xProteuSx Posted November 12, 2011 Share Posted November 12, 2011 I'm creating a registration, and need users to add a password that is alphanumeric, 8-20 characters in length, and contains at least one number and one letter. I got this to work: if ((!ereg("^([a-zA-Z0-9]){8,20}$", $_POST['password'])) || (!preg_match("#^.*(?=.*\d)(?=.*[a-z]).*$#i", $_POST['password']))) { $error = true; } However, I am wondering if I can do this with a single preg_match statement. This complex ereg and preg_match stuff makes me light headed ... I haven't been able to find a similar example anywhere. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/ Share on other sites More sharing options...
Pikachu2000 Posted November 12, 2011 Share Posted November 12, 2011 I'm not a regex wizard, but I do know that ereg is deprecated. Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/#findComment-1287590 Share on other sites More sharing options...
xyph Posted November 12, 2011 Share Posted November 12, 2011 Wait... so a partial goal of this snippet is to LIMIT the allowed types characters in a password? Why? What's wrong with my password containing a non alpha-numeric character? Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/#findComment-1287660 Share on other sites More sharing options...
xProteuSx Posted November 14, 2011 Author Share Posted November 14, 2011 Yes, I would like to limit the password by disallowing non alphanumeric characters ... client's request. Can this be done in one preg_match statement? Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/#findComment-1287899 Share on other sites More sharing options...
salathe Posted November 15, 2011 Share Posted November 15, 2011 Of course you can. /^(?=[a-zA-Z0-9]{8,20}$)(?=.*?\d)(?=.*?[a-zA-Z])/ This approach uses "look aheads" (?=...) anchored at the start of the string which might look a bit odd at first. The pattern basically says, at the start of the subject string does it a) contain only alphanumeric characters between 8 and 20 in length, b) contain something (or nothing) then a digit, and c) contain something (or nothing) followed by a letter. Reading: http://www.regular-expressions.info/anchors.html http://www.regular-expressions.info/lookaround.html Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/#findComment-1288319 Share on other sites More sharing options...
ManiacDan Posted November 17, 2011 Share Posted November 17, 2011 Also, as a consultant, part of your job is to tell a client when they're purposely making their system less secure and less functional. My passwords always contain non alphanum characters. Do you know why? Because that's what you're supposed to do. Making your passwords less secure is a bad idea, and you should at least mention that. Quote Link to comment https://forums.phpfreaks.com/topic/250979-preg_match-alphanumeric-length-char-check-in-one-statement/#findComment-1288954 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.