What does this regular expression mean /^.(?=.{4,5})(?=.[a-z])(?=.[A-Z])(?=.[0-9]).*$/

Question

Can someone elaborate the following regular expression:

if($pass == $re_pass) {
    //password validation
    $pattern_up = "/^.*(?=.{4,56})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$/";

    if(!preg_match($pattern_up, $pass)) {
        $errPass = "Must be at lest 4 character long, 1 upper case, 1 lower case letter and 1 number exist";
    }
}

what I want to achieve is to check the entered password is between the number of 4 and 56. I already specified it in the code. However, when I tried, it can accept more than that range.

My question, is how i can specify the upper limit, i dont want to exceed 56 characters long. And if you can elaborate it more, so i can understand it more. this code is not made by me.

Thanks,

I am trying to do sign up page in php

if($pass == $re_pass) {
    //password validation
    $pattern_up = "/^.*(?=.{4,56})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$/";

    if(!preg_match($pattern_up, $pass)) {
        $errPass = "Must be at lest 4 character long, 1 upper case, 1 lower case letter and 1 number exist";
    }
}

Remove the `.*` from the beginning of the pattern, and add a `$` anchor to end of the first lookahead — CertainPerformance, Jun 08 '19 at 08:35
Using passwords for a website is less than ideal, but it is common practice so everybody seems to accept the disadvantages. I agree that you should put minimum demands on a password, but I don't see the point of overdoing it. Why would I not be allowed to make my password longer than 56 characters? The simplest way of accepting very long password is by simply ignoring everything over the maximum length you accept. — KIKO Software, Jun 08 '19 at 08:53
@KIKOSoftware *Using passwords for a website is less than ideal*. What do you recommend then? Fingerprint or a blood DNA needle coming out from the DVD drive? :-) — Andreas, Jun 08 '19 at 09:04
@Andreas You can google that: [Digital Security: 5 Alternatives to Passwords](https://www.bbvaopenmind.com/en/technology/digital-world/digital-security-5-alternatives-to-passwords/) [Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives.](https://www.entrepreneur.com/article/309054). What you're probably are trying to say is that a password is a very easy way, for website makers, to authenticate an user, and that's true. That is not the same as being an ideal solution, but we often accept the trade-off between security and easy-of-use. — KIKO Software, Jun 08 '19 at 09:10

score 0 · Answer 1 · answered Jun 08 '19 at 09:26

0

Just use anchors: ^.{4,56}$

^ - match beginning of a string

$ - match end of a string

.{4,56} - match any character at least 4 and at most 56 times

Demo

You can use it in positive lookahead: (?=^.{4,56}$)

answered Jun 08 '19 at 09:26

Michał Turczyn

28,428
14
36
58

What does this regular expression mean /^.*(?=.{4,5})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$/

1 Answers1

What does this regular expression mean /^.(?=.{4,5})(?=.[a-z])(?=.[A-Z])(?=.[0-9]).*$/