Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts

    Simple regular expression question

    I need a condition to validate password entered in an HTML form (when user registers).

    - Password must be between 8 and 20 chars.
    - Password must at least contain a letter AND at least one non-letter (space, punctuation, number...)

    So far I have:

    PHP Code:
    if (
        
    strlen($_POST['password']) < ||
        
    strlen($_POST['password']) > 24 ||
        
    ereg("[a-zA-Z]+"$_POST['password']) /* Only letters = bad */ ||
        
    eregi("[^0-9]"$_POST['password']) /* Only numbers = bad */
    )
    {
        
    //Password bad!

    I'm really not sure about my "ereg"... The "only letters" one seems OK but the "only numbers" one seems bad...

    Anyone can help?

    Thanks!

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    I think something like this (not checked):
    PHP Code:
    $password trim($_POST['password']);
    if (
        
    strlen($password) < ||
        
    strlen($password) > 24 ||
        
    preg_match("/^([a-z]+|\d+)$/i"$password)
    )
    {
        
    //Password bad!

    Please notice that I have used preg_match() instead of eregi(). It is better to use PCRE, not POSIX regular expressions. POSIX regular expressions are going to be moved to PECL as far as I know. Also PCRE functions are often faster. And as far as I remember (maybe I am wrong) POSIX regular expression functions are not binary safe.

    Edit: I think I should give a brief explanation on the pattern "/^([a-z]+|\d+)$/i":
    ^ - matches beginning of the string
    $ - matches end of the string
    () - used for grouping
    | means "or"
    \d means a digit from 0 to 9
    i after "/" makes the regexp case-insensitive
    So this regexp means: either only letters from a to z in any case or only digits.
    Last edited by SKDevelopment; 09-15-2009 at 11:25 PM.

  • #3
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Quote Originally Posted by SKDevelopment View Post
    Please notice that I have used preg_match() instead of eregi().
    Definitely use preg_match... they are getting rid of the ereg functions in PHP 6 if I remember right. I just recently went through a lot of my old code and changed all of mine. Then I found a couple that I had missed last night. Boy was that fun... hehehe

  • #4
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts
    preg_match("/^([a-z]+|\d+)$/i", $password)

    is not totally working... The password "foo bar" (without quotes) is valid (since it contain letter and non letter - space) but the regexp dosen't let it pass... Any idea why?

  • #5
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    It is not the regexp. The code:
    PHP Code:
    $password 'foo bar';
    if (
        
    strlen($password) < ||
        
    strlen($password) > 24 ||
        
    preg_match("/^([a-z]+|\d+)$/i"$password)
    )
    {
     echo 
    'Bad password';
    } else {
     echo 
    'Good password';

    outputs 'Bad password' because the length of the string is 7 which is less than 8. If you remove "strlen($password) < 8", the password would be considered as good.

  • #6
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts
    Hahaha I missed that the regexp seems ok thanks!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •