DeanWhitehouse Posted April 26, 2008 Share Posted April 26, 2008 I want to set a minimum password lenght, would this be the right way to do it? if ($user_name && $user_password && $user_password2 && $user_email && $user_email2) { $user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 ")); $length = strlen($user_password); if ($length >= 6) { if ($user_check >= 1) { echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file."; } elseif ($user_password == $user_password2 && $user_email == $user_email2) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); mysql_query("INSERT INTO `$user` (user_id, user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')") or die('Error ' . mysql_error()); require_once 'main_write.php'; require_once 'redirect_install.php'; } } else { echo "Either the passwords or emails you entered do not match. Please check these details and try again"; } } else { echo "Please fill in all of the required fields."; } } Quote Link to comment Share on other sites More sharing options...
dezkit Posted April 26, 2008 Share Posted April 26, 2008 i would prefer javascript? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 26, 2008 Author Share Posted April 26, 2008 but JS can be turned off, in certain browsers, so it can be got around Quote Link to comment Share on other sites More sharing options...
Fadion Posted April 26, 2008 Share Posted April 26, 2008 Why not test it personally first? This looks like ure being lazy to test your scripts. Anyway the syntax is: int strlen ( string $string ) so yes, u have it alright. About the javascript one, u can do both validations (server and client side) so ure sure it will work even if javascript is disabled. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 26, 2008 Author Share Posted April 26, 2008 o rite, thanks, and i didn't want to test it as it is emebbed in this code, and it would mean i would have to delete my tables in the database to test, but i will make a register page to test it on. <?php /*Random Game Design: PHP Website Template/CMS Version 1 Copyright Dean Whitehouse, 2008*/ require_once '../includes/db_connect.php'; if(isset($_POST['admin_signup'])){ $user_name = mysql_real_escape_string($_POST["user_name"]); $user_password =mysql_real_escape_string($_POST["user_password"]); $user_password2 =mysql_real_escape_string ($_POST["user_password2"]); $user_email =mysql_real_escape_string ($_POST["user_email"]); $user_email2 =mysql_real_escape_string ($_POST["user_email2"]); $ip = $_SERVER['REMOTE_ADDR']; if ($user_name && $user_password && $user_password2 && $user_email && $user_email2) { $user_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE userlevel=1 ")); $length = strlen($user_password); if ($length >= 6) { if ($user_check >= 1) { echo "Sorry, but the head admin account is already created. Please delete the table in your mysql database and run the install.php file."; } elseif ($user_password == $user_password2 && $user_email == $user_email2) { $userPswd = md5($user_password); $userpwsd = sha1($userPswd); mysql_query("INSERT INTO `$user` (user_id, user_name, user_password, user_email, user_ip, userlevel) VALUES ('','$user_name','$userpwsd','$user_email','$ip','1')") or die('Error ' . mysql_error()); require_once 'main_write.php'; require_once 'redirect_install.php'; } } else { echo "Either the passwords or emails you entered do not match. Please check these details and try again"; } } else { echo "Please fill in all of the required fields."; } } mysql_close(); ?> <?php if(isset($_POST['continue_saved'])) { ?> <html> <table bgcolor='#999999' align='center' width="400px"> <form action='<?php $_SERVER['PHP_SELF']; ?>' method='POST'> <tr><td width="10px">Username: </td><td><input type='text' name='user_name' maxlength="20" width="400px" /><br /></td></tr> <tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr> <tr><td width="10px">E-mail Address:</td> <td><input type='text' name='user_email' /><br /></td></tr> <tr><td width="10px">Confirm E-mail Address: </td><td><input type='text' name='user_email2' /><br /></td></tr> <tr><td width="10px">Password:</td><td> <input type='password' name='user_password' maxlength="30" /><br /></td></tr> <tr><td width="10px">Maximum Length<br /> 20 characters.</td></tr> <tr><td width="10px">Confirm Password:</td><td> <input type='password' name='user_password2' maxlength="30"/><br /></td></tr> <tr><td><input type='submit' value='Complete Registration' name='admin_signup' /></td><td><input type="reset" value="Reset Fields" name="reset" /></td></tr> </form> </table> </html> <?php exit(); } if(isset($_POST['table_saved'])) { require_once '../includes/db_connect.php'; mysql_connect($dbhost,$dbuser,$dbpass) or die('Could not connect: ' . mysql_error()); // Select database mysql_select_db($dbname) or die('Could not find the database: ' . mysql_error()); $sql_user = "CREATE TABLE $user( user_id int(11) AUTO_INCREMENT NOT NULL PRIMARY KEY, user_name varchar(100) NOT NULL, user_password varchar(100) NOT NULL, user_email varchar(100) NOT NULL, user_ip varchar(20) NOT NULL, user_ban varchar(3) NOT NULL, ban_reason varchar(100) NOT NULL, ban_length varchar(25) NOT NULL, userlevel tinyint(1) unsigned NOT NULL, random_key varchar(32) NOT NULL, user_activated varchar(25) NOT NULL )"; $sql_forum1 = "CREATE TABLE $forum_quest( id int(4) NOT NULL AUTO_INCREMENT PRIMARY KEY, topic varchar(255) NOT NULL default '', detail longtext NOT NULL, name varchar(65) NOT NULL default '', email varchar(65) NOT NULL default '', datetime varchar(25) NOT NULL default '', view int(4) NOT NULL default '0', reply int(4) NOT NULL default '0' )AUTO_INCREMENT=1"; $sql_forum2 = "CREATE TABLE $forum_answ( question_id int(4) NOT NULL default '0', a_id int(4) NOT NULL default '0', a_name varchar(65) NOT NULL default '', a_email varchar(65) NOT NULL default '', a_answer longtext NOT NULL, a_datetime varchar(25) NOT NULL default '', KEY a_id (`a_id`) )"; $make_user= mysql_query($sql_user); $make_forum = mysql_query($sql_forum1); $make_forum1 = mysql_query($sql_forum2); $checkifexist_user = mysql_query ("SELECT * FROM '$user' LIMIT 0,1"); $checkifexist_quest = mysql_query ("SELECT * FROM '$forum_quest' LIMIT 0,1"); $checkifexist_answ = mysql_query ("SELECT * FROM '$forum_answ' LIMIT 0,1"); if (!