When the user provides their account password, it is always recommended to validate the input. Password strength validation is very useful to check whether the password is strong. A strong password makes the user’s account secure and helps to prevent account hacking.
Using Regex (Regular Expression), you can easily validate the password strength in PHP. In the example code, we will show you how to check password strength and validate a strong password in PHP using Regex.
The following code snippet validates the password using preg_match() function in PHP with Regular Expression, to check whether it is strong and difficult to guess.
- Password must be at least 8 characters in length.
- Password must include at least one upper case letter.
- Password must include at least one number.
- Password must include at least one special character.
// Given password
$password = 'user-input-pass';
// Validate password strength
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$number = preg_match('@[0-9]@', $password);
$specialChars = preg_match('@[^\w]@', $password);
if(!$uppercase || !$lowercase || !$number || !$specialChars || strlen($password) < 8) {
echo 'Password should be at least 8 characters in length and should include at least one upper case letter, one number, and one special character.';
}else{
echo 'Strong password.';
}
The code as written has an additional rule:
– Password must include at least one lower case letter.
This is caused by the inclusion of the line:
$lowercase = preg_match(‘@[a-z]@’, $password);
and the inclusion of
!$lowercase
in the if statement.