quick PHP Array Help please

[Old Novus]

Hi everyone,
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and it's the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these ìÿ letters and its making the accounts buggy. Here is my code:
Thanks guys. if you have any questions please don't hesitate to ask.

Here is the array that is allowed for the account characters...but it doesnt seem to be working :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
We need strictly a-z or 0-9 only or else it bugs out accounts and could get other people's accounts over written. Any help is appreciated.

[poirot]

This one should work:

[code]if (!preg_match("/^\w+$/", $username)) {
   echo ''Bad characters..."
}[/code]

[Old Novus]

can you kinda explain what that one does? heheh

so i replace my line of :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

With this: if (!preg_match("/^\w+$/", $username)) {
echo ''Bad characters..."
}

then people will only be able to use letters a-z and 0-9?

[poirot]

NO, replace:

[code]if (!eregi("[A-Z0-9]", $username)){[/code]
with
[code]if (!preg_match("/^\w+$/", $username)) {[/code]

Actually it will accept also the underscore _. If you want strictly letters and numbers only, you can use:

[code]if (!preg_match("/^\([0-9A-Za-z])+$/", $username)) {[/code]

[Old Novus]

ok so that one will only allow a - z A - Z and 0 - 9 and nothing else like this: _ ' \ ][ àd·£ right?

[Old Novus]

its saying bad characters everytime now...

[Old Novus]

it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬

[vumpler]

[!--quoteo(post=378865:date=May 31 2006, 05:02 PM:name=Old Novus)--][div class=\'quotetop\']QUOTE(Old Novus @ May 31 2006, 05:02 PM) [snapback]378865[/snapback][/div][div class=\'quotemain\'][!--quotec--]
it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬
[/quote]

Bump.

To test the situation make a fake account attempt here:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

using whatever @dodgeit.com as your email address. Using the @dodgeit will remind us to delete thoes accounts. I am friends with "Old Novus" by the way and will be attempting to help futher the situation.

Another person told us to try:

if (preg_match('/[^A-Za-z0-9]/', $username)) which is similar to what has been suggested here but it didn't work either.

[poirot]

(preg_match('/[^A-Za-z0-9]/', $username)) is wrong because that is exclusion, and the best you could do with this is to detect if THERE ARE alphanumeric characters in the username.

Anyways, are you sure everything is correct? Can you post the entire code, or at least the $username definition?

[vumpler]

Here is our origional file without our edited input.

I'll put it in a .txt file because it won't let me post it here. it syas we are trying to connect to the forums here? Dunno..

[a href=\"http://195.210.38.23:2082//dl/9666379f92c9cd30073491648a36006c/447e2b1e/files/010606/1149119258/process.txt\" target=\"_blank\"]from mooload free file hosting[/a]

[Old Novus]

the username definition?

The reason why we have to have it so it only accepts a-z and 0-9 is because the game server that this php file is writing to doesnt accept spaces or underscores or +à?ÿè all those characters...it only accepts a-z and 0 - 9...and if anything else is in there, then it deletes that letter and bam it will overwrite an account...big security issue...that is why it must only accept a-z and 0-9 :/ very frustrating lol.

[poirot]

NO, what I mean is, how do you get $username?

$username = $_POST['username']?

[vumpler]

[!--quoteo(post=378889:date=May 31 2006, 07:02 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:02 PM) [snapback]378889[/snapback][/div][div class=\'quotemain\'][!--quotec--]
NO, what I mean is, how do you get $username?

$username = $_POST['username']?
[/quote]

I believe $username is the username we are specifying when making the account. The username being what we are having problems with. A-Z etc.

Here is the link so you can see what the form looks like:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

[Old Novus]

validate($_POST['username'], $_POST['email']);

Username is trying to be created in the form.....but we want those restrictions of only allowing a-z 0-9 etc. Thanks for helping us

[poirot]

Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...

[vumpler]

[!--quoteo(post=378895:date=May 31 2006, 07:34 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:34 PM) [snapback]378895[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
[/quote]

When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]

[!--quoteo(post=378901:date=May 31 2006, 07:52 PM:name=vumpler)--][div class=\'quotetop\']QUOTE(vumpler @ May 31 2006, 07:52 PM) [snapback]378901[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]
[/quote]

Oh and if we don't use: eregi (whereas you were using preg) we reallly can't get anywhere. That's why we changed it.

[Old Novus]

if (!eregi("([0-9A-Za-z])", $username)) {

this is still letting the script run...but it isnt blocking the wierd letters like this à++}áÜ...is there anyway to tweak that line to make it so there is ONLY a-z and 0 - 9 allowed, with no spaces or symbols?

[vumpler]

I can't believe this turned into such a difficult issue :(

[Old Novus]

Bump please

[Old Novus]

anyone?

[samshel]

[code]
if(eregi("[^a-zA-Z0-9]+",$str)) {
    echo "Invalid Chars !!";
} else {
    echo "All Valid Chars !!";
}
[/code]

This should work.....

[Old Novus]

another bump...still not working....guys please look at the full script and youll be able to better see what were trying to accomplish. this is hard i guess.

[Old Novus]

if (!eregi_match("/^\([0-9A-Za-z])+$/", $username)) {
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

This isnt working...we need it to ONLY allow a-z and 0-9 and nothing else...

[poirot]

OK, I have a working one I guess. It's actually the same as I posted before, but with a minor typo corrected:

[code]<?php

// Some entries to test
$test_array = array ('username', '21358', 'user2', 'l337z_cx', 'ccc*ccc', 'cr@p');

// Last Regex, OMG, forgot to remove the backslash! "\"!
// $old_regex = "/^\([0-9A-Za-z])+$/";

// This one shold do the job
$regex = "/^([A-Za-z0-9])+$/";

// Testing all entries
for ($i=0; $i<count($test_array); $i++) {
   echo $test_array[$i] . ': ';
   echo (!preg_match($regex, $test_array[$i])) ? 'Bad' : 'OK';
   echo '<br />';
}

?>[/code]

This will generate:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]username: OK
21358: OK
user2: OK
l337z_cx: Bad
ccc*ccc: Bad
cr@p: Bad[/quote]

So it's basically:

[code]if ((!preg_match("/^([A-Za-z0-9])+$/", $username)) {
   echo '<script language="Javascript">alert ("Bad characters in username")</script>';
   include("index.html");
   exit();
} else {
   echo 'OK, good to go!';
}[/code]

Just to point something out, that regex above will return false for any string with characters other than letters and numbers. This includes the space.

So, to avoid annoyances, use the trim() function to remove leading/trailing spaces that are commonly mis-entered by users:

' accident' will return false.
But if you trim(' accident'), it will become 'accident' and therefore return true.

[Old Novus]

Parse error: syntax error, unexpected '{' in C:\www\webroot\process.php on line 41

thats the nwe error...and its on the code line where preg is...on that line.