White_Lily Posted October 29, 2012 Share Posted October 29, 2012 I am trying to get my registration form secure from a user point of view. What I want is something like a text pattern that won't let the user register unless they have at least 1 number and one capital letter within their password and their password must be at least 6 characters long and maximum of 25 characters long. I was wondering how I would go about this, and if their is a text pattern involved, how do I write them? Quote Link to comment Share on other sites More sharing options...
Jessica Posted October 29, 2012 Share Posted October 29, 2012 Regular Expressions. Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 29, 2012 Share Posted October 29, 2012 I claim no authorship of this Expression. I got it from the public domain at Regular Expression Library, and provided by Steve Smith. $pattern = '#^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,25}$#'; //modified to handle from 6 to 25 characters. $password = $_POST['password']; if(preg_match($pattern,$password)) { echo 'Passwords good!'; } else { echo 'Invalid password!'; } Description: Password matching expression. Password must be at least 4 characters, no more than 8 characters, and must include at least one upper case letter, one lower case letter, and one numeric digit. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 29, 2012 Share Posted October 29, 2012 Don't set a max length on passwords. The longer they are, the better. You want to promote your users to have as long passwords as possible, and if they get up to 250 characters rejoice! Putting limits on the minimum length, or the minimum level of entropy, however. Now, that's a good thing. People are, unfortunately, way too lax with coming up with proper passwords. Making them all to easy to guess or run a dictionary attack against. I'd probably even set the minimum length a bit higher, and add some special non alpha-numerical characters into the required list. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 29, 2012 Share Posted October 29, 2012 I would just enforce a minimum length, not necessarily any special characters, and suggest that users use a long phrase rather than a password, per se. Using an easy to remember phrase like "My first house was on a mountain top in Brazil" is far more secure than some easy to forget, hard to type, 8 character password, even with special characters. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 29, 2012 Share Posted October 29, 2012 I'm with Pika. don't force me to use capital letters or something, that's how passwords get written down. Quote Link to comment Share on other sites More sharing options...
White_Lily Posted October 29, 2012 Author Share Posted October 29, 2012 So what your saying is have some form of security question? Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 30, 2012 Share Posted October 30, 2012 ...what? Who said that? Nobody said anything about security questions. We said let the users set passwords as long as they like, and make sure it's above a minimum length. Quote Link to comment Share on other sites More sharing options...
White_Lily Posted October 30, 2012 Author Share Posted October 30, 2012 Pika was on about phrases - i assumed he meant security questions... Quote Link to comment Share on other sites More sharing options...
White_Lily Posted October 30, 2012 Author Share Posted October 30, 2012 Okay so i managed to write a text pattern based around a few i saw, preg_match('^(?=.*\d)(?=.*\[A-Z])(?=.*\s)$', $pword) Would that work? (requires 1 digit, 1 upercase letter and no spaces). Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 30, 2012 Share Posted October 30, 2012 sure it would if you want to match 1 digit 1 uppercase letter and no space. don't forget lowercase as well. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 30, 2012 Share Posted October 30, 2012 That would work if you wanted to disallow my 25-character password with letters, numbers, and special characters. There's no capital letter in my password, but there are six special characters. I'm not sure why people think it's so important to make me conform to their password rules. Just make it 6+ characters and be done with it. All you're doing is making me write down the password to your site. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 30, 2012 Share Posted October 30, 2012 (edited) White_Lilly: In case it's not 100% clear by now, that RegExp of yours states that the whole string (password) has to be compromised of digits, upper case letters, or spaces. At least one of each, but the entire password needs to have a width of 0. In short, it matches nothing, but it requires that that nothing has something in it. In other words it creates a paradox, so that it will never match any input its given. (Not to mention the fact that you escaped the opening bracket of the character group, and missing the delimiters.) Just use the pattern given to you by jcbones, only drop the 26 part from it. Alternatively, you can use a dual-layer validation RegExp. To allow for simpler password but of greater length, or a short but complex password. Then it'd look like this: $RegExp = '/(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[.,_!?*\'+\\/&%¤#"§|-]).{6,25}|.{26,}/u'; Note that you don't need to anchor the RegExp to the end or the start, as you want only to check the minimum requirements. Edited October 30, 2012 by Christian F. Quote Link to comment Share on other sites More sharing options...
White_Lily Posted October 30, 2012 Author Share Posted October 30, 2012 Thank you jcbones and Christian F. That text pattern works perfectly! Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 30, 2012 Share Posted October 30, 2012 You're welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.