Jonathon Posted October 9, 2011 Share Posted October 9, 2011 Hello, I feel like there may already be something about this somewhere on here, if so please delete my post/ direct me to it.I am writing a registration script and referencing the first site in this book. I'm currently doing some testing of the form and I noticed that this regex ^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,20}$ allows for passwords shorter than 6 characters. At least on my system, I even copied the code from the download files and it still let a password in, along as it contained 1 capital letter, 1 lower-case letter and 1 digit that was smaller than 6 characters in length. I also ran it through a Regex tool and it allowed a string smaller than 6 characters through as long as it met the letter specs. Is this me? This is the code that I am running // check for a password and match against the confirmed password: if (preg_match ('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,20}$/', $_POST['pass1']) ) { if ($_POST['pass1'] == $_POST['pass2']) { $p = mysqli_real_escape_string ($dbc, $_POST['pass1']); } else { $errors['pass2'] = 'Your password did not match the confirmed password!'; } } else { $errors['pass1'] = '6-20 characters long with at least 1 lower-case letter, 1 upper-case letters & 1 number'; } Link to comment Share on other sites More sharing options...
Jonathon Posted October 9, 2011 Author Share Posted October 9, 2011 I think I worked out what the problem is?? Although I may be wrong, there is a missing full stop/period (in American) before {6,20} (I think) I think this should be the code. ^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*).{6,20}$ I did check the errata for page 86, but there was no mention of it. Link to comment Share on other sites More sharing options...
Larry Posted October 10, 2011 Share Posted October 10, 2011 No, that stop/period won't fix it. In fact, that undoes the entire regex, as it allows for 6-20 of anything after the initial criteria are met. I'll look into this myself. Link to comment Share on other sites More sharing options...
Recommended Posts