Here are the direct answers. I kept them short because they won't make sense without an understanding of regex. That understanding is best gained at regular-expressions.info. I advise you to also try out the regex helper toolslisted there, they allow you to experiment - see live capturing/matching as you edit the pattern, very helpful.

以下是直接答案。我让它们简短，因为如果不了解正则表达式，它们就没有意义。这种理解最好在regular-expressions.info 上获得。我建议您也尝试一下那里列出的正则表达式助手工具，它们允许您进行实验 - 在您编辑模式时查看实时捕获/匹配，非常有帮助。

1: The caret ^is an anchor, it means "the start of the haystack/string/line".

1：插入符号^是一个锚点，意思是“大海捞针/字符串/行的开始”。

• If a caret is the first symbol inside a character class [], it has a different meaning: It negates the class. (So in [^ab]the caret makes that class match anything which is notab)

• 如果插入符号是字符类中的第一个符号[]，则它具有不同的含义：它否定类。（所以在[^ab]插入符号中使该类匹配任何不是ab 的东西）

2: The dot .and the asterisk *serve two separate purposes:

2：点.和星号*有两个不同的目的：

• The dot matches any single character except newline \n.
• The asterisk says "allow zero or many of the preceeding type".

• 点匹配除换行符之外的任何单个字符\n。
• 星号表示“允许零个或多个前面的类型”。

When these two are combined as .*it basically reads "zero or more of anything until a newline or another rule comes into effect".

当这两个组合在一起时，.*它基本上读作“零个或多个任何内容，直到换行符或其他规则生效”。

7: The dollar $is also an anchor like the caret, with the opposite function: "the end of the haystack".

7：美元$也是像脱字符号一样的锚，功能相反：“大海捞针”。

Edit:

编辑：

Simple parentheses ( )around something makes it a group. Here you have (?=)which is an assertion, specifically a positive look ahead assertion. All it does is check whether what's inside actually exists forward from the current cursor position in the haystack. Still with me?
Example:foo(?=bar)matches fooonly if followed by bar. baris never matched, only foois returned.

( )一些东西周围的简单括号使它成为一个组。这里你有(?=)which 是一个断言，特别是一个积极的前瞻断言。它所做的只是检查从 haystack 中当前光标位置向前的内容是否确实存在。还在我这儿？
例如：foo(?=bar)匹配foo仅当随后bar。bar永远不会匹配，只会foo返回。

With this in mind, let's dissect your regex:

考虑到这一点，让我们剖析您的正则表达式：

/^.*(?=.{4,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/

Reads as:
        ^.* From Start, capture 0-many of any character
  (?=.{4,}) if there are at least 4 of anything following this
(?=.*[0-9]) if there is: 0-many of any, ending with an integer following
(?=.*[a-z]) if there is: 0-many of any, ending with a lowercase letter following
(?=.*[A-Z]) if there is: 0-many of any, ending with an uppercase letter following
        .*$ 0-many of anything preceding the End

You say the order of password characters matter - it doesn't in my tests. See test script below. Hope this cleared up a thing or two. If you are looking for another regex which is a bit more forgiving, see regex password validation

您说密码字符的顺序很重要 - 在我的测试中并不重要。请参阅下面的测试脚本。希望这能澄清一两件事。如果您正在寻找另一个更宽容的正则表达式，请参阅正则表达式密码验证

<pre>
<?php
// Only the last 3 fail, as they should. You claim the first does not work?
$subjects = array("aaB1", "Baa1", "1Baa", "1aaB", "aa1B", "aa11", "aaBB", "aB1");

foreach($subjects as $s)
{
    $res = preg_match("/^.*(?=.{4,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $s, $matches);
    echo "result: ";
    print_r($res);

    echo "<br>";
    print_r($matches);
    echo "<hr>";
}

Excellent online tool for checking and testing Regular Expressions: https://regex101.com/

用于检查和测试正则表达式的优秀在线工具：https: //regex101.com/

If you don't know this site, you should go there immediately.

如果你不知道这个网站，你应该马上去那里。

This is like the bible of regular expressions.

这就像正则表达式的圣经。

Regular-expressions.info

正则表达式.info

To use regular expressions first you need to learn the syntax. This syntax consists in a series of letters, numbers, dots, hyphens and special signs, which we can group together using different parentheses.

要首先使用正则表达式，您需要学习语法。这种语法由一系列字母、数字、点、连字符和特殊符号组成，我们可以使用不同的括号将它们组合在一起。

Look at this link Getting Started with PHP Regular Expressions. An easy way to learn regular expressions.

查看此链接PHP 正则表达式入门。学习正则表达式的简单方法。