Francisco J. Gutierrez

Twitter Feed

How to get a Hipster Haircut: http://t.co/L3KFSjLZ - this is basically what I did 12:29:24 PM May 16, 2012 from TweetDeck
Much needed haircut time (@ Graceland Hair & Tattoo) http://t.co/MQYwvdXR 08:00:45 PM May 13, 2012 from foursquare
Spongebob Voice Actors Dub Classic Movies - Casablanca, Singin' in the Rain, Godfather - http://t.co/mLeMUkkg 01:45:11 PM May 12, 2012 from Tweet Button
I love this! - Art of the instakill - http://t.co/j4Olplqz 06:02:54 AM May 12, 2012 from web
this what we do at work every time we launch a website: http://t.co/PhSKr0yd (possibly sans the hacking part) 09:15:36 PM May 11, 2012 from TweetDeck

Check password strength with regex

In my previous and slightly vague post about regular expressions I mentioned that they were used for many things, but one very recognizable place you’ve seen them in action is when you are signing up for a website that has a specific criteria for your password. Â You know, like when it says: Â ”password must contain at least # characters, at least 1 number, 1 capital letter, etc. ,etc.”

When you create your password for a site, it uses a regular expression to compare the password to the criteria. Â I’ve decided that I wanted to try my own hand at this. Â First, I tried it with PHP using the preg_match function and a few if statements. Â This works only when press submit on the form. Â Which is fine, but I’ve seen many sites that check your password dynamically as you type. Â So I thought that I might be able to do that as well. Â Using a little jQuery I was able to figure it out.

I created a page showcasing both methods They are not 100% perfect but you can see them in action here

In the jQuery version you’ll notice I’ve just used one long regex instead the separate ones in the PHP version.

Here’s an explanation of that regex part by part.

This is the complete regex:


.*^(?=.{6})(?=.*[a-z])(?=.*[0-9]).*$

This is going to be broken up into 5 parts

part 1

.*^

. the period matches any character in this position, the beginning

* The asterisk (or star) matches the preceding character 0 or more time.

^ the caret only looks at the beginning of the target string

So these 3 symbols mean that at the beginning of the string any character can exist for 0 or more times

Part 2


  (?=.{6})

(parenthesis group items together)
?= means positive lookahead (goes forward character by character through the string checking for positive matches)
. any character
{6} 6 times

So this group checks if there’s at least 6 characters of any kind occuring in the string.

Part 3


   (?=.*[a-z])

?= means positive lookahead
. any character
* match preceding 0 or more times
[a-z] – any lowercase letter from a through z

This checks if there are lowercase letters in the string occuring at any position.

Part 4


    (?=.*[0-9])

?= means positive lookahead
. any character
* match preceding 0 or more times
[0-9] – any number between 0 and 9

This checks if there are any numbers between 0 and 9 in the string occuring at any position.

Part 5

.*$

. any character
* match preceding 0 or more times
$ – only at the end of the string

one step further
Notice that only in the PHP version I put the limitation of only allowing lowercase letters. Well my code wasn’t exactly working because it would still tell me a password was good that had lowercase letters in it. But I’ve finally figured it out. I’ve added the following grouping to the long regex I deconstructed above:


  (?!.*[A-Z]{1})

?! is a negative lookahead, searches characters in a string making sure there is not match
. any character
* the preceding "any" character occurring 0 or more times
[A-Z] looks for capital letters only from A-Z
{1} the preceding occurring 1 time

so this looks for a capital letter, occurring 1 time at any position in the string

sources: zyrtax and regular-expressions.info