Enforcing Strong Password with PHP
I am trying to check, if a user has created a password that contains symbols (including +,-,= signs) OR/AND numbers. How can I do that?
function check_password($str)
{
if (!preg_match ("/[&@<>%\*\,\^!#$%().]/i", $str))
{
$this->form_validation->set_message('check_password', 'Your password should contain a number,letter,and special characters"');
return FALSE;
}
else
{
return TRUE;
开发者_如何学编程 }
}
Thanks.
My suggestion for password strength checking is to break each requirement you have into separate regexs, particularly:
$regexs = array(
'/[0-9]+/', // Numbers
'/[a-z]+/', // Lower Case Letters
'/[A-Z]+/', // Upper Case Letters
'/[+-=]+/', // Your list of allowable symbols.
);
Initialize a counter to 0. For each regex, test to see if it matches. If it does, increase the counter by 1. Then return true if counter is greater than 3 (or 4 if you want them to have a really really strong password), otherwise return false.
I think this would be much more maintainable for you in the long run if your requirements ever change.
You don't have to list all those characters. Anything that is not a number or a letter is a special character (or space):
(?:[^0-9A-z]|[0-9])
I recommend looking in a different direction. If you are to impose a restriction, just require it to be longer. As has been pointed out, using symbols will most likely cause the user to forget the password and never come back to your site. For maximum security post the following comic on the registration page: http://xkcd.com/936/
精彩评论