Advanced Regex

[Christ]

Hi there,

i'm trying to make a regex, but it ain't working.
In just one regex expression I want to check a password that must meet
following requirements:
- at least 6 characters long
- at least one letter (doesn't matter where in te string)
- at least one number (doesn't matter where in te string)
(those are no prob)
- excluding 0, o, O, i, I, l, L, 1 (to prevent confusion about
password chars when font is for ex. Arial)

Can anyone help?

Thanks

Christ.

 

[Thomas 'PointedEars' Lahn]

i'm trying to make a regex, but it ain't working.

"It doesn't work" is a useless error *description*.
What have you already tried? What errors have occured
on which line?


PointedEars

 

[Geir Klemetsen]

Hi there,

i'm trying to make a regex, but it ain't working.
In just one regex expression I want to check a password that must meet
following requirements:
- at least 6 characters long
- at least one letter (doesn't matter where in te string)
- at least one number (doesn't matter where in te string)
(those are no prob)
- excluding 0, o, O, i, I, l, L, 1 (to prevent confusion about
password chars when font is for ex. Arial)

Can anyone help?

Thanks

Christ.

Why use regex? Isn't there much more easier to just traverse the string to
see if you can find a number, a letter and an "if password.length > 5 { " to
check the length ? I would do it that way.

 

[Lasse Reichstein Nielsen]

In just one regex expression I want to check a password that must meet
following requirements:

Why just one regular expression? Sure, anything you can make with more
than one regular expression can be made with just one, but the size of
the one can easily be the product of the sizes of the many (and
shorthands make it worse, since they typically apply to simple
expressions more than complex ones)

- at least 6 characters long

input.length >= 6

- at least one letter (doesn't matter where in te string)
(/[a-hj-kmnp-z]/i).test(input)

- at least one number (doesn't matter where in te string)
(/[2-9]/).test(input)

(those are no prob)
- excluding 0, o, O, i, I, l, L, 1 (to prevent confusion about
password chars when font is for ex. Arial)

Combining these in one expression will give you a *huge* expression,
I can tell you that without trying.
There is one shorthand that can help you, though: look-ahead. It
only exist in recent versions of Javascript, though.

/^(?=.*[2-9])(?=.*[a-hj-kmnp-z]).{6,}/i
^^^^^^^^^^^ look-ahead contains at least one of 2-9
^^^^^^^^^^^^^^^^^^^ look-ahead contains a letter, not i,l,o
^^^^^ at least six characters

It seems to me that IE has a problem with positive lookahead:
/^(?=.+4)123/.test("1234")
This test should give true. In IE it gives false. However,
/^(?=.+4)123/.test("12345")
does give true. Changing + to * just makes it worse.

Some times, using just one regular expression is shooting your own foot.

/L

 

[Lasse Reichstein Nielsen]

/^(?=.*[2-9])(?=.*[a-hj-kmnp-z]).{6,}/i

Doh. That doesn't prevent the remaining characters from being o, i, l,
1, or 0. For that, do:
/^(?=.*[2-9])(?=.*[a-hj-kmnp-z])[^oil01]{6,}/i

However, that also allows characters like |, !, ó, ò, ô, etc. These might
also be confuzed with each other. If you just want digits and characters,
change [^oil01] to [2-9a-hjkmnp-z].

/L

 

[Dr John Stockton]

JRS: In article <[email protected]>, seen in

- at least 6 characters long

input.length >= 6

- at least one letter (doesn't matter where in te string)
(/[a-hj-kmnp-z]/i).test(input)

- at least one number (doesn't matter where in te string)

(/[2-9]/).test(input)

I'd do
(/^[a-hj-kmnp-z2-9]{6,}$/i).test(input)
instead of the first; it also checks that all characters are reasonable
- " A 3 " is in accordance with the stated - presumed homework -
requirement but is not a good password.

The later tests can use [a-z] and \d then.

However, passwords should not appear on the screen when typing, so
screen font does not matter; and if they have to be communicated in
writing that can be done in a sensible font.

Since L can, he says, be confused, presumably case does not matter; in
that case, the restriction to 31 of 36 alphanumerics reduces security by
about 60%.

The minus between j & k seems unnecessary.

 

[rh]

/^(?=.*[2-9])(?=.*[a-hj-kmnp-z]).{6,}/i

Doh. That doesn't prevent the remaining characters from being o, i, l,
1, or 0. For that, do:
/^(?=.*[2-9])(?=.*[a-hj-kmnp-z])[^oil01]{6,}/i

However, that also allows characters like |, !, ó, ò, ô, etc. These might
also be confuzed with each other. If you just want digits and characters,
change [^oil01] to [2-9a-hjkmnp-z].

/L

Seems you intended to add a $ anchor to really ensure no extraneous
characters at the end of the string:

/^(?=.*[2-9])(?=.*[a-hj-kmnp-z])[2-9a-hj-kmnp-z]{6,}$/i


However, while Opera 7.11 appears to handle this correctly, Netscape
7.1 (as well as IE) has problems with lookahead. So for something that
should be equivalent and stand a chance of working generally:

/[a-z]\d|\d[a-z]/i.test(pwStr)
&& /^[2-9a-hj-kmnp-z]{6,}$/i.test(pwStr)

 

[rh]

JRS: In article <[email protected]>, seen in
Lasse Reichstein Nielsen <[email protected]>
posted at Thu, 16 Oct 2003 13:46:37 :-

The minus between j & k seems unnecessary.

Right, it is. Probably a typo in placing the dash -- [a-h-jkmnp-z] was
the sequence intended, I believe, to eliminate i/I as per the OP.

 

[rh]

JRS: In article <[email protected]>, seen in
Lasse Reichstein Nielsen <[email protected]>
posted at Thu, 16 Oct 2003 13:46:37 :-

The minus between j & k seems unnecessary.

Right, it is. Probably a typo in placing the dash -- [a-h-jkmnp-z] was
the sequence intended, I believe, to eliminate i/I as per the OP.

And then again on this one perhaps it would have been better to say
"Right it is.", or better yet nothing at all .

 

[rh]

In just one regex expression I want to check a password that must meet
following requirements:

/^(?=.*[2-9])(?=.*[a-hj-kmnp-z]).{6,}/i
^^^^^^^^^^^ look-ahead contains at least one of 2-9
^^^^^^^^^^^^^^^^^^^ look-ahead contains a letter, not i,l,o
^^^^^ at least six characters

It seems to me that IE has a problem with positive lookahead:
/^(?=.+4)123/.test("1234")
This test should give true. In IE it gives false. However,
/^(?=.+4)123/.test("12345")
does give true. Changing + to * just makes it worse.

Lookahead in a RegExp is supposed to be a zero-width assertion. In
addition to the above problems, IE 6 "eats characters" in the
lookahead. Netscape 6.1 and Mozilla 5/1.2b, by some coincidence, do
the same.

Opera 7.11 gets it right (and appears to match Perl behaviour) in a
limited number of tests performed.

So it seems that lookahead in a js RegExp is something that should be
strictly avoided, unless one is authoring for a very specific js
environment that can properly support it.

..\rh