Password Validation - Legacy Code

Question

The following code validates a new user password by asking them to confirm their password by entering it twice:

// search to see if is a vvalid file path
                if (($val["type"] == "password") && !strstr($key , "_confirm")) {
                    $name = $val["name"] ? $val["name"] : $key ;

                    if ($input[$name] != $input[$name . "_confirm"]) {
                        //preparing the message
                        $fields["error"] = "Password and confirmation doesn't match.";
                        $fields["errors"][$name] = 1;
                        $fields["errors"][$name . "_confirm"] = 1;
                        $fields["values"] = $input;
                    }

                }

I would like to include additional validation (i.e., password contains at least 1 number and 1 letter, special characters [!@#$%], must be at least 8 characters in length.

What would be the proper code syntax to nest with the above code? THX

Answer 1

To add the validation, you need to find the Regex you like, e.g.

http://regexlib.com/Search.aspx?k=password&AspxAutoDetectCookieSupport=1

Then use that regex in your code (replace $regEx with your choice):

if (($val["type"] == "password") && !strstr($key , "_confirm")) {
    $name = $val["name"] ? $val["name"] : $key ;

    if ($input[$name] != $input[$name . "_confirm"]) {
        //preparing the message
        $fields["error"] = "Password and confirmation doesn't match.";
        $fields["errors"][$name] = 1;
        $fields["errors"][$name . "_confirm"] = 1;
        $fields["values"] = $input;
    }
    if( !preg_match( $regEx, $input[$name] ) ) {
        $fields["error"] = "Password must contain...";
        $fields["errors"][$name] = 1;
        $fields["values"] = $input;
    }
}

For one-upper, one-lower, and one-digit w/ min 8 chars:

$regEx = '/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$/';

Add in some special-char requirements:

$regEx = '/^(?=.*[!@#$%])(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$/';