verifing a string

graziano

Hello ,

I need to verify a variable ($newpass) entered on a web form

It should be between 6 to 15 carachters lenght
It should contain 1 max 14 small OR upper carachters
It should contain at least 1 number (min 1 max 14)

I am using this

if (strlen ($newpass) < 6 || strlen ($newpass) > 15 || !ereg ("^[a-z{1,14}]+[A-Z{1,14}]+[0-9{1,14}]", $newpass)) {

echo "ERROR invalid Password";
}

else
echo "Password OK";

but it doesn't work fine .

In fact if I insert

111111111111111

it will be accepted 🙁

Any idea ?
Thank you

p.s. is it also possible to check if the string entered is a dictionary
words (using a php function .. such as the linux passwd does) ?

Weedpacket

You could just replace the big long complicated regexp with two shorter ones:

[a-zA-Z]

and

[0-9]

Don't need to count anything - that's been taken care of with the strlen checks.

graziano

Originally posted by Weedpacket
You could just replace the big long complicated regexp with two shorter ones:
[a-zA-Z]
and
[0-9]
Don't need to count anything - that's been taken care of with the strlen checks. [/B]

thank you , yes I did it too , but how to check for

It should contain 1 max 14 small OR upper carachters
It should contain at least 1 number (min 1 max 14)

graziano

ok I have understand , thank you 🙂

solved with

if (strlen ($newpass) < 6 || strlen ($newpass) > 15 || !ereg ("[a-zA-Z]+[0-9]", $newpass))  {

Weedpacket

Originally posted by graziano
ok I have understand , thank you 🙂

solved with
if (strlen ($newpass) < 6 || strlen ($newpass) > 15 || !ereg ("[a-zA-Z]+[0-9]", $newpass))  {
[/B]

Not what I had in mind (that would fail on 1aoioiiji.)

I was thinking:

if (strlen ($newpass) < 6 || strlen ($newpass) > 15 || !ereg ("[a-zA-Z]", $newpass) || !ereg ("[0-9]", $newpass))

The first test will rule out anything less than six characters long.
The second test will rule out anything more than fifteen characters long
The third test will rule out anything that doesn't contain a letter
The fourth test will rule out anything that doesn't contain a digit.

There can't be more than fourteen letters, because there can't be more than fifteen characters, and at least one of those has to be a digit.
Similarly, there can't be more than fourteen digits, because there can't be more than fifteen characters, and one of those is a letter.

graziano

double thanks !!

bobthedog

Originally posted by Weedpacket

if (strlen ($newpass) < 6 || strlen ($newpass) > 15 || !ereg ("[a-zA-Z]", $newpass) || !ereg ("[0-9]", $newpass))

And although graziano never explicitly mentioned this (and because I'm in the mood to try me regular expressions out today 🙂 ), I'm guessing that he ONLY requires upper/lowercase letters in range a-z and digits 0-9, without any other characters getting in the way.... in which case, it could go like this...


if (!ereg("^([a-zA-Z0-9]{6,15})$", $newpass) || !ereg ("[a-zA-Z]", $newpass) || !ereg ("[0-9]", $newpass))

1 - The first test will check that only the letters a-z (both lower and upper case) and the digits 0-9 exist in the string, and also checks that the string is between 6 and 15 characters long (replaces the 2 strlen checks done before)
2 - Rules out anything which doesn't contain a letter
3 - Rules out anything which doesn't contain a digit

Hope this helps you 🙂

graziano

Originally posted by bobthedog

And although graziano never explicitly mentioned this (and because I'm in the mood to try me regular expressions out today 🙂 ), I'm guessing that he ONLY requires upper/lowercase letters in range a-z and digits 0-9, without any other characters getting in the way.... in which case, it could go like this...
if (!ereg("^([a-zA-Z0-9]{6,15})$", $newpass) || !ereg ("[a-zA-Z]", $newpass) || !ereg ("[0-9]", $newpass))
1 - The first test will check that only the letters a-z (both lower and upper case) and the digits 0-9 exist in the string, and also checks that the string is between 6 and 15 characters long (replaces the 2 strlen checks done before)
2 - Rules out anything which doesn't contain a letter
3 - Rules out anything which doesn't contain a digit

Hope this helps you 🙂 [/B]

in this forum live php gurus ! Thank you !

Weedpacket

Yep, just realised this (it was never explicitly asked for, I say in my defence; sometimes I do allow passwords to include other characters).

But the extra regexp is a bit overboard. After checking string length and the presense of letters and digits, all that still needs to be verified is that [^a-zA-Z0-9] doesn't match.

I'd use strlen() to check string length explicitly - it's a lot faster than building a regexp to do the job, and it tends to be the most likely reason a password will fail.

I mean, if you were wanting to do the whole shebang with regexps:

if(!preg_match('/^(?=[a-z\d]{6})(?![a-z\d]{16})[a-z\d]*([a-z]\d|\d[a-z])[a-z\d]*$/i',$newpass))

does the job. 'Cept I still prefer to separate out the strlen checks. If I do those first, I can simplify down to:

if(strlen($newpass)<6 || strlen($newpass)>15 || !preg_match('/^[a-z\d]*([a-z]\d|\d[a-z])[a-z\d]*$/i',$newpass))

The key point being: if there are both letters and digits in the password, then there has to be some point where there is a letter followed by a digit or a digit followed by a letter.