newbie here on regular expressions hoping to get some help.
I have a task to build a regex based on allowed number of repeated or distributed characters.
Here is the regex that I have built but it is not working, only matches on repeated characters.
/(.).*\1{2}/g
if my string is "test", the regex should find a match. If the quantifier is 3 and my string is "1234343" the regex should find a match.
This task is part of a bigger project where the user can configure settings for both username and password on html page, and on form submit it will call java servlet to construct the regex and save it into the database.
Whenever user navigates to reset password page it will send back the regex to javascript to validate the new password, the validation will also be done on the server-side.
I am trying to build a javascript friendly regex that would also work in java.
Any tips are greatly appreciated. I know lookbehind in javascript is not supported, but I don't know what else to keep in mind when constructing the regex.
I think you are looking for:
(.)(.*\1){2}
This will find a character which is repeated 3 times.
(.)_________ captures first occurrence of a character.
___(.*\1)___ finds the character again, after 0 or more other characters ...
_________{2} repeating twice, for a total of 3 occurrences.
You needed (___)’s around the part you wanted {__} repeats. And you want 1 less than the number of occurrences in the {__}, because the (.) already counts for 1 occurrence.
Related
Trying to get my regular expression to work for these rules:
Total atleast 8 characters long.
No larger than 21.
Should contain atleast two Uppercase
Should contain atleast two lowercase
Should contain atleast two numbers
Should contain atleast two of these symbols !##$%^&*()
All characters can be in any permutation, do not have to be in repeated sequence.
(Added with Edit) Cannot can contain any other character not specified above.
I think this regular expression is close but does not work correctly.
/^(?=(?:\D*\d){2,}\D*$)(?=(?:[^a-z]*[a-z]){2,}[^a-z]*$)(?=(?:[^A-Z]*[A-Z]){2,}[^A-Z]*$)(?=(?:[^!##$%^&*]*[!##$%^&*]){2,}[^!##$%^&*]*$)[a-zA-Z0-9!##$%^&*]{8,21}$/
Use lookaheads with proper syntax:
^(?=.*[A-Z].*[A-Z])(?=.*[a-z].*[a-z])(?=.*[0-9].*[0-9])(?=.*[!##$%^&*()].*[!##$%^&*()])[a-zA-Z0-9!##$%^&*]{8,21}$
As an example of what you were doing:
(?=(?:[^a-z]*[a-z]){2,}[^a-z]*$)
This says to match from the start of the password any number of non lowercase followed by a lowercase, the same lookahead twice. Keep in mind that lookaheads assert but do not match or move, so you were just checking for one lowercase twice. To check for at least two lowercase letters use:
(?=.*[a-z].*[a-z])
This checks for two lowercase letters anywhere in the password.
I will go out on a limb and guess you have been asked to "produce the regex that will validate the application's password".
1) Read Password Rules Are Bullshit. See if you can convince your lead, team, or client to change these rules (gross). In particular, bump the max length up to at least 32 and drop the other rules.
2) I already know you probably can't do that, so at least make it so your application can clearly explain which password rule was broken. Make each rule a separate check you perform (like Lancelod suggested), in order, with a clear user-facing failure message for each.
3) If you can do that you might not even need a regex for that specific rule - sometimes a classic string scan is simpler and usually much faster.
This question already has an answer here:
html password regular expression validation
(1 answer)
Closed 5 years ago.
I was wondering if I have a form and the form contain some inputs that I want the user to be only able to submit a type of inputs I select , Like if I want to make sure that the password contain at least a CAPITAL letter , a number , a symbol and at least 8 letters , How to make sure even if the Javascript is disabled by the user?
Brief
You'll want to minimalize the checking on the client-side. Any checking done at this point is pretty useless when security and/or validation is concerned. I would suggest doing a simple validation (such as minimum length) but nothing else as any method you try client-side can easily be circumvented.
Doing all your validation server-side prevents users from editing client-side code or disabling JavaScript to prevent validation. As an added bonus, if you do everything server-side (and use minimal validation client-side) it increases maintainability since you're only defining your patterns once and you don't have to worry about compatibility across multiple regex engines (which is a pain).
For example, character classes (such as \p{L}) allow you to specify groups of Unicode characters. These are fantastic when you're talking about ensuring your program works well with multiple languages (i.e. French and the inclusion of characters such as é), but they're not available in HTML or JavaScript!
You should:
Define the pattern once (coders don't like duplication)
Do the validation server-side (forget about true validation client-side, anything you implement at this step can easily be bypassed). KISS
When you're talking about password validation don't limit the characters to specific ranges (as your pattern would client-side using something like [A-Z]). You may think this increases password strength, but it may actually do exactly the opposite. Instead, allow users to use special characters as well (it's simple but using Ä is more secure than A).
Code
Client-Side
(?=.*[A-Z])(?=.*\d)(?=.*[^\w_]).{8,}
Although, honestly, I'd suggest simply using .{8,} and doing the checks solely on the server-side.
