I am trying to check that a password entered contains at least 8 characters of which there should be at least 1 uppercase letter, 1 lowercase letter and 1 numeric digit. I am a numpty with regex. The pattern I’m using in my input form is ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$ but this apparently isn’t valid in preg_match.
Can some kind soul help me out here…
Using https://regex101.com/ which I find very handy for regex experiments, it’s enforcing the mix of charaters, but not the min length.
Maybe borrow something from here? https://www.html5pattern.com/Passwords
2 Likes
Thanks, Sam. I have tried the following in a PHP sandbox:
$pattern = "(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$";
$pass = "Richard1";
echo preg_match($pattern, $pass);
and it gives me a Warning: preg_match(): Unknown modifier ‘(’
Edit: Ah! a slash either end fixes that!
Yes, you need those delimiters around the pattern.
1 Like
Hello! The pattern you are using seems correct to check if a password contains at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter and 1 numeric digit. However, you can try adding {8,} to the end of the pattern to specify that the password must have at least 8 characters. The final pattern would look like this: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{8,}$ . Does this solve the problem?
You contradict yourself. First you say it already checks if there are 8 characters.
But then you modify to specify a rule you say already exists. 
I am new to this platform, so I was answering the question, but with time I will adapt. Ok.
So for clarity of why you got the message:
PHP Regex patterns begin and end with delimiters. PHP does not regulate what character is used as the delimiter (because maybe you wanna use those slashes in the pattern!) - it assumes the first character in the input is the delimiter. So Gandalf’s pattern -
$pattern = "(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$"
starts with a (.
PHP will then process the pattern from the second character until it registers the end of the pattern by seeing the delimiter again. Anything after that is a Modifier, which are single-character flags to set on the pattern, like g for a Global match. What PHP saw instead was:
$pattern = "(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$"
Where Red is the delimiters, Green is the pattern, and Blue is the modifiers.
It tried to parse the modifiers, found a (, but that isnt a valid modifier character, so it threw the error.
3 Likes
Logic wise, preg’s pattern recognition basically does:
list($pattern,$modifiers) = explode($input[0], substr($input,1), 2);
at the start to figure out what’s what.
Maybe I am missing something, but this seems to work. Lookaheads all the way.
$pattern = '/(?=.{8})(?=.*[a-z])(?=.*[A-Z])(?=.*[1-9])/'
1 Like