samanthreddys

if (($attempts>=3)&&($m1==90)) { $err_msg = 'No more attempts in this session'; $m1=92; } else { $sessid = $_SESSION['MYportal']; if (strlen($sessid)>0) { if ($m1==99) { $sessid=''; $_SESSION['apmm_cm'] = $sessid; $m1=90; } else { $user_id = $_SESSION['apmm_id']; $sql="select name,pw from user where id=$user_id"; $get_info = mysql_query ($sql); list($user_name,$c_pw) = mysql_fetch_row($get_info); if (($m1==96)&&($m2==2)&&($state==1)) { $old_pw = $_POST["old_pw"]; $new_pw = $_POST["new_pw"]; $new2_pw = $_POST["new2_pw"]; $err_msg=''; if (strlen($user_name)==0) { $err_msg="Please state old password"; } if (strlen($err_msg)==0) { if ($c_pw<>md5($old_pw)) { $err_msg="Old password is not correct"; } } if (strlen($err_msg)==0) { if (strlen($new_pw)==0) { $err_msg="Please state new password"; } } if (strlen($err_msg)==0) { if (strlen($new2_pw)==0) { $err_msg="Please re-type new password"; } } if (strlen($err_msg)==0) { if ($new2_pw<>$new_pw) { $err_msg="New password and re-type password is not the same"; } } $regex="/^.*(?=.{8,}).*$/"; if (false==(preg_match($regex,$new_pw))) { $err_msg="New password length must be at least 8 characters."; } $regex="/[A-Z]/"; //regular expression if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least 1 uppercase character."; } $regex="/[a-z]/"; if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least 1 lowercase character."; } $regex="/[0-9]/"; if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least at least 1 digit "; } $regex="/[\W_]/"; //special characters and underscore character if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least at least 1 special characters."; }

Hii My Requirement for the password validation is: I need to create password rules. I have done validations for password with 8 characters min length,and need spl chars, etc as shown below: $regex="/[a-z]/"; if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least 1 lowercase character."; } $regex="/[0-9]/"; if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least at least 1 digit "; } $regex="/[\W_]/"; //special characters and underscore character if (false==(preg_match($regex,$new_pw))) { $err_msg="New Password should contain at least at least 1 special characters."; } Now I need to enforce the below rules please throw some light on this: I.Not contain the userid as part of the password Be changed at least once every 90 days (Note: Passwords that have not been changed in 90 days, but which are in an expired state, are not in violation of the password change interval requirement) > note the check for initial password, age can be checked there as well (verify by modifying the last password change date) II.Have a minimum password age of the minimum interval allowed by the platform but not less than one day > use the last password change date III.Not be reused until after at least eight iterations > requires a new table that holds at most 8 of last used md5 encrypted passwords Thanks in Advance