simboski19 Posted January 15, 2013 Share Posted January 15, 2013 Hi there, I am working with a web api that has specific requirements for the way it's passwords are formatted. I have used regex very rarely and therefore am very unfamiliar with how to structure them. Basically one of the requirements is that the password entered should: Be - not-repeating such as 'aaaa' AND Be - not-incremental such as '1234' or 'abcd' My current code looks like this: // Password requirements: // Length: Minimal 4 chars, maximum 39 chars if (strlen($password) >= 4 && strlen($password) < 40) { // the password has at least 4 chars and is less than 40 chars in length // Move on... } else { array_push($errors,'Your <strong>Password</strong> must be between <strong>4 and 39</strong> characters in length. Please try again.'); } // Allowed chars: a-z, A-Z, 0-9, minus, underscore, at-sign and dot REGEX TO GO HERE? // Additional: not-repeating and not-incremental like 'aaaa' or '1234' or 'abcd' REGEX TO GO HERE? Could someone help me with the formatting please. I did look at the various links on first post in the forum but it was still way over my head!!!? Any help would be much appreciated. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 Requirements such as "non-repetative" and "non-incremental" are not something I would recommend to use. The reason for this is quite simple: They make passwords easier to crack, by reducing the available entropy, not harder. Not to mention the additional complexity they would add to your check, as its not something you can (properly) do with RegExps. In fact, just about everything except your minimal length requirement (and even that is too short) seem to be geared towards reducing the (available) password complexity. Which is a very, very bad idea. I recommend taking a look at the following thread, as it contains exactly what you need: http://forums.phpfreaks.com/topic/273119-yet-another-password-regex/ Quote Link to comment Share on other sites More sharing options...
simboski19 Posted January 15, 2013 Author Share Posted January 15, 2013 Thanks for the advice Christian. Yes I 100% agree with your view on the simplicity of the password, however this is controlled by the companies API we are having to tap into. We would indeed make the password much stronger but not our choice. I'll certainly take a look at the link you have sent through. Thanks again. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 ...however this is controlled by the companies API we are having to tap into. My sympathies, in that case. Anyway, as noted you will find most of what you need in that thread. The only thing that's not there, except for the non-repatative and non-incremental bits. The non-repetative can be solved by RegExps, by using sub groups and back referencing. This one will prevent repeating characters and numbers: /([a-zA-Z\d])\1/ However, since you already got to loop through the characters of the string, it would be better to just add the above condition to the same function that tests for incrementing characters. Saves you a RegExp call. You're welcome. Quote Link to comment Share on other sites More sharing options...
simboski19 Posted January 15, 2013 Author Share Posted January 15, 2013 That works like a treat Christian, thanks again. I couldn't find any mention of the non-incremental regex in the post you mention. Any ideas? I could post another topic more specifically for the non-incremental regex. Thanks Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 My point is that you're not going to find anything non-incremental with RegExps, simply because that's way out of scope for what Regular Expressions were made for. You need to go back to basics, and treat the string as an array of characters. Then take advantage over PHP's ability to increment ASCII characters by their ASCII value, to solve that requirement. Since you're already looping through the string one character at at time, to test the next, adding the check to see if the characters are of equal value should be done here as well. It's quite a trivial extra cost, compared to running the additional RegExp, and it gathers the logic of those two (similar) requirements quite nicely. Quote Link to comment Share on other sites More sharing options...
simboski19 Posted January 15, 2013 Author Share Posted January 15, 2013 Ah sorry Christian, I must have mis-read your previous email. Yeah sure, I'll give it a go without the use of a regex. Many thanks again for your help Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 You're welcome, glad to be of help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.