Sunday, December 22, 2013

8:47 AM
Passwords are very important security matters. How can the web developer be sure, that some security guidelines were implemented when passwords are set? Here is a password validation function, that might be useful:

public function isValidPasswordMsg($pwd)
    $error = "";
    if( strlen($pwd) < 6 ) {
        $error .= "Password too short! <br />";

    if( !preg_match("#[0-9]+#", $pwd) ) {
        $error .= "Password must include at least one number! <br />";

    if( !preg_match("#[a-z]+#", $pwd) ) {
        $error .= "Password must include at least one letter! <br />";

    if( !preg_match("#[A-Z]+#", $pwd) ) {
        $error .= "Password must include at least one CAPS! <br />";

    if( !preg_match("#\W+#", $pwd) ) {
        $error .= "Password must include at least one symbol! <br />";

        return TRUE;
    return $error;

The above function uses the php regular expressions function which is very useful in this situations.


John Conde said...

A better way to do this would be to use only one regex instead of four plus two other error checks:

if (!preg_match('/^(?=[a-z])(?=[A-Z])(?=[^\W\D])[a-zA-Z]{6,}$/', $pwd))


andrew vatts said...

Thanks. It's awesome ,it is realy helpful
Web Development Company in Indore