Password length and format question

Rains

I’m in the process of developing an application and I’ve hit a small snag. I’ve got a section where a user can update/change their password they use to login with. For security purposes I need a minimum password length of 6 characters along with 1 number. I’ve got the 6 characters length down with a simple check:

// Form Validation and Error
$ErrorMsg = "";
$error = 0;

// Set minium password length
$minpass = 6;

// If password is less than $minpass, created error message
if($_POST['password'] < $minpass) {
     $ErrorMsg .= "• Password needs to be longer than 6 characters<br>\n";
     $error++;
}

I was thinking maybe a regular expression might work to but I don’t know how to write them. Is there an easier way to force a user to have at least one number in their password?

shonuff

if (!ereg("[0-9]+", $_POST['password']))
{
echo "You need at least one number in your password...";
}

laserlight

Firstly, you mean to test the length of the password, not whether the password is less than 6.

As for checking if there is a digit character, you can use preg_match() with the \d (decimal digit) character type.

if (strlen($_POST['password']) >= 6 && preg_match('/\d/', $_POST['password'])) {
	// password is acceptable
}

It is also possible to write your own digit checking function using [man]ctype_digit/man, but regex may be easier here.