<form action="">
<input type="text" pattern="(?=.*[A-Z])(?=.*\d)(?=.*[^\w_]).{8,}" title="Must contain at least one uppercase letter, number and symbol, and at least 8 or more characters"/>
<input type="submit"/>
</form>
Server-Side
See regex in use here
^(?=.*\p{Lu})(?=.*\p{N})(?=.*[^\p{L}\p{N}\p{C}]).{8,}$
Usage
Where $str in the code below is the submitted password
$re = '^(?=.*\p{Lu})(?=.*\p{N})(?=.*[^\p{L}\p{N}\p{C}]).{8,}$';
if(preg_match($re, $str)) {
// Valid password
} else {
// Invalid password - provide user feedback and allow them to try again
}
Explanation
The HTML regex is just a simpler variation of the regex below (without using Unicode classes). I would, once again, suggest using .{8,} for the pattern in HTML and let PHP do the actual password validation.
^ Assert position at the start of the line
(?=.*\p{Lu}) Positive lookahead ensuring at least one uppercase Unicode character exists
(?=.*\p{N}) Positive lookahead ensuring at least one Unicode number exists
(?=.*[^\p{L}\p{N}\p{C}]) Positive lookahead ensuring at least one character that isn't a letter, number, or control character exists (includes punctuation, symbols, separators, marks)
.{8,} Match any character 8 or more times
$ Assert position at the end of the line
This is not simple to answer as it is written but here is the idea.
First check client-side using javascript, match it against the desired pattern before allowing submit. There are a handfull of libraries out there if you dont want to puzzle it out yourself.
Second, and to satisfy the no javascript issue, check server-side. The user may have gotten past your form with faulty data but a server-side check will ensure that it matches what you like before you actually make a change to your database.
I'm trying to validate a form field where a user can input multiple DNS entries. I currently have the regex for validation of a IP address for a single entry but not if a user can add in multiple DNS entries using a "," as the delimiter.
Example (wanting to validate both entries):
192.168.1.1, 198.168.1.2
Regex:
/^((([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))[.]){3}(([0-1]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))$/
Really not quite sure it's a good idea, as it's quite unreadable, but this should do the job:
^(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5]))(,\s*(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])))*$
https://regex101.com/r/0uwu2w/1
As others have pointed out, a split on the string and matching individual IP address is probably a better idea.
Even further, even matching a single IP could in turn use split and checking that each component is a number in the 0-255 range.
I'd suggest not trying to validate the whole string, but simply splitting the string on , and validating each one individually.
This leaves you with a simpler regex at the cost of a little bit more code. Also, any [0-9] in your regex would be simpler if you replaced it with \d:
/^((([01]?\d{1,2})|(2[0-4]\d)|(25[0-5]))[.]){3}(([0-1]?\d{1,2})|(2[0-4]\d)|(25[0-5]))$/
I am looking for a regex to validate the following format AaaD-DDMMYY-HH-MM although the expression below works on all tests online http://www.freeformatter.com/regex-tester.html it does not work in the front end of the application which allows us to enter a preset regex.
We are trying to use regex to allow these date ranges 010120 to 311299 (JAN 01 1920 to DEC 31 1999).
Please assist with a better REGEX
sample input to be matched is aadd-111199-01-01
this input aadd-111100-01-01 should not be matched
^(([a-zA-Z]{4}-)+(0[1-9]|1[0-9]|2[0-9]|3[0-1])+(0[1-9]|1[0-2])+(([2-9][1-9])-)+(\d{2}-)+(\d{2}))$
The front end application I am trying to update the regex was written in java
Here's a slightly cleaned up version, although I'm not sure if it will fix your problem of the RegEx not working in the front-end of your application:
^(([a-zA-Z]{4})-(0[1-9]|1[0-9]|2[0-9]|3[0-1])(0[1-9]|1[0-2])([2-9][1-9])-(\d{2})-(\d{2}))$
You should not assign repeaters after a capturing group (you had a '+' after each). When you do that, if the content for the group is repeated, only the last iteration is captured in the backreference (in the case of your string I think repetition was unlikely, but you had assumed the capturing group would need to exist "at least once", but since a capturing group only captures the content it surrounds, it in itself doesn't imply character or character group that would need a quantifier). Repetitions (such as '+' or '*' or {n}) make more sense inside a capturing group, if needed.
You also had the hyphens within the capturing groups, which is not likely (?) what you wanted as it makes the parsing of the backreference content more challenging. But other than that the given RegEx matches your example string with PCRE RegEx. What is your front-end application created with? Does it use PCRE, or some other RegEx flavor (here is a good reference for various RegEx flavors)? I also recommend RegEx Buddy tool if you do a lot of work with Regular Expressions.
Also, like #pzp mentioned, with RegEx it's challenging to detect the correct number of dates for each month. If you want validation of the given date, then I would recommend some library to check the date after it has passed the format validation with the RegEx. For example, if you're using JavaScript in the front end of the application, you could check out Moment.js or Datejs.
I have been asked to build a landing page with autoresponder SMS and therefore, need the validation to be very strict. Unfortunately I`m not a JavaScript expert.
The number should be limited to 7 digits and it should begin with a few certain combinations only, the combinations are as follows:
050, 044, 066, 099, 073
You could use a regex like this:
(050|044|066|099|073)\d{5}
Matches one of the three digit combinations you specified and then 5 more digits.
If you want it to tolerate spaces, dashes, brackets and such, then you need to specify that in your question.
There are a ton of other patterns out there that might match your requirement with a little adjustment. See here for example.