PHP - Password RegEx requirements

Question

I am trying to validate if a new user account's password is matching these criterias:

I have a function like this:

function validPassword($str) {
    return preg_match("^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[_-!#*@&])[A-Za-z\d_-!#*@&]{8,30}$", $str);
}

But I am getting an error. It should return "true" for this password for example: HelloWorld123!

But instead it is returning false. Any idea what may be wrong?

if (validPassword($password) == true) {
  // good password
}

Could you show me an example of what delimiter you're talking about? And where exactly should it be placed? — Tibia Cams, Jun 19 '20 at 14:37
The hyphens in the character class should be at the start/end or escaped as well `return preg_match("~^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[-_!#*@&])[A-Za-z\d_!#*@&_]{8,30}$~", $str);` — The fourth bird, Jun 19 '20 at 14:38

dimooski · Accepted Answer · 2020-06-19T14:40:10.967

1

You forgot to escape '-', and delimiters...

function validPassword($str) {
  return preg_match("/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[_\-!#*@&])[A-Za-z\d_\-!#*@&]{8,30}$/", $str);
}

edited Jun 19 '20 at 14:40

answered Jun 19 '20 at 14:38

dimooski

I did not know I had to escape that because it's inside [ ]? – Tibia Cams Jun 19 '20 at 14:41
@TibiaCams '-' is range character. Now, just mark an answer you like as accepted and you are done! – dimooski Jun 19 '20 at 14:44

score 0 · Answer 2 · answered Jun 19 '20 at 14:38

Your regex is having errors which is why there is no match in the first place.

Change your regex to this:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[_\-!#*@&])[A-Za-z\d_\-!#*@&]{8,30}$

Have a look at your regex in action here: https://regex101.com/r/ogPPeb/1

2 Answers2