A tool for checking and creating password policies in PHP and JS.

Use composer to setup an autoloader

php composer.phar install 

Require the composer autoload file:

require_once 'vendor/autoload.php'; 

To use, first instantiate the core policy object:

$policy = new \PasswordPolicy\Policy; 

Then, add rules:

$policy->contains('lowercase', $policy->atLeast(2)); 

• contains($class, $constraint = null, $description = ''): Checks to see if a password contains a class of chars

  Supported Short-Cut classes:

  • letter - a-zA-Z
  • lowercase - a-z
  • uppercase - A-Z
  • digit - 0-9
  • symbol - ^a-zA-Z0-9 (in other words, non-alpha-numeric)
  • null - \0
  • alnum - a-zA-Z0-9

  The second param is a constraint (optional)

• length($constraint): Checks the length of the password matches a constraint

• endsWith($class, $description = ''): Checks to see if the password ends with a character class.

• startsWith($class, $description = ''): Checks to see if the password starts with a character class.

• notMatch($regex, $description): Checks if the password does not match a regex.

• match($regex, $description): Checks if the password matches the regex.

The policy also has short-cut helpers for creating constraints:

• atLeast($n): At least the param matches

  Equivalent to between($n, PHP_INT_MAX)

• atMost($n): At most the param matches

  Equivalent to between(0, $n)

• between($min, $max): Between $min and $max number of matches

• never(): No matches

  Equivalent to between(0, 0)

Once you setup the policy, you can then test it in PHP using the test($password) method.

$result = $policy->test($password); 

The result return is a stdclass object with two members, result and messages.

• $result->result - A boolean if the password is valid.

• $result->messages - An array of messages

Each message is an object of two members:

• $message->result - A boolean indicating if the rule passed

• $message->message - A textual description of the rule

Once you've built the policy, you can call toJavaScript() to generate a JS anonymous function for injecting into JS code.

$js = $policy->toJavaScript(); echo "var policy = $js;"; 

Then, the policy object in JS is basically a wrapper for $policy->test($password), and behaves the same (same return values).

var result = policy(password); if (!result.result){/* Process Messages To Display Failure To User */ } 

One note for the JavaScript, any regular expressions that you write need to be deliminated by / and be valid JS regexes (no PREG specific functionality is allowed).