A cheap and cheerful rule is to insist on at least one numeric.
Then you don't have to bother with a dictionary check!
The php to force only alphas and numerics (upper or lower case) and at least
one numeric is something like : -
if (!ereg("^[a-zA-Z0-9]*[0-9][a-zA-Z0-9]*$",$password))
{
$message = "no good";
}
and the Javascript : -
var passwordPat=new RegExp("^[a-zA-Z0-9]*[0-9][a-zA-Z0-9]*$");
if ( password.match(passwordPat)==null)
{
alert("no good");
}
Good Luck,
George
Chris Anderson wrote:
>
> Getting the size is easy, and if you had a small dictionary you could see if
> the password existed in that by looping through it. Not sure about checking
> if it is LIKE the username
> ----- Original Message -----
> From: "Charles Sprickman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 03, 2001 12:18 PM
> Subject: [PHP] password sanity checker
>
> > Hi,
> >
> > I've been digging around for a function to do a sanity check on
> > user-supplied passwords when creating a new account. Haven't found
> > anything yet... Any pointers appreciated.
> >
> > Ideally it should:
> >
> > -check for a min number of numerals
> > -check for similarity against username (?)
> > -check at least a small dictionary
> >
> > Although anything that could provide a starting point would be great.
> >
> > Thanks,
> >
> > Charles
> >
> > | Charles Sprickman | Internet Channel
> > | INCH System Administration Team | (212)243-5200
> > | [EMAIL PROTECTED] | [EMAIL PROTECTED]
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
