Posted by Jochem Maas on 10/04/02 11:08

Alex Gemmell wrote:
> Hello!
>
> I'm checking user chosen passwords for validity and have created 7
> tests. It's not 100% bulletproof but it will do for now. My problem
> is with the last check "have 6 unique characters". I'm at a loss at
> how to check for this in a neat one-liner.
>
> My brain is starting to go off on some horribly complicated routines
> but I'm sure it can be done neatly (like the regular expressions).
> Can anyone help me with this? By the way - I've only just learnt
> regular expressions this morning so I'm no expert on them...
>
> ########
> # Code:
> ########
> function check_password($password) {
> # It exists
> if ( !isset($password) ) return false;

this is pointless, the function will hurl if you don't pass an arg.

> # Not empty
> if ( empty($password) ) return false;
> #At least 8 characters long
> if ( strlen($password)<8 ) return false;

> #Does not contain special characters e.g. (!@#:?<>,./;'`[=\]{space})
> if ( !preg_match ('/[][)(.,!@#:?<>\/\\\\;\'`=\\s]/', $password)
> ) return false;

why are you not allowing 'special' chars? these can increase pwd complexity -
which is a good thing.

> #Contain at least one number
> if ( !preg_match ('/\\d/', $password) ) return false;

Im pretty sure the double backslash is a typo.
here are some regexps from a php5 class I use:


class RegExp
{
const UNSIGNED_INT = '^\d*$';
const SIGNED_INT = '^[-+]?\d*$';
const FLOATING_POINT = '^[-+]?([0-9]*\.)?[0-9]+$';
const FLOAT_GTEQ1 = '^[1-9](\.\d+)?$';

// ....
}

> #Contain at least one letter
> if ( !preg_match ('/[a-zA-Z]/', $password) ) return false;
> #Have 6 unique characters
> if ( ????????? ) return false;


if (count($chars = preg_split("//", $password, -1, PREG_SPLIT_NO_EMPTY)) &&
(array_unique($chars) !== $chars)) return false;

its a one liner - just a rather long line. the count() is not really ness.
but really is this a good check? consider the following password:

aNalR3teNt1vE$%^.

rather better than:

jack1234.

the second pwd would pass your test, the first one wouldn't

you might want to pass the passwd check to a cmdline utility
which is made for the job.

>
> return true;
> }
> ########
>
> Thanks,
>
> Alex
>

• Next in thread: Re: [PHP] User Passwords: checking for unique chars
• Prev in thread: Re: [PHP] User Passwords: checking for unique chars
• Next in forum: Re: [PHP] User Passwords: checking for unique chars
• Prev in forum: Re: [PHP] sym links
• Thread view: User Passwords: checking for unique chars

[Reply to this message]