-4

one of the rules in our password creation is, it shouldn't contain a sequence of number or alphabets.

ex.12345, pwd45678, pwd_abcdef, pwd_abc123

all of these are not allowed.

Any suggestion how to check for sequence? By sequence meaning it shouldn't be order like for numbers 1-10 or letters in the alphabet. So the password shouldn't contain alphabet sequence or order and numbers in 1-10 order. So password containing ABC or DEF or HIJK is not allowed and passwords containing number orders like 1234 or 4567 are not allowed but passwords containing ABNOE or 19334 is ok.

TIA

cracker_chan
  • 93
  • 3
  • 11
  • 2
    Why do you want to limit people's passwords? It will only result in a worse password being used. – Andreas Jul 23 '17 at 15:58
  • Do you mean you are only allowing (`number, then alphabetic, then number , then alphabetic, ...)` only passwords like this `1a2b3c4d5f` ? – Accountant م Jul 23 '17 at 16:02
  • Yes, something like that. This is just one of the conditions they have given, password should also contain at least 1 capital and a special character but I've already captured it using preg_match, only the sequence of number or alphabets is missing. Also just to add, the sequence should be not less than 3. – cracker_chan Jul 23 '17 at 16:08
  • 1
    if that's only *one* of the rules, I am not sure I want to know the other rules. Forcing me to alternate between digit and chars would be a reason not to use your service for me. – Gordon Jul 23 '17 at 16:09
  • 1
    according to you, this is a weak password: `1ZzOSVabc/5gjIp66UGPs` - beacuse it contains `abc` – hanshenrik Jul 23 '17 at 16:17

2 Answers2

1

A specific rule for no 2 adjacent digits or letters:

if (preg_match("#(\d{2,}|[[:alpha:]]{2,})#u", $input)) { return false; }

You can try it out here.

However, there are packages available specifically for password strength checking. They will have configurable rules or tests.

linden2015
  • 872
  • 6
  • 8
0

you can use the code below,I used the "asci code" to resolve the problem, it is already tested for your examples : 

<?php
    $passwords = [
        '12345',
        'pwd45678',
        'pwd_abcdef',
        'pwd_abc123',
    ];

    var_dump(check_password_sequence($passwords[3], 4));

    function check_password_sequence($password, $max) {
        $j = 0;
        $lenght = strlen($password);
        for($i = 0; $i < $lenght; $i++) {
            if(isset($password[$i+1]) && ord($password[$i]) + 1 === ord($password[$i+1])) {
                $j++;
            } else {
                $j = 0;
            }

            if($j === $max) {
                return true;
            }
        }

        return false;
    }

Abdessamad139
  • 139
  • 3
  • 12
  • Hi, I think I wasn't clear with the sequence, I have updated my question as well, by sequence in numeric and in alphabet means that a password containing ABC or DEF or GHI or 123 or 234 or 345 or 789 is not allowed. The sequence means also the order of numbers from 1-10 or letters in the alphabet like abcdefgh.... – cracker_chan Jul 23 '17 at 23:56