Re: User Passwords: checking for unique chars

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alex Gemmell wrote: 
Hello!

I'm checking user chosen passwords for validity and have created 7
tests.  It's not 100% bulletproof but it will do for now.  My problem
is with the last check "have 6 unique characters".  I'm at a loss at
how to check for this in a neat one-liner.

My brain is starting to go off on some horribly complicated routines
but I'm sure it can be done neatly (like the regular expressions). Can anyone help me with this? By the way - I've only just learnt
regular expressions this morning so I'm no expert on them...

########
# Code:
########
function check_password($password) {
      # It exists
      if ( !isset($password) ) return false;


this is pointless, the function will hurl if you don't pass an arg.

      # Not empty
      if ( empty($password) ) return false;
      #At least 8 characters long
      if ( strlen($password)<8 ) return false;


      #Does not contain special characters e.g. (!@#:?<>,./;'`[=\]{space})
      if ( !preg_match ('/[][)(.,!@#:?<>\/\\\\;\'`=\\s]/', $password)
) return false;


why are you not allowing 'special' chars? these can increase pwd complexity -
which is a good thing.

      #Contain at least one number
      if ( !preg_match ('/\\d/', $password) ) return false;


Im pretty sure the double backslash is a typo.
here are some regexps from a php5 class I use:


class RegExp
{
    const UNSIGNED_INT      = '^\d*$';
    const SIGNED_INT        = '^[-+]?\d*$';
    const FLOATING_POINT    = '^[-+]?([0-9]*\.)?[0-9]+$';
    const FLOAT_GTEQ1       = '^[1-9](\.\d+)?$';
	
	// ....
}

      #Contain at least one letter
      if ( !preg_match ('/[a-zA-Z]/', $password) ) return false;
      #Have 6 unique characters
      if ( ????????? ) return false;



if (count($chars = preg_split("//", $password, -1, PREG_SPLIT_NO_EMPTY)) &&
    (array_unique($chars) !== $chars)) return false;

its a one liner - just a rather long line. the count() is not really ness.
but really is this a good check? consider the following password:

aNalR3teNt1vE$%^.

rather better than:

jack1234.

the second pwd would pass your test, the first one wouldn't

you might want to pass the passwd check to a cmdline utility
which is made for the job.


      return true;
}
########

Thanks,

Alex


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux