This time I will bring you the use of regular expressions to verify password strength, and what are theprecautions for using regular expressions to verify password strength. The following is a practical case, let's take a look.
Preface
##When users register, password regularization will be used test. To write a correctregular expression, you must first define the expression rules.
Option 1 (Simple)Assume that password verification is defined as follows:
var pattern = /^[\w_-]{6,16}$/;
Scheme 1 AnalysisLiteral/ /
regular expression A literal is defined as a character contained between a pair of slashes (/), for example:
var pattern = /s$/;
The above literal matches all strings ending with the letter "s".
Character class [ ]Put characters in square brackets to form a character class. A character class can match any character it contains. Therefore, the regular expression /[abc]/ matches any of the letters "a", "b", or "c".
Character classes may use hyphens to represent
character ranges. To match Latin lowercase letters use /[a-z]/ .
Character class \wCharacter class \w matches any word composed of ASCII characters, equivalent to [a-zA-Z0-9].
[\w_-] means matching any Latin uppercase and lowercase letters, numbers plus underscores and minus signs.
Repeat {}Use { } in regular expressions to represent the number of times an element repeats.
^ Matches the beginning of the string, in multi-line retrieval, matches the beginning of a line
$ Matches the end of the string, in multiple lines During retrieval, match the end of a line/^\w/ and match strings starting with uppercase and lowercase letters or numbers.
Option 1 testThe test results are given as follows:
var pattern = /^[\w_-]{6,16}$/; pattern.test('123456') = true; pattern.test('-ifat33') = true; pattern.test('42du') = false; pattern.test('du42du42du42du421') = false; pattern.test('42du42@') = false;
View source code
According to the test It can be seen from the results that Solution 1 only briefly limits the password and cannot guarantee the strength of the password and the security of the account.
Option 2 (Security)Assume that password verification is defined as follows:
var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/;
Analysis of scenario 2
Character class.Character class. Represents any character except newlines and other Unicode line terminators.
Forward lookahead assertion (?= )
在符号“(?=” 和 “)” 之间加入一个表达式,它就是一个先行断言,用以说明圆括号内的表达式必须正确匹配。比如: /Java(?=\:)/ 只能匹配Java且后面有冒号的。
(?=.*[!@#$%^&*?\(\)])
该先行断言表示,必须包括一个特殊字符。上述表达式中的10个特殊字符为键盘1,2...0的上档键字符,也可以添加别的特殊字符。注意:如果添加字符是正则表达式中具有特殊含义的,需要在符号前加反斜线(\)转义。
方案2测试
给出测试结果如下:
var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/; pattern.test('du42DU!') = true; pattern.test('duDUd!') = false; pattern.test('42dud!') = false; pattern.test('42DUD!') = false; pattern.test('42duDU') = false; pattern.test('42duU(') = false; pattern.test('42dUU!') = false;
相信看了本文案例你已经掌握了方法,更多精彩请关注php中文网其它相关文章!
推荐阅读:
The above is the detailed content of Use regular expressions to verify password strength. For more information, please follow other related articles on the PHP Chinese website!