Php – Regex to exclude some symbols from a class but extending with others not included

Regex writing is among the most important aspects of solving the problem by doing some thinking about filtering.

Regex beginners might divide the problem into two parts: the first is to include the characters that are not present in [:graph:] and then remove the unwanted ones. A possible snippet might be the following script:

<?php

// Settings
$blacklist = '~`';
$whitelist = ' ';
$delimiter = '`';
$length = 50;

// Constructs pattern to take all characters now blacklisted characters are also present
$pattern = "[^";
$pattern .= ($whitelist != "")
    ? preg_quote($whitelist, $delimiter)
    : "";
$pattern .= "[:graph:]]+";

// Generate a raw string without the UTF-8 characters
$secure_password = preg_replace(
    "{$delimiter}{$pattern}{$delimiter}s",
    "",
    random_bytes($length * 10)
);

// If there are characters to remove it builds the specific pattern and then filters them out
if ($blacklist != "") {
    $pattern = "[". preg_quote($blacklist, $delimiter) ."]+";
    $secure_password = preg_replace(
        "{$delimiter}{$pattern}{$delimiter}s",
        "",
        $secure_password
    );
}

$secure_password = substr($secure_password, 0, $length);

Those with a little more knowledge about Regex might compact the code as follows:

<?php

// Settings
$blacklist = '~`';
$whitelist = ' ';
$delimiter = '`';
$length = 50;

// Builds the optimized pattern and filters the string
$pattern = "[^";
$pattern .= ($whitelist != "")
    ? preg_quote($whitelist, $delimiter)
    : "";
$pattern .= "[:graph:]]+";
$pattern .= ($whitelist != "")
    ? "|[". preg_quote($whitelist, $delimiter) ."]+"
    : "";

$secure_password = preg_replace(
    "{$delimiter}{$pattern}{$delimiter}s",
    "",
    random_bytes($length * 10)
);

$secure_password = substr($secure_password, 0, $length);

Finally if we wanted to do a check on the length of the filtered string to prevent it from being shorter than desired and wanted to use a function the code would become:

<?php

/**
 * The function generates a random string in the [:graph] set to which it includes any characters that are not in the class, for example whitespace, but removes specific characters
 * 
 * @param int $length           The length of the string we want to receive.
 * @param string $blacklist     The unwanted characters in the [:graph] class.
 * @param string $whitelist     The characters to include since they are not present in [:graph]
 * @return string               The secure password
 */
function graph_customized(
    int $length,
    string $blacklist = "",
    string $whitelist = ""
) : string {
    // Keep the random string
    $random_str = "";
    
    // How many times the desidered length
    $times = 10;

    // Generate at least one time the secure string
    do {
        // Generate a random string of bytes
        $random_bytes = random_bytes($times * $length);
        
        // Build the regex pattern
        $delimiter = "`"
        $whitelist = preg_quote($whitelist, $delimiter);
        $pattern = "[^{$whitelist}[:graph:]]+";
        if ($blacklist !"= "") {
            $pattern .= "|[". preg_quote($blacklist, $delimiter) ."]+";
        }
        
        // Filter eligible characters including whitelist characters but excluding blacklist characters
        $random_str .= preg_replace(
            "{$delimiter}(?:$pattern){$delimiter}s",
            "",
            $random_bytes
        );
        
        // If we do not want white characters at the beginning and end of the string uncomment the following statement. To filter only the left side use the ltrim function or rtrim for the right side
        //$random_str = trim($random_str);
        
    } while (strlen($random_str) < $length);
    
    return substr($random_str, 0, $length);
}

Possibly some thoughts could be given as to whether the preg_match_all function is better than preg_replace for this scenario, the pattern and more.

I hope this contribution of mine will be useful to someone.