I have to agree with Alan. If the existing regex is so complicated, why try and do it in just one regex?
Just break it down into approachable simple steps. You have already done that.
Now write 4 regex to validate your parts, add basic logic to the 4 regex and measure the length of the string. Done.
Which would you rather debug, this:
(?=^(?:[^A-Z]*[A-Z]){2})(?=^(?:[^a-z]*[a-z]){2})(?=^(?:\D*\d){2})(?=^(?:\w*\W){2})^[A-Za-z\d\W]{8,}$ (which does not work btw…)
or this:
function valid_pass($candidate) {
$r1='/[A-Z]/'; //Uppercase
$r2='/[a-z]/'; //lowercase
$r3='/[!@#$%^&*()\-_=+{};:,<.>]/'; // whatever you mean by 'special char'
$r4='/[0-9]/'; //numbers
if(preg_match_all($r1,$candidate, $o)<2) return FALSE;
if(preg_match_all($r2,$candidate, $o)<2) return FALSE;
if(preg_match_all($r3,$candidate, $o)<2) return FALSE;
if(preg_match_all($r4,$candidate, $o)<2) return FALSE;
if(strlen($candidate)<8) return FALSE;
return TRUE;
}
Why folks feel they have to write a regex that no one can understand just so they can do it in one go is beyond me…
Ok ok — if you really want a single regex, learn about lookaheads to validate your rules.
This monster does what you asked in one go:
^ # start of line
(?=(?:.*[A-Z]){2,}) # 2 upper case letters
(?=(?:.*[a-z]){2,}) # 2 lower case letters
(?=(?:.*\d){2,}) # 2 digits
(?=(?:.*[!@#$%^&*()\-_=+{};:,<.>]){2,}) # 2 special characters
(.{8,}) # length 8 or more
$ # EOL