Home > Article > Web Front-end > Verify password strength regex set by user
This time I will bring you the password strength for verifying the password set by the user. Regular expression. What are the precautions for verifying the regular expression for the password strength set by the user. The following is a practical case. Let’s take a look.
This article gives two regular expression schemes for password strength, one simple and one more complex and secure. And the analysis and testing procedures of the two solutions are given respectively. Generally, you can define your own password regular conventions based on the actual needs of your project.
Preface
##When users register, password regularization will be used test. To write correct regular expressions, you must first define expression rules.
Option 1 (Simple)
Assume that password verification is defined as follows:var pattern = /^[\w_-]{6,16}$/;
Scheme 1 Analysis
Literal/ /regular expression A literal is defined as a character contained between a pair of slashes (/), for example:var pattern = /s$/;The above literal matches all strings ending with the letter "s".
Character class [ ]
Put characters in square brackets to form a character class. A character class can match any character it contains. Therefore, the regular expression /[abc]/ matches any of the letters "a", "b", or "c". Character classes may use hyphens to representcharacter ranges . To match Latin lowercase letters use /[a-z]/ .
Character class \w
Character class \w matches any word composed of ASCII characters, equivalent to [a-zA-Z0-9]. [\w_-] means matching any Latin uppercase and lowercase letters, numbers plus underscores and minus signs.Repeat {}
Use { } in regular expressions to represent the number of times an element repeats.Matching position
^ Matches the beginning of the string, in multi-line retrieval, matches the beginning of a line$ Matches the end of the string, in multiple lines During retrieval, match the end of a line
/^\w/ and match strings starting with uppercase and lowercase letters or numbers.
Option 1 test
The test results are given as follows:var pattern = /^[\w_-]{6,16}$/; pattern.test('123456') = true; pattern.test('-ifat33') = true; pattern.test('42du') = false; pattern.test('du42du42du42du421') = false; pattern.test('42du42@') = false;View source codeAccording to the test It can be seen from the results that Solution 1 only briefly limits the password and cannot guarantee the strength of the password and the security of the account.
Option 2 (Security)
Assume that password verification is defined as follows:
var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/;
方案2分析
字符类 .
字符类 . 表示除换行符和其他Unicode行终止符之外的任意字符。
正向先行断言 (?= )
在符号“(?=” 和 “)” 之间加入一个表达式,它就是一个先行断言,用以说明圆括号内的表达式必须正确匹配。比如: /Java(?=\:)/ 只能匹配Java且后面有冒号的。
(?=.*[!@#$%^&*?\(\)])
该先行断言表示,必须包括一个特殊字符。上述表达式中的10个特殊字符为键盘1,2...0的上档键字符,也可以添加别的特殊字符。注意:如果添加字符是正则表达式中具有特殊含义的,需要在符号前加反斜线(\)转义。
方案2测试
给出测试结果如下:
var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/; pattern.test('du42DU!') = true; pattern.test('duDUd!') = false; pattern.test('42dud!') = false; pattern.test('42DUD!') = false; pattern.test('42duDU') = false; pattern.test('42duU(') = false; pattern.test('42dUU!') = false;
相信看了本文案例你已经掌握了方法,更多精彩请关注php中文网其它相关文章!
推荐阅读:
The above is the detailed content of Verify password strength regex set by user. For more information, please follow other related articles on the PHP Chinese website!