Thread: Password rules

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    Southern California
    Posts
    7
    Rep Power
    0

    Password rules


    I need a regex for use in php that tells me that there is :
    (1) at least one lower case letter in a 9 char string,
    (2) at least one upper case letter in the same string,
    (3) Exactly two numerals in said string. (These two digits may be separated by zero or more other kinds of characters.) and
    (4) Exactly one dot anywhere in the string.

    I appreciate your attention.

    This is the only edit: Even if it's done in pieces I'm still interested. ie. Not a single regex.
    Last edited by efmoya; November 10th, 2012 at 09:36 AM. Reason: Make easier to understand
  2. #2
  3. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Where are you stuck? Do you know regex?

    Why are you being so restrictive in your passwords? I've never used a password that matches these criteria, and I work as a programmer for a PCI-compliant company.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  4. #3
  5. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,250
    Rep Power
    1469
    This sounds like overkill. You're better off using PHP for this rather than trying construct a lengthy, cryptic regex that you won't be able to debug two hours after you write it. Are you sure you want to keep going with the regex angle?
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2012
    Location
    Paris area, France
    Posts
    843
    Rep Power
    496
    OK, I write it in Perl syntax, just adapt it for your needs. Supposing we are in a loop, we could think of your rules as follows:

    (1): next unless /a-z/;
    (2): next unless /A-Z/;
    (3): next unless /\d.*\d/;
    (4): next unless /\./;

    So, overall, you could create a validate_password subroutine (untested code):

    Perl Code:
     
    print "please enter you password\n";
    while (1) {
         my $password = <STDIN>;
         my $flag = validate_password($password);
         last if $flag; # exit the loop if password is correct
         print "try again\n" ;
    }
     
    sub validate_password {
         $_ = shift;
         return 1 if /a-z/ and /A-Z/ and /\d.*\d/ and /\./; # password valid
         return 0;
    }

    The subroutine will return true if all four required elements are there, and false otherwise.
    Last edited by Laurent_R; November 9th, 2012 at 05:40 PM.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    Southern California
    Posts
    7
    Rep Power
    0

    two digits and one dot


    Originally Posted by Laurent_R
    OK, I write it in Perl syntax, just adapt it for your needs. Supposing we are in a loop, we could think of your rules as follows:

    (1): next unless /a-z/;
    (2): next unless /A-Z/;
    (3): next unless /\d.*\d/;
    (4): next unless /\./;

    So, overall, you could create a validate_password subroutine (untested code):

    Perl Code:
     
    print "please enter you password\n";
    while (1) {
         my $password = <STDIN>;
         my $flag = validate_password($password);
         last if $flag; # exit the loop if password is correct
         print "try again\n" ;
    }
     
    sub validate_password {
         $_ = shift;
         return 1 if /a-z/ and /A-Z/ and /\d.*\d/ and /\./; # password valid
         return 0;
    }

    The subroutine will return true if all four required elements are there, and false otherwise.
    How does this guarantee two digits and a single dot?
  10. #6
  11. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    and /\d.*\d/
    That bit is two digits.
    and /\./
    That bit is a single dot.

    Still wondering why you'd want to annoy your users so much that they write down their passwords on a post-it.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    Southern California
    Posts
    7
    Rep Power
    0

    more:


    Originally Posted by ManiacDan
    That bit is two digits.
    That bit is a single dot.

    Still wondering why you'd want to annoy your users so much that they write down their passwords on a post-it.
    I want two digits total with possibly some other character between them.

    Am I wrong in assuming that \d.*\d means two or more digits in a row?

    ps. I work for a bank.

    Similarly, won't /\./ allow more than one?
    Last edited by efmoya; November 10th, 2012 at 12:44 AM. Reason: to add lines
  14. #8
  15. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,250
    Rep Power
    1469
    Originally Posted by efmoya
    Am I wrong in assuming that \d.*\d means two or more digits in a row?
    No.

