PHP Strings Primer - Password Strength Revisited

(Page 29 of 37 )

As we saw earlier in the tutorial, there are several methods we can use to determine if a password is a good password. Now, we will revisit the topic and demonstrate how we can determine if a password contains numbers in the middle of it, as is required in some security standards. For this task, we will make use of the 'strspn()' function.

The 'strspn()' function accepts two strings as parameters. It will return the number of sequential characters at the beginning of the first string that match the characters in the second string given to the function. In order to demonstrate this, let's look at a simple example.

<?php $mystring = '!!@# Attention!'; $num = strspn ($mystring, '!@#$%^&amp;*()'); ?>

After this code executes, '$num' would contain the number '4'. The 'strspn()' function starts at the beginning of the string passed as parameter one and checks each character against the pattern found in parameter two. For each character found, without finding a character that does not match, the counter increments. Once a character is found that does not match, the number of matches is returned.

As we mentioned, we will use this function to help test password strength. By counting the number of alphabetic characters before reaching a numeric character, we can determine if a password contains numbers surrounded by letters. To check the back side of the string, we will employ the use of the strrev()' function to reverse the password.

<?php $password = 'awsjua234sd'; $mask = "abcdefghijklmnopqrstuvwyxz" .         "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $front = strspn ($password, $mask); $back = strspn(strrev($password), $mask); $strlength = strlen($password); if (($front &lt; $strlength) &amp;&amp; ($back &gt; 0)) {     echo 'Good Password!'; } else {     echo 'Bad Password!'; } ?>

There are other ways to accomplish this goal, for instance with regular expressions, but for our purposes this method will work just fine. As you can see, we first obtain the number of letters in the front, the number of letters in the back, and the length of the string. If the number of letters in front is less than the length of the string then we know that the entire string is not only letters. Then, we check to make sure at least one letter is at the back of the string. If both of these expressions evaluate true, then we have a good password.

Another common password check is to make sure that a password does not start with a number. We could use the 'strspn()' function to perform this check in our above example by seeing if the '$front' variable was equal to zero. But, there is another function we would like to demonstrate that provides similar functionality.

The 'strcspn()' function acts just as the 'strpn()' function, with the exception that it returns the number of sequential characters not in the second parameter. Let's see how we could make sure a password does not start with a number

<?php $password = '12asfdgw'; $mask = "1234567890"; $front = strcspn ($password, $mask); if ($front &gt; 0) {     echo 'Good Password!'; } else {     echo 'Bad Password!'; } ?>

Next: Handling URLs and Base64-encoding >>
 

More Programming Basics Articles
More By Matt Wade

Comments On: PHP Strings Primer

· comment    · really goood work ,it covers all the major string functions.also explained with...    · test'ng   >>> Post your comment now!