By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,723 Members | 1,414 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,723 IT Pros & Developers. It's quick & easy.

Username regular expression

P: n/a
Does anyone have a good regular expression snippet to validate usernames
and passwords?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jan 27 '07 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Rik
Geoff Berrow <bl******@ckdog.co.ukwrote:
Does anyone have a good regular expression snippet to validate usernames
and passwords?
Euhm, validating usernames & passwords with a regex? It all depends on
your requirements offcourse.

The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
- Passwords are totally free, you can have a 1MB password string with
chinese characters for all I care. I'll only use the md5'ed version of
this. This means user cannot retrieve passwords, they can only ask for a
link in their email, which would generate a new password for them if they
click on it.
--
Rik Wasmus
Jan 27 '07 #2

P: n/a
Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:
>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.
>- Passwords are totally free, you can have a 1MB password string with
chinese characters for all I care. I'll only use the md5'ed version of
this.
Good point.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jan 27 '07 #3

P: n/a
Rik
Geoff Berrow <bl******@ckdog.co.ukwrote:
Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:
>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).

That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.
Hmmz, correction, I seem to use [a-zA-Z0-9_-]

//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));

//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));

Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus
Jan 27 '07 #4

P: n/a
Geoff Berrow wrote:
Does anyone have a good regular expression snippet to validate
usernames and passwords?
Take a look at:

http://regexlib.com/Search.aspx?k=username
Jan 27 '07 #5

P: n/a
On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:
Geoff Berrow <blthe...@ckdog.co.ukwrote:
Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:
The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]
This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]
//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));

//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));

Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus
Lol, that's pretty funny.

--
Curtis

Jan 28 '07 #6

P: n/a
Rik
Curtis <dy****@gmail.comwrote:
On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:
>Geoff Berrow <blthe...@ckdog.co.ukwrote:
Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:
>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.

Hmmz, correction, I seem to use [a-zA-Z0-9_-]

This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]
I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.
--
Rik Wasmus
Jan 28 '07 #7

P: n/a
..oO(Curtis)
>Note: \w is the same as [a-zA-Z0-9_]
Not necessarily. \w depends on the current locale and might match more
characters than just the ones mentioned above.

Micha
Jan 28 '07 #8

P: n/a
Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:
>Note: \w is the same as [a-zA-Z0-9_]

I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.
And it has the advantage of allowing accented characters. Thanks guys.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jan 30 '07 #9

P: n/a
On Jan 28, 3:34 pm, Rik <luiheidsgoe...@hotmail.comwrote:
Curtis <dye...@gmail.comwrote:
On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.comwrote:
Geoff Berrow <blthe...@ckdog.co.ukwrote:
Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nlfrom Rik
contained the following:
The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.
Hmmz, correction, I seem to use [a-zA-Z0-9_-]
This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]

I'd allow underscores also, so [\w _-].

I usually don't use the \w so I can recognize valid characters somewhat
easier, but it works OK offcourse.
--
Rik Wasmus
Actually \w includes underscores in the character set.

I was not aware that it was dependent upon the current locale, thanks
for the heads up, Micha.

--
Curtis

Jan 30 '07 #10

This discussion thread is closed

Replies have been disabled for this discussion.