Use str_split to realize password strength detection

M66 2025-05-28

The str_split function in PHP splits a string into an array, each array element contains a character in the string. The basic syntax is as follows:

 str_split(string $string, int $length = 1): array

$string : The string to be split.
$length : The length of each array element, default to 1.

For example, calling str_split("abcdef") will return ['a', 'b', 'c', 'd', 'e', 'f'] .

2. Password strength detection rules

In order to determine the strength of a password, we usually consider the following aspects:

Length : The length of the password should be long enough, usually at least 8 characters are required.
Include numbers : The password should contain numbers.
Include capital letters : The password should contain at least one capital letter.
Include lowercase letters : The password should contain at least one lowercase letter.
Contains special characters : The password should contain at least one special character, such as @ , # , $ , etc.

3. Use str_split function for password detection

We can use str_split to split the password into an array and check each character in the array to determine whether the password meets the above strength requirements. Here is a simple example code:

 <?php

function check_password_strength($password) {
    // Check password length
    if (strlen($password) < 8) {
        return "Password length is at least 8 Characters";
    }

    // use str_split Split passwords as arrays
    $password_array = str_split($password);

    // Initialize flags
    $has_upper = false;
    $has_lower = false;
    $has_digit = false;
    $has_special = false;

    // Iterate through the array，检查每Characters
    foreach ($password_array as $char) {
        if (ctype_upper($char)) {
            $has_upper = true;
        } elseif (ctype_lower($char)) {
            $has_lower = true;
        } elseif (is_numeric($char)) {
            $has_digit = true;
        } elseif (preg_match('/[!@#$%^&*(),.?":{}|<>]/', $char)) {
            $has_special = true;
        }
    }

    // Check whether all conditions are met
    if (!$has_upper) {
        return "passwords must contain at least one upper case letter";
    }
    if (!$has_lower) {
        return "The password must contain at least one lowercase letter";
    }
    if (!$has_digit) {
        return "The password must contain at least one number";
    }
    if (!$has_special) {
        return "The password must contain at least one special character";
    }

    return "Password strength";
}

// Sample Test
$password = "P@ssw0rd";
echo check_password_strength($password); // Output：Password strength

?>

4. Code parsing

str_split($password) : Split the password string into an array to facilitate character checking.
ctype_upper($char) : Check whether the character is capital letter.
ctype_lower($char) : Check whether the character is lowercase.
is_numeric($char) : Check whether the character is a number.
preg_match('/[!@#$%^&*(),.?":{}|<>]/', $char) : Check whether the character is a special character.

5. Further enhance password security

Although the detection rules mentioned above can effectively improve the security of passwords, we can still further enhance the strictness of password detection. Consider:

Restricted passwords cannot contain common information about users (such as username, email, birthday, etc.).
Encrypt passwords using hashing algorithms such as SHA-256 or bcrypt to ensure that they cannot be directly cracked even if the password is leaked.

str_split