asked on

Function for password strenght

Im trying to extend a function to validate a users password, with at least one character from the (I dont know what they are called characters).

So Ive written:-

	if (!preg_match("#[¬!\"£$%^&*()_+-={}~@:?><,./;'#][\]'"]+#", $pwd)) {
		$errors[] = "Password must include at least one non-character/non-number - eg #[¬!\"£$%^&*()_+-={}~@:?><,./;'#][]'"]+#";
    }

Open in new window

which PHP says:-

Error type : 4
Message : syntax error, unexpected ']'

So, my question is how do I put a reserved character into a regex string?

My entire function is:-

function checkPassword($pwd) {
	$errors = array();
	
    if (strlen($pwd) < 8) {
        $errors[] = "Password too short!";
    }

    if (!preg_match("#[0-9]+#", $pwd)) {
        $errors[] = "Password must include at least one number!";
    }
	
    if (!preg_match("#[a-zA-Z]+#", $pwd)) {
        $errors[] = "Password must include at least one letter!";
    }     

	if (!preg_match("#[¬!\"£$%^&*()_+-={}~@:?><,./;'#][\]'"]+#", $pwd)) {
		$errors[] = "Password must include at least one non-character/non-number - eg #[¬!\"£$%^&*()_+-={}~@:?><,./;'#][]'"]+#";
    }     
	
    if (!preg_match("#[a-z]+#", $pwd) || !preg_match("#[A-Z]+#", $pwd)) {
        $errors[] = "Password must include at least one upper and one lower case letter!";
    }     

	if ($errors == array()){
		return array("success"=>true,"errors"=>$errors);
	} else {
		return array("success"=>false,"errors"=>$errors);	
	}
    
}

Open in new window

Any advise would be gratefully recived.

Thank you

SOLUTION

Rgonzo1971

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

tonelm54

ASKER

Ok, so now I have:-

	if (!preg_match("#\|[¬\!\"£\$%\^&\*\(\)_\+\-\=\{\}~@\:\?\>\<,\./;'#]\[\]'\"+#", $pwd)) {
		$errors[] = "Password must include at least one symbol";
    }

Open in new window

But I still get:-

E_WARNING : type 2 -- preg_match(): Unknown modifier ']' -- at line 17

tonelm54

ASKER

Sorry, correction. Im now using:-

	if (!preg_match("#[\|[¬\!\"£\$%\^&\*\(\)_\+\-\=\{\}~@\:\?\>\<,\./;'#\[\]'\"]+#", $pwd)) {
		$errors[] = "Password must include at least one symbol";
    }

Open in new window

But get still get unknown ]

ASKER CERTIFIED SOLUTION

tonelm54

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Ray Paseur

Why even bother? An 8-character password, no matter what kind of nonsense character string it's made from, is computationally trivial. A smarter approach is a "pass phrase." Don't miss the message just because it's in a cartoon - this is smart. Screwey passwords are dumb.
https://xkcd.com/936/
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength

kaufmed

Just corrected by using:-

Actually, no you didn't. You just made your password accept junk. The problem isn't anything to do with escaping the characters mentioned by others. The problem is that you're not escaping the right characters. You've got an extra square bracket in your expression which needs to be escaped. You've got an unescaped # because you used # as your pattern delimiter; you've got an unescaped square bracket because it's in the middle of the pattern; and you've got an unescaped double-quote because you're using double quotes as your string delimiter. Fix those, and your original pattern should work:

if (!preg_match("#[¬!\"£$%^&*()_+-={}~@:?><,./;'\#\][\]'\"]+#", $pwd)) {

Open in new window

Ray Paseur

tonelm54

ASKER

Found solution