Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Enforcing Strong Password with PHP

I am trying to check, if a user has created a password that contains symbols (including +,-,= signs) OR/AND numbers. How can I do that?

function check_password($str)
{

   if (!preg_match ("/[&@<>%\*\,\^!#$%().]/i", $str))

    {
        $this->form_validation->set_message('check_password', 'Your password should contain a number,letter,and special characters"');
        return FALSE;
    }
    else
    {
        return TRUE;
    }

} 

Thanks.

like image 517
Tristan Avatar asked Aug 25 '11 20:08

Tristan


People also ask

How can I confirm my PHP password?

Just get both the password and confirm password fields in the form submit PHP and test for equality: if ($_POST["password"] === $_POST["confirm_password"]) { // success! }


1 Answers

My suggestion for password strength checking is to break each requirement you have into separate regexs, particularly:

   $regexs = array(
                 '/[0-9]+/',  // Numbers
                 '/[a-z]+/',  // Lower Case Letters
                 '/[A-Z]+/',  // Upper Case Letters
                 '/[+-=]+/',  // Your list of allowable symbols.
   );

Initialize a counter to 0. For each regex, test to see if it matches. If it does, increase the counter by 1. Then return true if counter is greater than 3 (or 4 if you want them to have a really really strong password), otherwise return false.

I think this would be much more maintainable for you in the long run if your requirements ever change.

like image 173
Jeff Lambert Avatar answered Oct 02 '22 12:10

Jeff Lambert