$make_user) { echo("'$user' Table already exists.<br>'$user' table could not be created.<br>"); } else { echo("'$user' Table Created.<br>"); } if (!make_forum) { echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>"); } else { echo("'$forum_quest' Table Created.<br>"); } if (!make_forum1) { echo("'$forum_quest' Table already exists.<br>'$forum_quest' table could not be created.<br>"); } else { echo("'$forum_answ' Table Created.<br>"); } ?><form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> <input type="submit" value="Continue" name="continue_saved"/> <? mysql_close(); exit(); } if(isset($_POST['table_names'])) { require_once '../includes/db_connect.php'; $dbhost = $_POST["dbhost"]; $user = $_POST["user"]; $forum_quest = $_POST["forum_question"]; $forum_answ = $_POST ["forum_answers"]; if ($user.$forum_quest.$forum_answ) { require_once "config_writetable.php"; echo "Table details saved:<br>User details saved:$user<br>Forum Questions saved:$forum_quest<br>Forum Answers saved:$forum_answ"; ?> <p>Table name's saved, press continue to create the table.<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> <input type='submit' value='Continue' name='table_saved'> </form> </p> <?php } else { echo ("Please go back and fill in the required fields"); } exit(); } if(isset($_POST['check'])) { // Database Connection Information $dbhost = $_POST["dbhost"]; // Database Host $dbuser = $_POST["dbuser"]; // Database Username $dbpass = $_POST["dbpass"]; // Database Password $dbname = $_POST["dbname"]; // Database Name // Attempt to connect to the database using the user submitted form. $con = mysql_connect($dbhost, $dbuser, $dbpass); if ($con) { require_once 'config_write.php'; echo "You have successfully connected with these details to '$dbname'. <br>Username - '$dbuser'<br> Password - '$dbpass'<br> Database Host - '$dbhost'<br>Please enter the table names you want, or if you want to use the preset names click continue. NOTE: Each table must be a different name. Please do not leave any blank spaces. "; ?> <table align="center" bgcolor="#333333" width="300px" border="0"> <form method="post" action="<?php $_SERVER['PHP_SELF']; ?>"> <tr><td><font color="#FFFFFF">User Details:</td><td><input type='text' name='user'></td></tr> <tr><td><font color="#ffffff">Forum Questions</td> <td><input type="text" name='forum_question'></td></tr> <tr><td><font color='#ffffff'>Forum Answers</td> <td><input type='text' name='forum_answers'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='table_names'></td></tr> </font> </form> </table> <?php exit(); } else { echo 'Error connecting to database:' . mysql_error() . '\n'; // Database creation failed ?> <p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form> </p> <?php } // Close connection to the database mysql_close(); } else { ?> <!--<p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br>Plese only click this button once, as it will reset your progress.<form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Start' name='start'></form>--> </p> <?php } if(isset($_POST['simple_start'])) if(isset($_POST['advanced_start'])) { echo ('Please enter the details used to connect to your MySql database.'); ?> <table align='center' bgcolor="#999999" width='300px' border='0'><form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"> <tr><td> Database Host:</td><td> <input type='text' name='dbhost'><br></td></tr> <tr><td> Database Username:</td><td> <input type='text' name='dbuser'><br></td></tr> <tr><td> Database Password: </td><td> <input type='text' name='dbpass'><br></td></tr> <tr><td> Database Name: </td><td> <input type='text' name='dbname'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='check'> </td></tr></form> </table> <?php } } else { ?> <p>Welcome to the random game design website template. Please follow this set-up and then you can customise your site fully.<br> <form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Simple Setup' name='simple_start'> <form method='post' action="<?php $_SERVER['PHP_SELF']; ?>"><input type='submit' value='Advanced Setup' name='advanced_start'></form> </p> <?php } ?> and this is my updated bit, i believe this is what u ment $length = int strlen(string $user_password); Quote Link to comment Share on other sites More sharing options...
MadTechie Posted April 26, 2008 Share Posted April 26, 2008 as a side note i would like to point out something else $userPswd = md5($user_password); $userpwsd = sha1($userPswd); Is pointless, since you're feeding in 128-bits of information to generate a 256-bit hash, so 50% of the resulting data is redundant. this it not more secure at all. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 26, 2008 Author Share Posted April 26, 2008 i get an unexpected TSTRING error with this $length = int strlen(string $user_password); how can i fix this, as adding "" to it doesn't work Quote Link to comment Share on other sites More sharing options...
Dragen Posted April 26, 2008 Share Posted April 26, 2008 $length = strlen($user_password); Quote Link to comment Share on other sites More sharing options...
Fadion Posted April 27, 2008 Share Posted April 27, 2008 i get an unexpected TSTRING error with this $length = int strlen(string $user_password); how can i fix this, as adding "" to it doesn't work lol, m8 i just gave u the syntax of strlen(): int strlen(string $string), meaning it needs a string parameter and it returns an int. lol. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 27, 2008 Author Share Posted April 27, 2008 soz, lol, i got a bit confused, as it is the first time i used something like that Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.