confirming string length, case, and alphanumeric

hi, my system generates a password with the following criteria: must be exactly 8 characters in length must have at least 1 number must have at least 1 uppercase letter must have at least 1 lower case letter however, the passwordGenerator i am using doesnt always get it right, even though it is supposed to. It probably gets it right 7 out of 10 times. I got it from someone on another post and cant see where the problem is. So i thought that when i generate the password i can write some cfscript to check if it meets the criteria and if not then it regenerates it and checks it again i know there must be a way of doing this in cfscript by using regular expressions var anUpperCase = /[A-Z]/; var aLowerCase = /[a-z]/; var aNumber = /[0-9]/; but i cant think on how to apply it and make it work. does anyone have any sample code that i can use, or can anyone provide me with any help. thanks very much, i really appreciate any help

> though it is supposed to. It probably gets it right 7 out of 10 times. I > got it from someone on another post and cant see where the problem is. So i > thought that when i generate the password i can write some cfscript to > check if it meets the criteria and if not then it regenerates it and checks > it again Why not just write a better generator ? 1 Create a random number between 0 and 9 2 Create 1 random upper case letter 3 Create 7 random lower case letters Concatenate all the results. There is a built in function to do 1. Once you've done that, you can generate random numbers with in a range, so you can do 2 (via the ASCII code for the letters). Once 2 is done, you can use it to do 3 by calling it 7 times and just ucase() the result. -- Tom Chiverton Helping to dynamically pursue leading-edge e-business **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF.  A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged.  If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents.   If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com.

I am with Tom on that one... Better to make something that works 100% than to double-check the output. However, if you want to double-check the output, I would say keep it simple. Check each rule individually: must be exactly 8 characters in length must have at least 1 number must have at least 1 uppercase letter must have at least 1 lower case letter <cfset strPassword = "Ben4Prez" /> <cfif (   REFind( "^.{8}$", strPassword ) AND   REFind( "\d+?", strPassword ) AND   REFind( "[a-z]+?", strPassword ) AND   REFind( "[A-Z]+?", strPassword )   )>   <!--- GOOD. --->    <cfelse>   <!--- BAD. --->    </cfif> ..................... Ben Nadel Certified Advanced ColdFusion MX7 Developer www.bennadel.com Need ColdFusion Help? www.bennadel.com/ask-ben/ > though it is supposed to. It probably gets it right 7 out of 10 times. > I got it from someone on another post and cant see where the problem > is. So i thought that when i generate the password i can write some > cfscript to check if it meets the criteria and if not then it > regenerates it and checks it again Why not just write a better generator ? 1 Create a random number between 0 and 9 2 Create 1 random upper case letter 3 Create 7 random lower case letters Concatenate all the results. There is a built in function to do 1. Once you've done that, you can generate random numbers with in a range, so you can do 2 (via the ASCII code for the letters). Once 2 is done, you can use it to do 3 by calling it 7 times and just ucase() the result. -- Tom Chiverton Helping to dynamically pursue leading-edge e-business **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF.  A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged.  If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents.  If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com.

thanks tom and ben. After i posted my question, i read it back and thought "my answer is to find one that works"!!! been a long day i think ;) but thanks for the answer ben this is actually very useful. thanks very much

No worries. Let us know if you get stuck and need to see some demos of what Tom is talking about. ..................... Ben Nadel Certified Advanced ColdFusion MX7 Developer www.bennadel.com Need ColdFusion Help? www.bennadel.com/ask-ben/ thanks tom and ben. After i posted my question, i read it back and thought "my answer is to find one that works"!!! been a long day i think ;) but thanks for the answer ben this is actually very useful. thanks very much

:) that would actually be really useful thanks ben. i have just been searching through the internet but would appreciate a specific example. i was looking for someone that had done a password generator that i could use but if i could learn the code to do it myself i would be very grateful thanks very much ben

