Clue Mediator

How to validate password strength in PHP

📅December 14, 2020
🗁PHP

Today, we’ll explain to you how to validate password strength in PHP. It is very useful to check that the password is strong which protects the user accounts and prevents hacking.

Using regular expressions, we will validate the password strength in PHP.

Check the following points to validate the password strength

  • Password must be a minimum of 8 characters
  • Password must contain at least 1 number" title="number">number
  • Password must contain at least one uppercase character
  • Password must contain at least one lowercase character
  • Password must contain at least one special character

In the code below, we will use the PHP function preg_match() to check if the password matches the defined pattern.

<!--?php
$password = $_POST['password'];<p-->

$number = preg_match('@[0-9]@', $password);
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$specialChars = preg_match('@[^\w]@', $password);

if(strlen($password) < 8 || !$number || !$uppercase || !$lowercase || !$specialChars) {
	echo "Password must be at least 8 characters in length and must contain at least one number, one upper case letter, one lower case letter and one special character.";
} else {
	echo "Your password is strong.";
}
?>

Example

Let's take an example to check the output. Use the above code with the HTML as below.

<!--?php
$msg="";
if(isset($_POST['password'])) {
  $password = $_POST['password'];
  $number = preg_match('@[0-9]@', $password);
  $uppercase = preg_match('@[A-Z]@', $password);
  $lowercase = preg_match('@[a-z]@', $password);
  $specialChars = preg_match('@[^\w]@', $password);<p-->

  if(strlen($password) < 8 || !$number || !$uppercase || !$lowercase || !$specialChars) {
    $msg = "Password must be at least 8 characters in length and must contain at least one number, one upper case letter, one lower case letter and one special character.";
  } else {
    $msg = "Your password is strong.";
  }
}
?>


	<title>Validate password strength in PHP - Clue Mediator</title>


  <h3>Validate password strength - <a href="https://www.cluemediator.com/" target="_blank" rel="noopener noreferrer">Clue Mediator</a></h3>
  <form method="POST">
    <input type="password" name="password" required>
    <input type="submit" value="Check"><br>
    <span><!--?php echo $msg?--></span>
  </form>

We can also check the password strength in a single pattern with regex.

<!--?php
if (!preg_match("#.*^(?=.{8,20})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\W).*$#", $password)) {
	echo "Password must be at least 8 characters in length and must contain at least one number, one upper case letter, one lower case letter and one special character.";
} else {
	echo "Your password is strong.";
}
?-->

Output

Run the code and check the output in the browser.

Output - How to validate password strength in PHP - Clue Mediator

Output - How to validate password strength in PHP - Clue Mediator

That’s it for today.
Thank you for reading. Happy Coding..!!