Jump to content

[SOLVED] strlen- am i using it right


DeanWhitehouse

Recommended Posts

I want to set a minimum password lenght, would this be the right way to do it?

if ($user_name && $user_password && $user_password2 && $user_email && $user_email2)
{
	$user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 "));	
$length = strlen($user_password);
if ($length >= 6)
{
if ($user_check >= 1)	
{
	echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file.";
}
elseif ($user_password == $user_password2 && $user_email == $user_email2)
{
$userPswd = md5($user_password);
$userpwsd = sha1($userPswd);
mysql_query("INSERT INTO `$user` (user_id,  user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')")
or die('Error ' . mysql_error());
require_once 'main_write.php';
require_once 'redirect_install.php';
 }
 }
else
{
echo "Either the passwords or emails you entered do not match. Please check these details and try again";
}
} 

else 
{
echo "Please fill in all of the required fields.";
}
}

Link to comment
Share on other sites

Why not test it personally first? This looks like ure being lazy to test your scripts. Anyway the syntax is: int strlen ( string $string ) so yes, u have it alright. About the javascript one, u can do both validations (server and client side) so ure sure it will work even if javascript is disabled.

Link to comment
Share on other sites

o rite, thanks, and i didn't want to test it as it is emebbed in this code, and it would mean i would have to delete my tables in the database to test,

but i will make a register page to test it on.

<?php
/*Random Game Design: PHP Website Template/CMS
Version 1
Copyright Dean Whitehouse, 2008*/

require_once '../includes/db_connect.php';
if(isset($_POST['admin_signup'])){	

$user_name = mysql_real_escape_string($_POST["user_name"]);		
$user_password =mysql_real_escape_string($_POST["user_password"]);		
$user_password2 =mysql_real_escape_string ($_POST["user_password2"]);
$user_email =mysql_real_escape_string ($_POST["user_email"]);		
$user_email2 =mysql_real_escape_string ($_POST["user_email2"]);
$ip = $_SERVER['REMOTE_ADDR'];
if ($user_name && $user_password && $user_password2 && $user_email && $user_email2)
{
	$user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 "));	
$length = strlen($user_password);
if ($length >= 6)
{
if ($user_check >= 1)	
{
	echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file.";
}
elseif ($user_password == $user_password2 && $user_email == $user_email2)
{
$userPswd = md5($user_password);
$userpwsd = sha1($userPswd);
mysql_query("INSERT INTO `$user` (user_id,  user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')")
or die('Error ' . mysql_error());
require_once 'main_write.php';
require_once 'redirect_install.php';
 }
 }
else
{
echo "Either the passwords or emails you entered do not match. Please check these details and try again";
}
} 

else 
{
echo "Please fill in all of the required fields.";
}
}
mysql_close();
?>
<?php
if(isset($_POST['continue_saved']))
{ ?>
<html>
<table bgcolor='#999999' align='center' width="400px">
<form action='<?php $_SERVER['PHP_SELF']; ?>' method='POST'>
<tr><td width="10px">Username: </td><td><input type='text' name='user_name' maxlength="20" width="400px" /><br /></td></tr>
<tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr>
<tr><td width="10px">E-mail Address:</td> <td><input type='text' name='user_email' /><br /></td></tr>
<tr><td width="10px">Confirm E-mail Address: </td><td><input type='text' name='user_email2' /><br /></td></tr>
<tr><td width="10px">Password:</td><td> <input type='password' name='user_password' maxlength="30" /><br /></td></tr>
<tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr>
<tr><td width="10px">Confirm Password:</td><td> <input type='password' name='user_password2'  maxlength="30"/><br /></td></tr>
<tr><td><input type='submit' value='Complete Registration' name='admin_signup' /></td><td><input type="reset" value="Reset Fields" name="reset" /></td></tr>
</form>
</table>
</html>
<?php
exit();
}
if(isset($_POST['table_saved']))
{
require_once '../includes/db_connect.php';
mysql_connect($dbhost,$dbuser,$dbpass)
or die('Could not connect: ' . mysql_error());

// Select database
mysql_select_db($dbname)
or die('Could not find the database: ' . mysql_error());

$sql_user = "CREATE TABLE $user(
user_id int(11) AUTO_INCREMENT NOT NULL PRIMARY KEY,
user_name varchar(100) NOT NULL,
user_password varchar(100) NOT NULL,
user_email varchar(100) NOT NULL,
user_ip varchar(20) NOT NULL,
user_ban varchar(3) NOT NULL,
ban_reason varchar(100) NOT NULL,
ban_length varchar(25) NOT NULL,
userlevel tinyint(1) unsigned NOT NULL,
random_key varchar(32) NOT NULL,
user_activated varchar(25) NOT NULL
)";


$sql_forum1 = "CREATE TABLE $forum_quest(
id int(4) NOT NULL AUTO_INCREMENT PRIMARY KEY,
topic varchar(255) NOT NULL default '',
detail longtext NOT NULL,
name varchar(65) NOT NULL default '',
email varchar(65) NOT NULL default '',
datetime varchar(25) NOT NULL default '',
view int(4) NOT NULL default '0',
reply int(4) NOT NULL default '0'
)AUTO_INCREMENT=1";


