Validating a password protection system
Consider the following: If you are using a supported browser you can use the form below to test the regular expression: If you want to restrict the password to ONLY letters and numbers (no spaces or other characters) then only a slight change is required.Instead of using is shorthand for 'any letter, number or the underscore character'.Otherwise your application needs to provide this function.Passwords need to be stored as a hash in your database and any backups should also be encrypted.If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration process you a should email them either: a random password; or a confirmation token.Do not let them choose their own password and use it immediately without verifying that they exist.The code presented above is fine in that it checks everything that we wanted to check, but uses a lot of code to test each requirement individually and present different error messages.
In any case browsers such as Firefox and Opera will enforce the HTML5 validation rules and present messages as shown here: Presumably the browser messages will change according to the users language - something that would never be possible using only Java Script.In most browsers - those that support Java Script 1.5 (Firefox, Chrome, Safari, Opera 7 and Internet Explorer 8 and higher) - you can use more powerful regular expressions.Very old browsers may not recognise these patterns.The form below has three input fields: username, pwd1 and pwd2. If a false value is returned then the form submission is cancelled.
This code will work for browsers as far back as Netscape 4 (circa 1997). If you're not sure how to place this on your page, you might need to read the preceding article on Form Validation, or view the HTML source of this page.If you're concerned about security you should have some policy on what constitutes a valid password.