    \d any single digit
    .* followed by any number of characters
    \d ending with any single digit

    In other words, it will match any two or more digits separated by any number of characters.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2012
    Location
    Paris area, France
    Posts
    843
    Rep Power
    496
    I did not see that you said "exactly 2 digits" and "exactly 1 dot" (or perhaps you added the words "exactly" afterwards to clarify your requirement), I thought you wanted at least 2 digits and at least 1 dot, which is generally what you want in a password specification (for example: at least 1 upper case letter, at least one special character, at least 1 digit, etc. to make passwords more difficult to crack).

    This will be a bit more complicated, using negated character classes.

    Exactly 2 digits:

    Code:
    /^\D*\d\D*\d\D*$/
    (matches start or line, 0 or more non digit, 1 digit, 0 or more non digit, 1 digit, 0 or more digit, end of line).

    Exactly one dot:

    Code:
    /^[^.]*\.[^.]*$/
    (same idea: 0 or more non dot, 1 dot, 0 or more non dot).

    Alternatively, you could simply count the number of occurrences of a digit and a dot.

    Comments on this post

    • ManiacDan agrees
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    Southern California
    Posts
    7
    Rep Power
    0

    conversation


    Originally Posted by Laurent_R
    I did not see that you said "exactly 2 digits" and "exactly 1 dot" (or perhaps you added the words "exactly" afterwards to clarify your requirement), I thought you wanted at least 2 digits and at least 1 dot, which is generally what you want in a password specification (for example: at least 1 upper case letter, at least one special character, at least 1 digit, etc. to make passwords more difficult to crack).

    This will be a bit more complicated, using negated character classes.

    Exactly 2 digits:

    Code:
    /^\D*\d\D*\d\D*$/
    (matches start or line, 0 or more non digit, 1 digit, 0 or more non digit, 1 digit, 0 or more digit, end of line).

    Exactly one dot:

    Code:
    /^[^.]*\.[^.]*$/
    (same idea: 0 or more non dot, 1 dot, 0 or more non dot).

    Alternatively, you could simply count the number of occurrences of a digit and a dot.
    By golly, I think you've got something there! I'm going to work on at least pieces of my problem per your suggestions.

    Thanks,

    BTW I had built it using only php and it worked but it is very
    time consuming. I have hopes that a regex or two will speed it up.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    Southern California
    Posts
    7
    Rep Power
    0

    Working php for password verification with regex



    edit:Laurent,
    I believe I have the whole thing in one regex.
    Thank you very much. !!!
    Take a look:
    Code:
    <?php
    
    $act = isset( $_GET['act'] ) ? $_GET['act'] : '' ;
    if( $act == '' ) entry(); else test();
    
      function entry()
      {
        $html = <<<END
    <!DOCTYPE html>
    <html>
    <head>
    <title>password check</title>
    <style type="text/css">
    .tac {text-align:center}
    </style>
    </head>
    
    <body>
    <div class="tac">
    <form method="post" action="./regextest.php/?act=test">
    password: <input type="text" name="pw" value=""><br>
    <p>The password MUST:<br>
    (1) be exactly 9 characters long<br>
    (2) have exactly one dot<br>
    (3) have exactly two numerals<br>
    (4) have one or more lowercase letters<br>
    (5) have one or more uppercase letters<br></p>
    <input type="submit" name="tbtn" value="Test">
    </form>
    </div>
    </body>
    </html>
    
    END;
        echo $html;
        exit;
      }
    
    
      function test()
      {
        $pw = $_POST['pw'];
    
    //------------------------------------------------------------------------------------------------//
        $pwl = ( strlen( $pw ) === 9 ) ? false : true ;
    //----------------------------------------------//
        if( preg_match( '~^.*(?=.*[^.]*\.[^.]*)(?=.*\D*\d\D*\d\D*)(?=.*[a-z])(?=.*[A-Z]).*$~', $pw ))
          $err = false; else $err = true;
    //------------------------------------------------------------------------------------------------//
        echo "<center><br><br><b><font size='+2' color='red' face='Courier New'>";
        if( $err || $pwl ) { echo "SYNTAX ERROR"; }
        else echo "SYNTAX OK";
        echo "</font></b></center>";
      }
    //------------------------------------------------------------------------------------------------//
    ?>
    Last edited by efmoya; November 12th, 2012 at 08:02 AM. Reason: to clarify recipient

IMN logo majestic logo threadwatch logo seochat tools logo