I am trying to add wild characters to my current alphanumeric only regular expression to make the password validation stronger. I am not trying to require the user to enter wild characters, just allowing them to enter wild characters.
'/^[a-z0-9]{8,16}$/i'
I am also using cakephp and doing the validation in the model if that helps, but not really needed for this answer.
'rule' => '/^[a-z0-9]{8,16}$/i',
'on' => 'create',
'allowEmpty' => true
Just add the characters you want to allow to the character class ([...]):
/^[a-z0-9!#$%&]{8,16}$/i
you are doing it totally wrong. never use regexp for password fields. this way you dont allow the user anything, you are just disallowing the user to enter whatever he wants to use as password (maybe some special chars like & or { or whatever.
in any case your approach hurts more than it helps.
what you should do, is encouraging the user to use specialchars and more complex passwords simply by displaying a "red-yellow-green" indicator besides the password field.
I also think you should allow "everything", thus remove the validation on content, and only forbid "empty" strings, or too short strings (ideally with a live javascript validation as an indicator so that people don't have to try 10 times before figuring out what works).
You shouldn't care what people type in, even in Japanese, as you are going to encode this string anyway (I hope!), using CakePHP's built in function, with sha1 and md5 and salt, and you'll end up with something harmless in the end.
Use $this->Auth->password($string);