PHP Advanced Password Validation using Regular Expressions

[ledeanio]

Hi all,


I am having trouble validating passwords which users choose for
themselves. The rules I need to follow are:
Has to be between 7 - 20 chars
Must only contain a-z A-Z 0-9
Must have at least one lowercase, one uppercase and one digit in this.


The validation I am running at the moment is:


if (!ereg("([a-z]{1,}[A-Z]{1,}[0-9]{1,})",$password))
{
$patternmatch='Problem';
}


But this doesn't look right. Could anyone please help?


Many Thanks,

[ledeanio]

Hi again,

I've found the solution:

if(
ctype_alnum($password) // numbers & digits only
&& strlen($password)>6 // at least 7 chars
&& strlen($password)<21 // at most 20 chars
&& preg_match('`[A-Z]`',$password) // at least one upper case
&& preg_match('`[a-z]`',$password) // at least one lower case
&& preg_match('`[0-9]`',$password) // at least one digit
){
// valid


}else{
// not valid
}

This is a pretty nifty bit of script if you want to ensure that a user chooses a very secure password.

Cheers,

[bccruzer]

nice. i've changed the script so its 8-16, which is good for me. thanks!

if(
ctype_alnum($password) // numbers & digits only
&& strlen($password)>7 // at least 8 chars
&& strlen($password)<17 // at most 16 chars
&& preg_match('`[A-Z]`',$password) // at least one upper case
&& preg_match('`[a-z]`',$password) // at least one lower case
&& preg_match('`[0-9]`',$password) // at least one digit
){
// valid


}else{
// not valid
}