BJ,
The regular expressions given (like "^[a-zA-Z0-9]$" are just ensuring that the
string contains only letters or numbers, but not forcing the inclusion of at
least one of each.
My thought was the string must either be:
<stuff 1><one letter><stuff 2><one digit><stuff 3>
or
<stuff 1><one digit><stuff 2><one letter><stuff 3>
where stuff 1, stuff 2, and stuff 3 are arbitrary (possibly empty)
alphanumeric strings.
The regex for this is:
"^([a-zA-Z0-9]*[a-zA-Z][a-zA-Z0-9]*[0-9][a-zA-Z0-9]*|[a-zA-Z0-9]*[0-9][a-zA-Z0-9
]*[a-zA-Z][a-zA-Z0-9]*)$"
The pipe "|" in the middle separates the two cases (the letter occurs before
the number | the number occurs before the letter).
The ^ denotes the beginning of the string, and the $ denotes the end, so this
RE will always return 1 if the password is OK, and zero otherwise.
<html>
<head><title>test pass</title></head>
<cfset
regex="^([a-zA-Z0-9]*[a-zA-Z][a-zA-Z0-9]*[0-9][a-zA-Z0-9]*|[a-zA-Z0-9]*[0-9][a-z
A-Z0-9]*[a-zA-Z][a-zA-Z0-9]*)$">
<body>
abc123:
<cfif REFind(regex, "abc123")>
yes
<cfelse>
no
</cfif>
<br>123
<cfif REFind(regex, "123")>
yes
<cfelse>
no
</cfif>
<br>abc
<cfif REFind(regex, "abc")>
yes
<cfelse>
no
</cfif>
<br>123abc
<cfif REFind(regex, "123abc")>
yes
<cfelse>
no
</cfif>
<br>123abc!
<cfif REFind(regex, "123abc!")>
yes
<cfelse>
no
</cfif>
</body>
</html>