$sql_forum2 = "CREATE TABLE $forum_answ(
question_id int(4) NOT NULL default '0',
a_id int(4) NOT NULL default '0',
a_name varchar(65) NOT NULL default '',
a_email varchar(65) NOT NULL default '',
a_answer longtext NOT NULL,
a_datetime varchar(25) NOT NULL default '',
KEY a_id (`a_id`)
)";

$make_user= mysql_query($sql_user);
$make_forum = mysql_query($sql_forum1);
$make_forum1 = mysql_query($sql_forum2);
$checkifexist_user = mysql_query ("SELECT * FROM '$user' LIMIT 0,1");
$checkifexist_quest = mysql_query ("SELECT * FROM '$forum_quest' LIMIT 0,1");
$checkifexist_answ = mysql_query ("SELECT * FROM '$forum_answ' LIMIT 0,1");

if (!$make_user)
{
echo("'$user' Table already exists.<br>'$user' table could not be created.<br>");
}
else
{
echo("'$user' Table Created.<br>");
}
if (!make_forum)
{
echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>");
}
else
{
echo("'$forum_quest' Table Created.<br>");
}
if (!make_forum1)
{
echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>");
}
else
{
echo("'$forum_answ' Table Created.<br>");
}
?><form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<input type="submit" value="Continue" name="continue_saved"/>
<?
mysql_close();
exit();
}


if(isset($_POST['table_names']))
{
require_once '../includes/db_connect.php';
$dbhost = $_POST["dbhost"];			
$user = $_POST["user"];
$forum_quest = $_POST["forum_question"];
$forum_answ = $_POST ["forum_answers"];
if ($user.$forum_quest.$forum_answ)
{
require_once "config_writetable.php";
echo "Table details saved:<br>User details saved:$user<br>Forum Questions saved:$forum_quest<br>Forum Answers saved:$forum_answ";
?>
<p>Table name's saved, press continue to create the table.<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<input type='submit' value='Continue' name='table_saved'>
</form>
</p>
<?php
}
else
{
echo ("Please go back and fill in the required fields");
}
exit();
}
if(isset($_POST['check']))
{
// Database Connection Information
$dbhost = $_POST["dbhost"];			// Database Host
$dbuser = $_POST["dbuser"];		// Database Username
$dbpass = $_POST["dbpass"];		// Database Password
$dbname = $_POST["dbname"];			// Database Name


// Attempt to connect to the database using the user submitted form.
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if ($con)
{
require_once 'config_write.php';
echo "You have successfully connected with these details to '$dbname'. <br>Username - '$dbuser'<br> Password - '$dbpass'<br> Database Host - '$dbhost'<br>Please enter the table names you want, or if you want to use the preset names click continue. NOTE: Each table must be a different name. Please do not leave any blank spaces.
";
?>
<table align="center" bgcolor="#333333" width="300px" border="0">
<form method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
<tr><td><font color="#FFFFFF">User Details:</td><td><input type='text' name='user'></td></tr>
<tr><td><font color="#ffffff">Forum Questions</td>
<td><input type="text" name='forum_question'></td></tr>
<tr><td><font color='#ffffff'>Forum Answers</td>
<td><input type='text' name='forum_answers'><br></td></tr>
<tr><td></td><td><input type='submit' value='Continue' name='table_names'></td></tr>
</font>
</form>
</table>	
<?php exit();	
}					
else
{
	echo 'Error connecting to database:'  . mysql_error() . '\n';		// Database creation failed
?>
<p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form>
</p>
<?php
}
// Close connection to the database
mysql_close();
}
else
{
?>
<!--<p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form>-->
</p>
<?php

}
if(isset($_POST['simple_start']))
if(isset($_POST['advanced_start']))
{
echo ('Please enter the details used to connect to your MySql database.');
?>
<table align='center' bgcolor="#999999" width='300px' border='0'><form method='post' action="<?php $_SERVER['PHP_SELF']; ?>">
<tr><td>
Database Host:</td><td>  
<input type='text' name='dbhost'><br></td></tr>
<tr><td>
Database Username:</td><td>  
<input type='text' name='dbuser'><br></td></tr>
<tr><td>
Database Password:  </td><td>
<input type='text' name='dbpass'><br></td></tr>
<tr><td>
Database Name:  </td><td>
<input type='text' name='dbname'><br></td></tr>
<tr><td></td><td><input type='submit' value='Continue' name='check'>
</td></tr></form>
</table>
<?php
}
}
else
{
?>
<p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>
<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Simple Setup' name='simple_start'>
<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Advanced Setup' name='advanced_start'></form>
</p>
<?php
}
?>

 

and this is my updated bit, i believe this is what u ment

$length = int strlen(string $user_password);

Link to comment
Share on other sites

as a side note i would like to point out something else

 

	$userPswd = md5($user_password);
$userpwsd = sha1($userPswd);

 

Is pointless, since you're feeding in 128-bits of information to generate a 256-bit hash,

so 50% of the resulting data is redundant. this it not more secure at all.

Link to comment
Share on other sites

i get an unexpected TSTRING error with this

$length = int strlen(string $user_password);

how can i fix this, as adding "" to it doesn't work

 

lol, m8 i just gave u the syntax of strlen(): int strlen(string $string), meaning it needs a string parameter and it returns an int. lol.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.