Securing Strong Password with PHP

Question

Securing Strong Password with PHP

I am trying to check if a user has created a password containing characters (including +, -, = characters) OR / AND. How can i do this?

function check_password($str)
{

   if (!preg_match ("/[&@<>%\*\,\^!#$%().]/i", $str))

    {
        $this->form_validation->set_message('check_password', 'Your password should contain a number,letter,and special characters"');
        return FALSE;
    }
    else
    {
        return TRUE;
    }

}

Thank.

+5

php passwords codeigniter

Tristan Aug 25 '11 at 20:22

source share

3 answers

Jeff Lambert · Answer 1 · 2011-08-25T20:30:25+0000

My suggestion for verifying the strength of a password is to break each requirement that you have into separate regular expressions, in particular:

   $regexs = array(
                 '/[0-9]+/',  // Numbers
                 '/[a-z]+/',  // Lower Case Letters
                 '/[A-Z]+/',  // Upper Case Letters
                 '/[+-=]+/',  // Your list of allowable symbols.
   );

Initialize counter 0. For each regular expression, check to see if it matches. If so, increase the counter by 1. Then return true if the counter is greater than 3 (or 4, if you want them to have a really really strong password), otherwise return false.

, , .

Joseph Silber · Answer 2 · 2011-08-25T20:28:43+0000

. , , ( ):

(?:[^0-9A-z]|[0-9])

regality · Answer 3 · 2011-08-25T20:33:20+0000

I recommend looking in a different direction. If you want to impose a restriction, just require it to be longer. As already mentioned, the use of characters is likely to make the user forget the password and never return to your site. For maximum security, send the following comic on the registration page: http://xkcd.com/936/

Securing Strong Password with PHP

More articles: