Hi i have a password strength check in PHP. that looks like this:
public static function validPass($candidate) {
$r1 = '/[A-Z]/'; //1 upper
$r2 = '/[a-z]/'; //2 lower
$r3 = '/[!@#$%^&*()\-_=+{}:<.>]/'; //1 special char
$r4 = '/[0-9]/'; //1 number
//no space
if (preg_match('/\s/',$candidate)) {
return false;
}
if (preg_match_all($r1, $candidate, $o) < 1) {
return false;
}
if (preg_match_all($r2, $candidate, $o) < 1) {
return false;
}
if (preg_match_all($r3, $candidate, $o) < 1) {
return false;
}
if (preg_match_all($r4, $candidate, $o) < 1) {
return false;
}
return true;
}
so 1 capital, 1 lower, 1 number, 1 special char and no spaces allowed
now i am using a javascript validator for the frontend and the only custom feature i can add for password is to add a regex so i have to build this into a regex. I tried and I have so far:
^(?=.*[^a-zA-Z])(?=.*[a-z])(?=.*[A-Z])$
but i dont know how to approach this. What is the best way to perform these checks into a regex?
Your ^(?=.*[^a-zA-Z])(?=.*[a-z])(?=.*[A-Z])$ pattern is an example of a regex that will never match because, with lookaheads, you require at least 1 non-letter, uppercase and lowercase letters, but the consuming pattern only matches an empty string.
You may use a single regex like
^(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#$%^&*()_=+{}:<.>-])(?=.*[0-9])\S*$
If you need to set a minmum number of characters, replace the last * with a limiting quantifier, e.g. {8,} to require at least 8 chars.
See the regex demo.
Details:
^ - start of string(?=.*[A-Z]) - at least one uppercase(?=.*[a-z]) - - at least one lowercase(?=.*[!@#$%^&*()_=+{}:<.>-]) - at least one special char(?=.*[0-9]) - at least one digit\S* - 0 or more non-whitespace chars$ - end of strings.