Rich, Take a look at this. It is perhaps not the best solution, but it is easy to read / understand. I am opting for using static sets of valid characters because, while it might be more prone to error over the use of ascii values (as Tom was suggesting) it gives you a bit more flexibility in what actually is a valid character (for instance, notice below that I have added some punctuation into the mix as being valid): <!--- Set up lower case values. ---> <cfset strLowerCaseAlpha = "abcdefghijklmnopqrstuvwxyz" /> <!--- Set up upper case values. ---> <cfset strUpperCaseAlpha = UCase( strLowerCaseAlpha ) /> <!--- Set up numbers. ---> <cfset strNumbers = "0123456789" /> <!--- Set up additional valid password chars. ---> <cfset strOtherChars = "~!@##$%^&*" /> <!--- Create a set of all valid chars. ---> <cfset strAllValidChars = (   strLowerCaseAlpha &   strUpperCaseAlpha &   strNumbers &   strOtherChars   ) /> <!--- Create an array to contain the password. ---> <cfset arrPassword = ArrayNew( 1 ) /> <!--- Create the number. ---> <cfset arrPassword[ 1 ] = Mid(   strNumbers,   RandRange( 1, Len( strNumbers ) ),   1   ) />    <!--- Create the lowercase. ---> <cfset arrPassword[ 2 ] = Mid(   strLowerCaseAlpha,   RandRange( 1, Len( strLowerCaseAlpha ) ),   1   ) />    <!--- Create the uppercase. ---> <cfset arrPassword[ 3 ] = Mid(   strUpperCaseAlpha,   RandRange( 1, Len( strUpperCaseAlpha ) ),   1   ) />    <!--- Create rest of the password. ---> <cfloop   index="intChar"   from="#(ArrayLen( arrPassword ) + 1)#"   to="8"   step="1">      <!--- Pick random value. --->   <cfset arrPassword[ intChar ] = Mid(     strAllValidChars,     RandRange( 1, Len( strAllValidChars ) ),     1     ) />    </cfloop> <!---   Now, SHUFFLE the array. This is perhaps not he   safest thing to do, but on MX for now, it works. ---> <cfset CreateObject( "java", "java.util.Collections" ).Shuffle(   arrPassword   ) /> <cfdump var="#arrPassword#" /> ..................... Ben Nadel Certified Advanced ColdFusion MX7 Developer www.bennadel.com Need ColdFusion Help? www.bennadel.com/ask-ben/ :) that would actually be really useful thanks ben. i have just been searching through the internet but would appreciate a specific example. i was looking for someone that had done a password generator that i could use but if i could learn the code to do it myself i would be very grateful thanks very much ben

that looks brilliant, thanks ben. I will taking a look at it and will post again if i have any questions thanks alot ben, very much appreciated

I recently posted this to cflib... hi, my system generates a password with the following criteria: must be exactly 8 characters in length must have at least 1 number must have at least 1 uppercase letter must have at least 1 lower case letter however, the passwordGenerator i am using doesnt always get it right, even though it is supposed to. It probably gets it right 7 out of 10 times. I got it from someone on another post and cant see where the problem is. So i thought that when i generate the password i can write some cfscript to check if it meets the criteria and if not then it regenerates it and checks it again i know there must be a way of doing this in cfscript by using regular expressions var anUpperCase = /[A-Z]/; var aLowerCase = /[a-z]/; var aNumber = /[0-9]/; but i cant think on how to apply it and make it work. does anyone have any sample code that i can use, or can anyone provide me with any help. thanks very much, i really appreciate any help

Control + Enter is your ENEMY! Here's the link: http://www.cflib.org/udf.cfm?id=1609 hi, my system generates a password with the following criteria: must be exactly 8 characters in length must have at least 1 number must have at least 1 uppercase letter must have at least 1 lower case letter however, the passwordGenerator i am using doesnt always get it right, even though it is supposed to. It probably gets it right 7 out of 10 times. I got it from someone on another post and cant see where the problem is. So i thought that when i generate the password i can write some cfscript to check if it meets the criteria and if not then it regenerates it and checks it again i know there must be a way of doing this in cfscript by using regular expressions var anUpperCase = /[A-Z]/; var aLowerCase = /[a-z]/; var aNumber = /[0-9]/; but i cant think on how to apply it and make it work. does anyone have any sample code that i can use, or can anyone provide me with any help. thanks very much, i really appreciate any help

thanks bobby, this is good. Just a quick question if i use the following example: <cfoutput> #randStr("8", "alphanumericupper")# </cfoutput> will it always be 8 in length, have 1 uppercase, 1 lowercase and 1 number or does it choose to randomly select between them thanks bobby

