First Site Password Regex

[Jonathon]

Hello,

 

I feel like there may already be something about this somewhere on here, if so please delete my post/ direct me to it.I am writing a registration script and referencing the first site in this book. I'm currently doing some testing of the form and I noticed that this regex

 

^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,20}$

 

allows for passwords shorter than 6 characters. At least on my system, I even copied the code from the download files and it still let a password in, along as it contained 1 capital letter, 1 lower-case letter and 1 digit that was smaller than 6 characters in length. I also ran it through a Regex tool and it allowed a string smaller than 6 characters through as long as it met the letter specs.

 

Is this me?

 

This is the code that I am running

// check for a password and match against the confirmed password:
if (preg_match ('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,20}$/', $_POST['pass1']) ) {
if ($_POST['pass1'] == $_POST['pass2']) {
$p = mysqli_real_escape_string ($dbc, $_POST['pass1']);
} else {
$errors['pass2'] = 'Your password did not match the confirmed password!';
}
} else {
$errors['pass1'] = '6-20 characters long with at least 1 lower-case letter, 1 upper-case letters & 1 number';
}

[Jonathon]

I think I worked out what the problem is?? Although I may be wrong, there is a missing full stop/period (in American) before {6,20} (I think)

 

I think this should be the code.

^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*).{6,20}$

 

I did check the errata for page 86, but there was no mention of it.

[Larry]

No, that stop/period won't fix it. In fact, that undoes the entire regex, as it allows for 6-20 of anything after the initial criteria are met. I'll look into this myself.