Jump to content

Archived

This topic is now archived and is closed to further replies.

Old Novus

quick PHP Array Help please

Recommended Posts

Hi everyone,
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and it's the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these ìÿ letters and its making the accounts buggy. Here is my code:
Thanks guys. if you have any questions please don't hesitate to ask.

Here is the array that is allowed for the account characters...but it doesnt seem to be working :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
We need strictly a-z or 0-9 only or else it bugs out accounts and could get other people's accounts over written. Any help is appreciated.

Share this post


Link to post
Share on other sites
This one should work:

[code]if (!preg_match("/^\w+$/", $username)) {
   echo ''Bad characters..."
}[/code]

Share this post


Link to post
Share on other sites
can you kinda explain what that one does? heheh

so i replace my line of :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

With this: if (!preg_match("/^\w+$/", $username)) {
echo ''Bad characters..."
}

then people will only be able to use letters a-z and 0-9?

Share this post


Link to post
Share on other sites
NO, replace:

[code]if (!eregi("[A-Z0-9]", $username)){[/code]
with
[code]if (!preg_match("/^\w+$/", $username)) {[/code]

Actually it will accept also the underscore _. If you want strictly letters and numbers only, you can use:

[code]if (!preg_match("/^\([0-9A-Za-z])+$/", $username)) {[/code]

Share this post


Link to post
Share on other sites
ok so that one will only allow a - z A - Z and 0 - 9 and nothing else like this: _ ' \ ][ àd·£ right?

Share this post


Link to post
Share on other sites
it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬

Share this post


Link to post
Share on other sites
[!--quoteo(post=378865:date=May 31 2006, 05:02 PM:name=Old Novus)--][div class=\'quotetop\']QUOTE(Old Novus @ May 31 2006, 05:02 PM) [snapback]378865[/snapback][/div][div class=\'quotemain\'][!--quotec--]
it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬
[/quote]

Bump.

To test the situation make a fake account attempt here:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

using whatever @dodgeit.com as your email address. Using the @dodgeit will remind us to delete thoes accounts. I am friends with "Old Novus" by the way and will be attempting to help futher the situation.

Another person told us to try:

if (preg_match('/[^A-Za-z0-9]/', $username)) which is similar to what has been suggested here but it didn't work either.

Share this post


Link to post
Share on other sites
(preg_match('/[^A-Za-z0-9]/', $username)) is wrong because that is exclusion, and the best you could do with this is to detect if THERE ARE alphanumeric characters in the username.

Anyways, are you sure everything is correct? Can you post the entire code, or at least the $username definition?

Share this post


Link to post
Share on other sites
Here is our origional file without our edited input.

I'll put it in a .txt file because it won't let me post it here. it syas we are trying to connect to the forums here? Dunno..

[a href=\"http://195.210.38.23:2082//dl/9666379f92c9cd30073491648a36006c/447e2b1e/files/010606/1149119258/process.txt\" target=\"_blank\"]from mooload free file hosting[/a]

Share this post


Link to post
Share on other sites
the username definition?

The reason why we have to have it so it only accepts a-z and 0-9 is because the game server that this php file is writing to doesnt accept spaces or underscores or +à?ÿè all those characters...it only accepts a-z and 0 - 9...and if anything else is in there, then it deletes that letter and bam it will overwrite an account...big security issue...that is why it must only accept a-z and 0-9 :/ very frustrating lol.

Share this post


Link to post
Share on other sites
NO, what I mean is, how do you get $username?

$username = $_POST['username']?

Share this post


Link to post
Share on other sites
[!--quoteo(post=378889:date=May 31 2006, 07:02 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:02 PM) [snapback]378889[/snapback][/div][div class=\'quotemain\'][!--quotec--]
NO, what I mean is, how do you get $username?

$username = $_POST['username']?
[/quote]

I believe $username is the username we are specifying when making the account. The username being what we are having problems with. A-Z etc.

Here is the link so you can see what the form looks like:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

Share this post


Link to post
Share on other sites
validate($_POST['username'], $_POST['email']);

Username is trying to be created in the form.....but we want those restrictions of only allowing a-z 0-9 etc. Thanks for helping us

Share this post


Link to post
Share on other sites
Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...

Share this post


Link to post
Share on other sites
[!--quoteo(post=378895:date=May 31 2006, 07:34 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:34 PM) [snapback]378895[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
[/quote]

When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]

[!--quoteo(post=378901:date=May 31 2006, 07:52 PM:name=vumpler)--][div class=\'quotetop\']QUOTE(vumpler @ May 31 2006, 07:52 PM) [snapback]378901[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]
[/quote]

Oh and if we don't use: eregi (whereas you were using preg) we reallly can't get anywhere. That's why we changed it.

Share this post


Link to post
Share on other sites
if (!eregi("([0-9A-Za-z])", $username)) {

this is still letting the script run...but it isnt blocking the wierd letters like this à++}áÜ...is there anyway to tweak that line to make it so there is ONLY a-z and 0 - 9 allowed, with no spaces or symbols?

Share this post


Link to post
Share on other sites

[code]
if(eregi("[^a-zA-Z0-9]+",$str)) {
    echo "Invalid Chars !!";
} else {
    echo "All Valid Chars !!";
}
[/code]

This should work.....

Share this post


Link to post
Share on other sites
another bump...still not working....guys please look at the full script and youll be able to better see what were trying to accomplish. this is hard i guess.

Share this post


Link to post
Share on other sites
if (!eregi_match("/^\([0-9A-Za-z])+$/", $username)) {
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

This isnt working...we need it to ONLY allow a-z and 0-9 and nothing else...

Share this post


Link to post
Share on other sites
OK, I have a working one I guess. It's actually the same as I posted before, but with a minor typo corrected:

[code]<?php

// Some entries to test
$test_array = array ('username', '21358', 'user2', 'l337z_cx', 'ccc*ccc', 'cr@p');

// Last Regex, OMG, forgot to remove the backslash! "\"!
// $old_regex = "/^\([0-9A-Za-z])+$/";

// This one shold do the job
$regex = "/^([A-Za-z0-9])+$/";

// Testing all entries
for ($i=0; $i<count($test_array); $i++) {
   echo $test_array[$i] . ': ';
   echo (!preg_match($regex, $test_array[$i])) ? 'Bad' : 'OK';
   echo '<br />';
}

?>[/code]

This will generate:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]username: OK
21358: OK
user2: OK
l337z_cx: Bad
ccc*ccc: Bad
cr@p: Bad[/quote]

So it's basically:

[code]if ((!preg_match("/^([A-Za-z0-9])+$/", $username)) {
   echo '<script language="Javascript">alert ("Bad characters in username")</script>';
   include("index.html");
   exit();
} else {
   echo 'OK, good to go!';
}[/code]

Just to point something out, that regex above will return false for any string with characters other than letters and numbers. This includes the space.

So, to avoid annoyances, use the trim() function to remove leading/trailing spaces that are commonly mis-entered by users:

' accident' will return false.
But if you trim(' accident'), it will become 'accident' and therefore return true.

Share this post


Link to post
Share on other sites
Parse error: syntax error, unexpected '{' in C:\www\webroot\process.php on line 41

thats the nwe error...and its on the code line where preg is...on that line.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.