Create preg_match for password validation allowing (!@#$%)
I liked r3bel's answer, so I had a play with it and ended up with the following as a password-checking function:
function password_strength_check($password, $min_len = 8, $max_len = 70, $req_digit = 1, $req_lower = 1, $req_upper = 1, $req_symbol = 1) {
// Build regex string depending on requirements for the password
$regex = '/^';
if ($req_digit == 1) { $regex .= '(?=.*\d)'; } // Match at least 1 digit
if ($req_lower == 1) { $regex .= '(?=.*[a-z])'; } // Match at least 1 lowercase letter
if ($req_upper == 1) { $regex .= '(?=.*[A-Z])'; } // Match at least 1 uppercase letter
if ($req_symbol == 1) { $regex .= '(?=.*[^a-zA-Z\d])'; } // Match at least 1 character that is none of the above
$regex .= '.{' . $min_len . ',' . $max_len . '}$/';
if(preg_match($regex, $password)) {
return TRUE;
} else {
return FALSE;
}
}
Max/Min lengths are default or adjustable, each requirement is default on, but can be switched off, and I wanted to support any symbols so the last requirement is "anything that isn't one of the above types", rather than a fixed set of symbols.
I think this should look like that:
if(!preg_match('/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,12}$/', $password)) {
echo 'the password does not meet the requirements!';
}
Between start -> ^
And end -> $
of the string there has to be at least one number -> (?=.*\d)
and at least one letter -> (?=.*[A-Za-z])
and it has to be a number, a letter or one of the following: !@#$% -> [0-9A-Za-z!@#$%]
and there have to be 8-12 characters -> {8,12}
As user557846 commented to your question, I would also suggest you to allow more characters, I usually (if i use a maximum) take at least 50 :)
btw, you might want to take a look at this regex tutorial
preg_match('/^(?=.*\d)(?=.*[@#\-_$%^&+=§!\?])(?=.*[a-z])(?=.*[A-Z])[0-9A-Za-z@#\-_$%^&+=§!\?]{8,20}$/',$password)
- at least one lowercase char
- at least one uppercase char
- at least one digit
- at least one special sign of @#-_$%^&+=§!?