Why does this regular expression fail?

Question

I have a password validation script in PHP that checks a few different regular expressions, and throws a unique error message depending on which one fails. Here is an array of the regular expressions and the error messages that are thrown if the match fails:

array(
    'rule1' => array(
        '/^.*[\d].*$/i',
        'Password must contain at least one number.'
    ),
    'rule2' => array(
        '/^.*[a-z].*$/i',
        'Password must contain at least one lowercase letter'
    ),
    'rule3' => array(
        '/^.*[A-Z].*$/i',
        'Password must contain at least one uppercase letter'
    ),
    'rule4' => array(
        '/^.*[~!@#$%^&*()_+=].*$/i',
        'Password must contain at least one special character [~!@#$%^&*()_+=]'
    )
);

For some reason, no matter what I pass through the validation, the "Special Characters" rule fails. I'm guessing it's a problem with the expression. If there's a better (or correct) way to write these expressions, I'm all ears!

Answer 1

I can't see a problem with your special characters regular expression, but I can see a problem with the upper and lower case checks:

/^.*[A-Z].*$/i

The i at the end means PCRE_CASELESS, i.e. it will ignore case. You should omit the i.

Answer 2

This works (as seen on rubular.com):

(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[~!@#$%^&*()_+=]).*

This uses lookahead (which is supported by PHP's preg functions, since they're PCRE) instead of matching all the different rules. I'm not sure why yours doesn't work.

References

• regular-expressions.info/Lookarounds and Flavor comparison (PHP)

Answer 3

The regex should simply be:

/[~!@#$%^&*()_+=]/

No need for the stars. Either way your regex should work.

I would check the function that's using the array to see if there are any logic errors.

Also, as Mark Byers stated, you should remove the insensitive modifiers /i