Username regular expression

Geoff Berrow <bl******@ckdog.co.ukwrote:

Does anyone have a good regular expression snippet to validate usernames
and passwords?

Euhm, validating usernames & passwords with a regex? It all depends on
your requirements offcourse.

The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
- Passwords are totally free, you can have a 1MB password string with
chinese characters for all I care. I'll only use the md5'ed version of
this. This means user cannot retrieve passwords, they can only ask for a
link in their email, which would generate a new password for them if they
click on it.
--
Rik Wasmus

Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:

>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

>- Passwords are totally free, you can have a 1MB password string with
chinese characters for all I care. I'll only use the md5'ed version of
this.

Good point.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Geoff Berrow <bl******@ckdog.co.ukwrote:

Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:

>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]

//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));

//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));

Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus

Geoff Berrow wrote:

Does anyone have a good regular expression snippet to validate
usernames and passwords?

Take a look at:

http://regexlib.com/Search.aspx?k=username

On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:

Geoff Berrow <blthe...@ckdog.co.ukwrote:

Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:

The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]

This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]

//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));

//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));

Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus

Lol, that's pretty funny.

--
Curtis

Curtis <dy****@gmail.comwrote:

On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:

>Geoff Berrow <blthe...@ckdog.co.ukwrote:

Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:

>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]

This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]

I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.
--
Rik Wasmus

..oO(Curtis)

>Note: \w is the same as [a-zA-Z0-9_]

Not necessarily. \w depends on the current locale and might match more
characters than just the ones mentioned above.

Micha

Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:

>Note: \w is the same as [a-zA-Z0-9_]

I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.

And it has the advantage of allowing accented characters. Thanks guys.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

On Jan 28, 3:34 pm, Rik <luiheidsgoe...@hotmail.comwrote:

Curtis <dye...@gmail.comwrote:

On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:

Geoff Berrow <blthe...@ckdog.co.ukwrote:
Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:

The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]

This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]

I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.
--
Rik Wasmus

Actually \w includes underscores in the character set.

I was not aware that it was dependent upon the current locale, thanks
for the heads up, Micha.

--
Curtis