I've got a little problem with my password-checker.

There's got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs.

It all works except the password-validation:

The password should meet some minimum requirements:

• minimum length: 8 -> I just use 'minlength: 8'
• at least one lower-case character
• at least one digit
• Allowed Characters: A-Z a-z 0-9 @ * _ - . !

At the moment I use this code to validate the password:

$.validator.addMethod("pwcheck",
function(value, element) {
   return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value);
});

This Code works for the allowed characters but not for minimum requirements. I know that you can use for example (?=.*[a-z]) for a lower-case-requirement. But I just don't get it to work.

If I add (?=.*[a-z]) the whole code doesn't work anymore. I need to know how to properly add the code to the existing one.

Thank you for your answers!

This is the complete code

<script>
                $(function() {
                    $("#regform").validate({
                        rules: {
                            forename: {
                                required: true
                            },
                            surname: {
                                required: true
                            },
                            username: {
                                required: true
                            },
                            password: {
                                required: true,
                                pwcheck: true,
                                minlength: 8
                            },
                            password2: {
                                required: true,
                                equalTo: "#password"
                            },
                            mail1: {
                                required: true,
                                email: true
                            },
                            mail2: {
                                required: true,
                                equalTo: "#mail1"
                            }
                        },
                        messages: {
                            forename: {
                                required: "Vornamen angeben"
                            },
                            surname: {
                                required: "Nachnamen angeben"
                            },
                            username: {
                                required: "Usernamen angeben"
                            },
                            password: {
                                required: "Passwort angeben",
                                pwcheck: "Das Passwort entspricht nicht den Kriterien!",
                                minlength: "Das Passwort entspricht nicht den Kriterien!"
                            },
                            password2: {
                                required: "Passwort wiederholen",
                                equalTo: "Die Passwörter stimmen nicht überein"
                            },
                            mail1: {
                                required: "Mail-Adresse angeben",
                                email: "ungültiges Mail-Format"
                            },
                            mail2: {
                                required: "Mail-Adresse wiederholen",
                                equalTo: "Die Mail-Adressen stimmen nicht überein"
                            }
                        }
                    });

                    $.validator.addMethod("pwcheck",
                        function(value, element) {
                            return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value);
                    });
                });
                </script>

If I add (?=.*[a-z]) the whole code doesn't work anymore.

Add it here:

/^(?=.*[a-z])[A-Za-z0-9\d=!\-@._*]+$/

However, it's much easier to do this without a lookahead:

$.validator.addMethod("pwcheck", function(value) {
   return /^[A-Za-z0-9\d=!\-@._*]*$/.test(value) // consists of only these
       && /[a-z]/.test(value) // has a lowercase letter
       && /\d/.test(value) // has a digit
});

Well you can use {8,} instead of "+" for a minimum of 8 chars with no maximum or better yet a {8, 20} for a minimum of 8 and a maximum of 20.

Really though I don't see the value in trying to squeeze all of your validation into a single regexp. If you break it up it makes it much easier to maintain, less bug prone, and it enables you to report back to the user the specific reason WHY the password failed instead of the entire requirement.

You could break it up into a few checks

//proper length
value.length >= 8 
//only allowed characters
/^[A-Za-z0-9\d=!\-@._*]+$/.test(value) 
//has a digit
/\d/.test(value)
//has a lowercase letter
/[a-z]/.test(value)

I'm not familiar with the jQuery Validation plugin, but I assume you could then return helpful a helpful message for each test that failed.

if you want to check confirm password and minimum character validation, then you can use

<input type="password" id="password" name="password"  class="validate[required,minSize[8]]"/>
<input type="password" id="confirm_password" name="confirm_password"  class="validate[required,equals[password]]"/>

Password validation can use several rules, for example:

var _validatePassword = function (validateUserNameRules, inputModel)
    {
        //bolean parameter validateUserNameRules -> true/false

        //this method recive a model like this:
        //inputModel.userName -> string
        //inputModel.password -> string
        //inputModel.password2 -> String

        var ResultModel = {
            ResultId: 1, //1 success
            Message: "Password is correct."
            };

        if (validateUserNameRules && inputModel.userName == "") {

            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: User name cannot be blank.";
            return (ResultModel);
        }

        var re = /^\w+$/;
        if (validateUserNameRules && !re.test(inputModel.userName)) {

            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: Username must contain only letters, numbers and underscores.";
            return (ResultModel);

        }

        if (inputModel.password != "" && inputModel.password == inputModel.password2) {
            if (inputModel.password.length < 6) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least six characters.";
                return (ResultModel);
            }
            if (validateUserNameRules && inputModel.password == inputModel.userName) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must be different from the Account Name.";
                return (ResultModel);
            }
            re = /[0-9]/;
            if (!re.test(inputModel.password)) {
                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one number (0-9).";
                return (ResultModel);
            }
            re = /[a-z]/;
            if (!re.test(inputModel.password)) {

                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one lowercase letter (a-z).";
                return (ResultModel);

            }
            re = /[A-Z]/;
            if (!re.test(inputModel.password)) {

                ResultModel.ResultId = 2;
                ResultModel.Message = "Error: Password must contain at least one uppercase letter (A-Z).";
                return (ResultModel);
            }
        } else {
            ResultModel.ResultId = 2;
            ResultModel.Message = "Error: Please check that you've entered and confirmed your password.";
            return (ResultModel);
        }

        return (ResultModel); //success password validation!!
    };