Notice: With the launch of Adobe Cookbooks, this site will no longer be accepting new entries or posting new content. Thanks to everyone who submitted content!

How can I validate a password to make sure it contains numbers and letters and is at least X characters long?

Regular expression combined with the <cfif> and reFind() function give you the flexibility to validate against all kinds of requirements.

In the following code sample, the password will have to contain at least one letter and number and be between 6-15 positions long.

<cfif NOT reFind("^[[:alnum:]]{6,15}$",usr_pwd)>


This question was written by Christopher Legge.
It was last updated on October 19, 2006 at 3:23:50 PM EDT.

CFML Referenced

<cfif>
REFind()

Categories

Forms, Strings

Comments

Comment made by Lolajl on October 18, 2006 at 9:33 PM
I tried this out; it fails when I set usr_pwd to "1234567" or "zzzzzzz'. I'm assuming that the regex given demands that there be at least ONE letter AND at least ONE number.

Comment made by Gary Funk on October 29, 2006 at 7:53 PM
That's why the example above states: "n the following code sample, the password will have to contain at least one letter and number."

Comment made by Anon on November 27, 2006 at 10:58 AM
This regular expression does not work. 'abcdefg' validates fine with this and it should not.

The expression basically translates to "If the string contains only numbers OR letters and is 6-15 characters"

Comment made by Raymond Camden on November 27, 2006 at 11:02 AM
True - but I think the spirit was "must be letters OR numbers but NOTHING else". Does anyone else read this the way Anon did?

Hey - why Anon? :) I typically don't put much stock in people who are afraid to post their names. As this is just a code problem, why did you refuse to name yourself?

Comment made by Martin Baur on December 9, 2006 at 7:07 AM
This tip is worth nothing. A regular expression generally LIMITS things but does not ENFORCE minimum requirements. This RegEx says "allowed are chars and nums. Check whether 6 to 15 of them are there". So 6 chars or 6 nums are also ok for it.

Comment made by Raymond Camden on December 9, 2006 at 8:32 AM
Martin - I will ask that you be a bit more polite in your comments next time. There is nothing wrong with the length checking portion of the tip, the only issue here is whether someone thinks it should force _both_ letters and numbers or _either_ letters and numbers.

Comment made by Joel Stobart on July 2, 2008 at 4:45 AM
i think this would be nicer - it allows for a bit more granularity of why the rejection is happening.

<cftry> <!-- get rid of deadspace --> <cfset usr_pwd = trim(usr_pwd)/>

<cfif len(usr_pwd) > 6> <cfif len(usr_pwd) <= 15> <cfif NOT reFind("^[[:alnum:]]{6,15}$",usr_pwd)> <cfif refind("[a-z]")> <cfif refind("[0-9]")> <cfreturn true> <cfelse> <cfthrow type="password" message="NO_NUMBERS_IN_STRING"/> </cfif> <cfelse> <cfthrow message="NO_CHARACTERS_IN_STRING"/> </cfif> <cfelse> <cfthrow type="password" message="UNEXPECTED_CHARACTERS"/> </cfif> <cfelse> <cfthrow type="password" message="MAXIMUM_PASSWORDLENGTH"/> </cfif> <cfelse> <cfthrow type="password" message="MINIMUM_PASSWORDLENGTH"/> </cfif>

<cfcatch type="password"> <!--- do something ---> <cfreturn false> </cfcatch>