How to verify password format with PHP regular expression

Password verification has always been a very important part of web development. In order to ensure that the password entered by the user meets the security requirements, we usually need to define some password format rules and verify the password entered by the user. In PHP, using regular expressions is a common solution. Below we will introduce how to use PHP regular expressions to verify the password format.

1. Password length requirements

Password length is an important indicator of password strength. Usually we will set the minimum password length requirement to 6 to 8 characters. Using PHP regular expressions, we can use the following code to verify the password length:

$password = "u5er#123";
if (preg_match('/.{6,8}/', $password)) {
    echo "密码合法";
} else {
    echo "密码长度要求为6-8个字符";
}

The above code uses the "{}" syntax in regular expressions to define the range of password length. Among them, "6,8" means that the password length is at least 6 characters and at most 8 characters.

2. Passwords need to contain numbers, letters and symbols

In order to make passwords more complex and difficult to guess, we usually require passwords to contain numbers, letters and symbols, etc. character type. Using PHP regular expressions, we can use the following code to verify whether the password contains numbers, letters, and symbols:

$password = "u5er#123";
if (preg_match('/^(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).{6,8}$/', $password)) {
    echo "密码合法";
} else {
    echo "密码需要包含数字、字母和符号";
}

The above code uses multiple expression combinations in regular expressions to verify numbers and letters respectively. and the presence of symbols.

• ^(?!.[\W_])(?=.[a-z])(?=.[A-Z])(?=.\d).{6,8}$

This statement can match passwords with a length of at least 6 characters and a maximum length of 8 characters. This password needs to contain at least one lowercase letter, one uppercase letter, and one number. All non-alphanumeric characters are excluded, and case is ignored.

3. Passwords cannot contain user names or common dictionary words

In order to further enhance the security of passwords, we usually require that passwords cannot contain user account names or common dictionary words vocabulary. Using PHP regular expressions, we can use the following code to verify whether the password contains the user account or common dictionary words:

$username = "user";
$password = "user@123";
if (preg_match("/^.*(?=.{6,})(?=.*d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$/", $password) && !(preg_match("/$username/i", $password))) {
    echo "密码符合要求";
} else {
    echo "密码必须包含数字、小写字母、大写字母、符号，且不能包含用户名";
}

The above code uses a combination of two regular expressions to verify the legitimacy of the password, the first of which The first regular expression verifies that the password conforms to the general format requirements, while the second regular expression verifies that the password contains the user account.

Summary

Password verification is a very important part of web development. It can verify user input by adding password length, character type, user name check, common vocabulary check and other verification methods. Password is checked. These password verification logic can be easily implemented using PHP regular expressions, improving the security and reliability of applications.

The above is the detailed content of How to verify password format with PHP regular expression. For more information, please follow other related articles on the PHP Chinese website!