Check to make sure a password has at least one upper and one lower case letter

[edd12345678]

Hi,

 

I wonder if some one could help me.

 

I am trying to set up a few rules to make sure that users create safe passwords on my site:

 

I have the below check which makes sure that the user enters a word of at least 8 charachters long:

 

if( strlen($password) < $MaxPwdLength ){
	$errmsg_arr[] = 'Password must be at least 8 charachters long ';
	$errflag = true;
}

 

Does anyone know how I could write an if function to make sure that the ser is entereing a password with at least one capital and one lower case letter in.

 

Hope you can help.

 

Thanks

 

Ed

[ManiacDan]

You can use preg_match for that:

if ( preg_match('/([a-z].*[A-Z])|([A-Z].*[a-z])/', $yourInput ) )

-Dan

[Psycho]

This combines the upper and lower case check with the length check:

function validpassword($password)
{
    $pattern = "#(?=.*[a-z])(?=.*[A-Z]).{8,}#";
    return preg_match($pattern, $password);
}

[xyph]

Positive look-ahead, as shown in mjdamato's example, is probably the 'best' way to add these kinds of requirements.

[ManiacDan]

I didn't know you could stack lookarounds like that.  slick.  This is the proper solution

[xyph]

It does create a backtracking 'loop' in a sense - It matches the .{8,}, then starts looking end-to-start for the first lookaround, then starts at the end again for the second lookaround.

 

Thankfully, it's a relatively small string, and it is only called on user creation or a password change - a very small percentage of your overall requests