Password verify

Anon

Hi!
I want to verify if the user submit password got any special characters, I only allow they submit [a-zA-Z0-9],so I use:

if (!ereg("[a-zA-Z0-9]",$password)){
echo "Your paswd got something we don't like";
}

But I found it seems return true even I enter something like:"@!#$" in my password value, why ?
Didn't it should only allow alpha and numberic ?

Anon

Try this... ^ means NOT if I remember right. So it's looking for something that is not alphanumeric.

if (ereg("[^{a-zA-Z0-9]",$password)){}
echo "Your paswd got something we don't like";
}

---John Holmes...

Anon

Still needs a little refinement. The problem with both eregs here is that they aren't forced to match the entire string, but instead are content to match a single character anywhere within it.

Instead, use ^ and $ to anchor the pattern to the beginning and end of the string, and use + (non-empty closure) after the character class:

if (! ereg('^{[a-zA-Z0-9]+$',$password))}
   echo "bad password";

You can also use {} notation to specify specific length requirements, e.g. password must be between 6 and 20 chars:

if (! ereg('^{[a-zA-Z0-9]{6,20}$',$password))}

This is quick and convenient; however it does have the disadvantage that it lumps all the possible failures together, so you can't issue separate informative messages such as 'letters and digits only', 'too short', etc.

Anon

Hi!
Thanks for your help, it works, but I still got some confuse about why using "+" ?

James

Instead, use ^ and $ to anchor the pattern to the beginning and end of the string, and use + (non-empty closure) after the character class:

if (! ereg('^{[a-zA-Z0-9]+$',$password))}
   echo "bad password";

You can also use {} notation to specify specific length requirements, e.g. password must be between 6 and 20 chars:

if (! ereg('^{[a-zA-Z0-9]{6,20}$',$password))}

Anon

means "one or more" so you make sure the password isn't empty.

---JH