written by http://www.cafewebmaster.com/check-password-strength-safety-php-and-regex
Check password strength / safety with PHP and Regex
Password Validation with PHP and Regular Expressions
What is a good password? Your birthday, favorite star or first school, car, ...? None of them, because all similar passwords are very easy to crack.
My golden rule for safe-passwords is simple: Google or any search engine should NOT find any result for your password-string. But do not search for your password without changing some characters, because it will be visible as clear-text to all networks between your pc and Google server.
Another rule: make it hard for password-crackers: Use long passwords with letters, CAPS, numbers and sybols.
Let check a password strength with PHP. This is a simple and long example for php beginners.
<?php
$pwd = $_POST['pwd'];
if( strlen($pwd) < 8 ) {
$error .= "Password too short!
";
}
if( strlen($pwd) > 20 ) {
$error .= "Password too long!
";
}
if( strlen($pwd) < 8 ) {
$error .= "Password too short!
";
}
if( !preg_match("#[0-9]+#", $pwd) ) {
$error .= "Password must include at least one number!
";
}
if( !preg_match("#[a-z]+#", $pwd) ) {
$error .= "Password must include at least one letter!
";
}
if( !preg_match("#[A-Z]+#", $pwd) ) {
$error .= "Password must include at least one CAPS!
";
}
if( !preg_match("#\W+#", $pwd) ) {
$error .= "Password must include at least one symbol!
";
}
if($error){
echo "Password validation failure(your choise is weak): $error";
} else {
echo "Your password is strong.";
}
Short example with Regex:
And this is the short version of that pwd-check with regexp (lookahead / lookbehind / lookaround) using PHP's PCRE engine.
<?php
$pwd = $_POST['pwd'];
if (preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\W).*$#", $pwd)){
echo "Your password is strong.";
} else {
echo "Your password is not safe.";
}
You can use "\d" instead of "[a-z]" and "\W" instead of non-word characters, symbols. You can make a manual list of most used sybols like [#.-_,$%&!].
Numbers, letters, CAPS:
Remember most users dont like passwords with symbols(because of keyboard differences), you can exclude symbol-check. Just check length, letters, caps and numbers.
<?php
$pwd = $_POST['pwd'];
if (preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$#", $pwd)){
echo "Your password is good.";
} else {
echo "Your password is bad.";
}
Sometimes it is better to do it with javascript before visitor send form.
'모바일개발(Mobile Dev) > 서버개발' 카테고리의 다른 글
| PHP Calendar (0) | 2016.01.28 |
|---|---|
| PHP Arrays Handle (0) | 2016.01.22 |
| PHP remember me script (0) | 2016.01.15 |
| facebook : 앱 구성에 허용되지 않는 URL (0) | 2016.01.13 |
| JavaScript facebook 연동 (0) | 2016.01.13 |
Comments
bad password examples
here is a small list of bad selections
1967
porsche
milan
manchesterunited
newyork
obama
stanford
lessy
01011980
esprit
levis501
adidaspuma
For good passwords make sentences and save the first letter of them. And keep the first half on a paper.
Password check
Hi...
First of all thanks a lot for the script. I have put this script in a web application, its really working great.
Cheers,
Arya
Thanks
Thanks for this post. Very useful!
Check Password
how can i check if password contains 2 digits, 2 alphabets, 2 special chars ?
i did not test but it should
i did not test but it should work
for 2 exactly
"#.*^(?=.{8,20})(?=.*[a-z]{2})(?=.*[A-Z]{2})(?=.*[0-9]{2}).*$#"
or
for 2 or more
"#.*^(?=.{8,20})(?=.*[a-z]{2,})(?=.*[A-Z]{2,})(?=.*[0-9]{2,}).*$#"
Thanks!
Thanks for the tutorial. Works great! How about if you want to validate your email address using $_POST super global? Thanks again.
password checking
how can i check if password contains spaces or not?