Jump to content


Photo

quick PHP Array Help please


  • Please log in to reply
27 replies to this topic

#1 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 31 May 2006 - 08:58 PM

Hi everyone,
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and it's the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these ìÿ letters and its making the accounts buggy. Here is my code:
Thanks guys. if you have any questions please don't hesitate to ask.

Here is the array that is allowed for the account characters...but it doesnt seem to be working :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
We need strictly a-z or 0-9 only or else it bugs out accounts and could get other people's accounts over written. Any help is appreciated.

#2 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 31 May 2006 - 09:12 PM

This one should work:

if (!preg_match("/^\w+$/", $username)) {
   echo ''Bad characters..."
}

~ D Kuang

#3 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 31 May 2006 - 09:14 PM

can you kinda explain what that one does? heheh

so i replace my line of :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

With this: if (!preg_match("/^\w+$/", $username)) {
echo ''Bad characters..."
}

then people will only be able to use letters a-z and 0-9?

#4 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 31 May 2006 - 09:24 PM

NO, replace:

if (!eregi("[A-Z0-9]", $username)){
with
if (!preg_match("/^\w+$/", $username)) {

Actually it will accept also the underscore _. If you want strictly letters and numbers only, you can use:

if (!preg_match("/^\([0-9A-Za-z])+$/", $username)) {

~ D Kuang

#5 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 31 May 2006 - 09:30 PM

ok so that one will only allow a - z A - Z and 0 - 9 and nothing else like this: _ ' \ ][ àd·£ right?

#6 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 31 May 2006 - 09:51 PM

its saying bad characters everytime now...

#7 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 31 May 2006 - 10:02 PM

it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬

#8 vumpler

vumpler
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 31 May 2006 - 11:01 PM

[!--quoteo(post=378865:date=May 31 2006, 05:02 PM:name=Old Novus)--][div class=\'quotetop\']QUOTE(Old Novus @ May 31 2006, 05:02 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬
[/quote]

Bump.

To test the situation make a fake account attempt here:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

using whatever @dodgeit.com as your email address. Using the @dodgeit will remind us to delete thoes accounts. I am friends with "Old Novus" by the way and will be attempting to help futher the situation.

Another person told us to try:

if (preg_match('/[^A-Za-z0-9]/', $username)) which is similar to what has been suggested here but it didn't work either.

#9 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 31 May 2006 - 11:26 PM

(preg_match('/[^A-Za-z0-9]/', $username)) is wrong because that is exclusion, and the best you could do with this is to detect if THERE ARE alphanumeric characters in the username.

Anyways, are you sure everything is correct? Can you post the entire code, or at least the $username definition?
~ D Kuang

#10 vumpler

vumpler
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 31 May 2006 - 11:49 PM

Here is our origional file without our edited input.

I'll put it in a .txt file because it won't let me post it here. it syas we are trying to connect to the forums here? Dunno..

[a href=\"http://195.210.38.23:2082//dl/9666379f92c9cd30073491648a36006c/447e2b1e/files/010606/1149119258/process.txt\" target=\"_blank\"]from mooload free file hosting[/a]

#11 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 01 June 2006 - 12:00 AM

the username definition?

The reason why we have to have it so it only accepts a-z and 0-9 is because the game server that this php file is writing to doesnt accept spaces or underscores or +à?ÿè all those characters...it only accepts a-z and 0 - 9...and if anything else is in there, then it deletes that letter and bam it will overwrite an account...big security issue...that is why it must only accept a-z and 0-9 :/ very frustrating lol.

#12 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 01 June 2006 - 12:02 AM

NO, what I mean is, how do you get $username?

$username = $_POST['username']?

~ D Kuang

#13 vumpler

vumpler
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 01 June 2006 - 12:06 AM

[!--quoteo(post=378889:date=May 31 2006, 07:02 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:02 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
NO, what I mean is, how do you get $username?

$username = $_POST['username']?
[/quote]

I believe $username is the username we are specifying when making the account. The username being what we are having problems with. A-Z etc.

Here is the link so you can see what the form looks like:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]


#14 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 01 June 2006 - 12:11 AM

validate($_POST['username'], $_POST['email']);

Username is trying to be created in the form.....but we want those restrictions of only allowing a-z 0-9 etc. Thanks for helping us

#15 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 01 June 2006 - 12:34 AM

Add a line:
var_dump($_POST['username']):
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
~ D Kuang

#16 vumpler

vumpler
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 01 June 2006 - 12:53 AM

[!--quoteo(post=378895:date=May 31 2006, 07:34 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:34 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Add a line:
var_dump($_POST['username']):
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
[/quote]

When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]

[!--quoteo(post=378901:date=May 31 2006, 07:52 PM:name=vumpler)--][div class=\'quotetop\']QUOTE(vumpler @ May 31 2006, 07:52 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]
[/quote]

Oh and if we don't use: eregi (whereas you were using preg) we reallly can't get anywhere. That's why we changed it.

#17 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 01 June 2006 - 01:02 AM

if (!eregi("([0-9A-Za-z])", $username)) {

this is still letting the script run...but it isnt blocking the wierd letters like this à++}áÜ...is there anyway to tweak that line to make it so there is ONLY a-z and 0 - 9 allowed, with no spaces or symbols?

#18 vumpler

vumpler
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 01 June 2006 - 02:40 AM

I can't believe this turned into such a difficult issue :(

#19 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 01 June 2006 - 04:30 AM

Bump please

#20 Old Novus

Old Novus
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 01 June 2006 - 05:12 AM

anyone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users