When the user provides their account password, it is always recommended to validate the input. Password strength validation is very useful to check whether the password is strong. A strong password makes the user’s account secure and helps to prevent account hacking.
Using Regex (Regular Expression), you can easily validate the password strength in PHP. In the example code, we will show you how to check password strength and validate a strong password in PHP using Regex.
The following code snippet validates the password using preg_match() function in PHP with Regular Expression, to check whether it is strong and difficult to guess.
- Password must be at least 8 characters in length.
- Password must include at least one upper case letter.
- Password must include at least one number.
- Password must include at least one special character.
$password = 'user-input-pass';// Validate password strength
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$number = preg_match('@[0-9]@', $password);
$specialChars = preg_match('@[^\w]@', $password);
if(!
$uppercase || !$lowercase || !$number || !$specialChars || strlen($password) < 8) {echo 'Password should be at least 8 characters in length and should include at least one upper case letter, one number, and one special character.';
}else{
echo 'Strong password.';
}
View Discussion
Improve Article
Save Article
View Discussion
Improve Article
Save Article
Most of the websites are providing sing up and login facility to the user. User has to create a password and use it for login to the website. But it is very important to secure the password of the user. password_hash() function provides the facility to securely store the password of the user to the database.
Syntax
Example: First parameter Password will contain the normal password. The second Parameter will contain PASSWORD_BCRYPT to make secure otherwise it
contains PASSWORD_DEFAULT as default. Let’s see the example to understand properly.
- dbconn.php
php
<?php
$db_host = "localhost";
$db_name = "secure_pass";
$db_pass = "";
$db_user = "root";
$conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if (!$conn){
die ('Failed to connect with server');
}
?>
- Signup Form:
html
<form action="index.php" method="POST">
<label for="username">Username</label>
<input type="text" name="username" required><br><br>
<label for="password">Password</label>
<input type="password" name="password" required><br><br>
<input type="submit" name="submit" value="submit">
</form>
- index.php
php
<?php
include 'dbconn.php';
if (isset($_POST['submit'])){
$username = $_POST['username'];
$pass = $_POST['password'];
$secure_pass = password_hash($pass, PASSWORD_BCRYPT);
$sql = "INSERT INTO login_tb (u_username, u_password)
VALUES('$username', '$secure_pass')";
$result = mysqli_query($conn, $sql);
}
include 'signup_form.php';
?>
- Output:Password In Database.