password: 2 upper, 1 special, 2 digit, 1 lower, 8 chars.
^ # Anchor to start of string.
(?=(?:[^A-Z]*[A-Z]){2}) # At least two uppercase.
(?=[^!##$&*]*[!##$&*]) # At least one "special".
(?=(?:[^0-9]*[0-9]){2}) # At least two digit.
.{8,} # Password length is 8 or more.
$ # Anchor to end of string.
""", re.VERBOSE)
The negated character classes consume everything up to the desired character in a single step, requiring zero backtracking. (The dot star solution works just fine, but does require some backtracking.) Of course with short target strings such as passwords, this efficiency improvement will be negligible.
For PHP, this works fine!
if(preg_match("/^(?=(?:[^A-Z]*[A-Z]){2})(?=(?:[^0-9]*[0-9]){2}).{8,}$/",
'CaSu4Li8')){
return true;
}else{
return fasle;
}
in this case the result is true
Thsks for #ridgerunner
Another solution:
import re
passwordRegex = re.compile(r'''(
^(?=.*[A-Z].*[A-Z]) # at least two capital letters
(?=.*[!##$&*]) # at least one of these special c-er
(?=.*[0-9].*[0-9]) # at least two numeric digits
(?=.*[a-z].*[a-z].*[a-z]) # at least three lower case letters
.{8,} # at least 8 total digits
$
)''', re.VERBOSE)
def userInputPasswordCheck():
print('Enter a potential password:')
while True:
m = input()
mo = passwordRegex.search(m)
if (not mo):
print('''
Your password should have at least one special charachter,
two digits, two uppercase and three lowercase charachter. Length: 8+ ch-ers.
Enter another password:''')
else:
print('Password is strong')
return
userInputPasswordCheck()
Password must meet at least 3 out of the following 4 complexity rules,
[at least 1 uppercase character (A-Z)
at least 1 lowercase character (a-z)
at least 1 digit (0-9)
at least 1 special character — do not forget to treat space as special characters too]
at least 10 characters
at most 128 characters
not more than 2 identical characters in a row (e.g., 111 not allowed)
'^(?!.(.)\1{2})
((?=.[a-z])(?=.[A-Z])(?=.[0-9])|(?=.[a-z])(?=.[A-Z])(?=.[^a-zA-Z0-9])|(?=.[A-Z])(?=.[0-9])(?=.[^a-zA-Z0-9])|(?=.[a-z])(?=.[0-9])(?=.*[^a-zA-Z0-9])).{10,127}$'
(?!.*(.)\1{2})
(?=.[a-z])(?=.[A-Z])(?=.*[0-9])
(?=.[a-z])(?=.[A-Z])(?=.*[^a-zA-Z0-9])
(?=.[A-Z])(?=.[0-9])(?=.*[^a-zA-Z0-9])
(?=.[a-z])(?=.[0-9])(?=.*[^a-zA-Z0-9])
.{10.127}
Here is my code:
//Validate names have correct characters
if (preg_match("/^[a-zA-Z\s-]+$/i", $_POST['first']) == 0) {
echo '<p class="error">Your first name must only include letters,
dashes, or spaces.</p>';
$okay = FALSE;
}
if(preg_match("/^[a-zA-Z\s-]+$/i", $_POST['last']) == 0) {
echo '<p class="error">Your last name must only include letters,
dashes, or spaces.</p>';
$okay = FALSE;
}
How do I modify this code so that it accepts everything except numbers?
Vedran was most correct. The \d means digits, and the capital \D means NOT digits. So you would have:
if (preg_match("/\d/i", $_POST['first']) > 0) {
echo '<p class="error">Digits are not allowed, please re-enter.</p>';
$okay = FALSE;
}
The above means... If you find any digit... do your error. aka: allow everything except digits.
HOWEVER... I believe you need to re-think your idea to allow "Everything Except digits." You typically don't want the user to enter Quotes or Special ACII Characters, but it appears you want them to be able to enter -!##$%^&*()_+=|}{\][:;<>?,./~
That seems like a long list, but compared to the complete list of possible characters, it isn't that long. So even though it seems like more work, you might want to do that:
if (preg_match("/[^-~`!##$%^&*()+={}|[]\:;<>?,.\w]/i", $_POST['first']) > 0) {
echo '<p class="error">ASCII and Quotes are not accepted, please re-enter.</p>';
$okay = FALSE;
}
Neither one of these have the Beginning/End-Line special characters, because you are looking anywhere in the string for any occurance of (or not of) these checks.
I changed the comparison operator to (if greater than) because we aren't looking for the lack of something required to throw an error anymore, we are looking for the existence of something bad to throw an error.
Also, I took the underscore out of the last regex there... because the Word Character (\w) includes digits, letters, and underscores. Lastly, the dash in the character-class has to be either FIRST or LAST in the list, or it sometimes throws errors or is accidentally mistaken as a range character.
preg_match("/^[^0-9]*$/", $string)
accepts everything but numbers.
I am creating a password validation tool, and one of the requirements I'd like is to prevent the user from having too many letters in a row. Any letters, including capital letters, cannot be repeated in a sequence of 3 or more times.
My approach has been to move through the password string with a for loop, and embedding a few checks using regex within that. I can't seem to get the logic to work, and it's probably something simple. Here is one of my (many) failed attempts at cracking this problem:
$seqLetterCounter = 0;
for($i=0; $i < strlen($password); ++$i) {
if($password{$i} == '/([a-zA-Z])/') {
$seqLetterCounter++;
}
if($seqLetterCounter > $this->maxSeqLetters){
$this->errors[6] = 'You have used too many sequential letters in your password. The maximum allowed is ' . $this->maxSeqLetters . '.';
}
if($password{$i} == '/([^a-zA-Z])/') {
$seqLetterCounter = 0;
}
}
$password - a posted value from a form.
$maxSeqLetters - a protected variable that holds an integer value, defined by the user.
errors[] - an array that is used to determine if the password has failed any of the various checks.
Anyone have some pointers?
Fairly simple with a regex:
if (preg_match('/(\w)\1{2,}/', $password)) {
die("3+ repeated chars not allowed");
}
Search for a character (\w), store it (()), then see if that same character comes immediately afterwards (\1) two or more times {2,}.
ok... so if consecutive sets of 3+ letters or numbers are out, then try
/([a-z]{3,}|[0-9]{3,})/i
for the regex instead. Search for any letters ([a-z]) OR (|) numbers ([0-9]), which occur 3 or more times ({3,}), and do the match in a case-insensitive manner (i), so you don't have to worry about aAa breaking the match.