No, sorry. It WILL always be 8 characters long but no guarantee that it will have at least one of each character set in it. That is a good point though. I'll fix that and submit version 2 to Ray -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.10/651 - Release Date: 1/24/2007 6:48 PM

thanks bobby. If you do resubmit would you let me know as i would like to use it :) thanks

No problem. thanks bobby. If you do resubmit would you let me know as i would like to use it :) thanks

Give this a shot Richard. Each time it loops to grab the next character, it grabs it from the next usable character set in the list so it uses them all. Just so it's not the same sequence of character sets over and over, the second loop rebuilds the string by pulling out random characters one at a time and appending them into a new string. All my tests have been successful so far. Let me know how yours turn out. If everything works out for you as well, I'll submit it. There is only one thing that is not so random about the string... if you use a length that is evenly divisible by the number of character sets that you use, then there will be an even number of each character set in the resulting string. Say you used randstr(9, 'alphanumericupper') (3 character sets alpha, numeric, and upper)... the result would have 3 lowercase letters, 3 uppercase letters and 3 numbers. I don't think that is a deal breaker but just thought I'd point it out. <cfscript> /** * Returns a randomly generated string using the specified character sets and length(s) * * @param strLen    Either a number of a list of numbers representing the range in size of the returned string. (Required) * @param charset    A string describing the type of random string. Can contain: alpha, numeric, and upper. (Required) * @return Returns a string. * @author Bobby Hartsfield (bobby@acoderslife.com) * @version 2, January 25, 2007 */ function randStr(strLen, charSet) {   var usableChars = "";   var charSets = arrayNew(1);   var tmpStr = "";     var newStr = "";   var i = 0;   var thisCharPos = 0;   var thisChar = "";      charSets[1] = '48,57';  // 0-9   charSets[2] = '65,90';  // A-Z   charSets[3] = '97,122';  // a=z      if (findnocase('alpha', charSet)) { usableChars = listappend(usableChars, 3); }      if (findnocase('numeric', charSet)) { usableChars = listappend(usableChars, 1); }      if (findnocase('upper', charSet)) { usableChars = listappend(usableChars, 2); }      if (len(usableChars) is 0) { usableChars = '1,2,3'; }   if(listlen(strLen) gt 1 and listfirst(strLen) lt listlast(strLen)) { strLen = randrange(listfirst(strLen), listlast(strLen)); }   else if (val(strLen) is 0) { strLen = 8; }         while (len(tmpStr) LE strLen-1)   {     thisSet = listFirst(usableChars);     usableChars = listdeleteat(usableChars, 1);     usableChars = listappend(usableChars, thisSet);        tmpStr = tmpStr & chr(randrange(listfirst(charSets[thisSet]), listlast(charSets[thisSet])));   }      for (i=1; i lte strLen; i=i+1)   {     thisCharPos = randrange(1, len(tmpStr));     thisChar = mid(tmpStr, thisCharPos, 1);     tmpStr = removeChars(tmPStr, thisCharPos, 1);     newstr = newstr & thisChar;   }      return newStr; } </cfscript> -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.10/651 - Release Date: 1/24/2007 6:48 PM

hi bobby, thanks for this i will be testing it later today. if it seems to work fine then when i implement it in our software i will create a check for it so that if it throws a password not matching the criteria, it will notify me, and in turn i will notify you thanks again bobby, i will let you know how the tests go later today

hi bobby, this is so far working great. it outputs the random numbers, lower, and upper at a length that we set. i so far have had no reported errors. thanks for this as this has really allowed me to understand the code to manipulate strings thanks again

Great glad it worked out for you. I'll submit it as version 2 to randstr() hi bobby, this is so far working great. it outputs the random numbers, lower, and upper at a length that we set. i so far have had no reported errors. thanks for this as this has really allowed me to understand the code to manipulate strings thanks again