Jump to content

quick PHP Array Help please


Old Novus

Recommended Posts

Hi everyone,
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and it's the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these ìÿ letters and its making the accounts buggy. Here is my code:
Thanks guys. if you have any questions please don't hesitate to ask.

Here is the array that is allowed for the account characters...but it doesnt seem to be working :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
We need strictly a-z or 0-9 only or else it bugs out accounts and could get other people's accounts over written. Any help is appreciated.
Link to comment
Share on other sites

can you kinda explain what that one does? heheh

so i replace my line of :if (!eregi("[A-Z0-9]", $username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

With this: if (!preg_match("/^\w+$/", $username)) {
echo ''Bad characters..."
}

then people will only be able to use letters a-z and 0-9?
Link to comment
Share on other sites

NO, replace:

[code]if (!eregi("[A-Z0-9]", $username)){[/code]
with
[code]if (!preg_match("/^\w+$/", $username)) {[/code]

Actually it will accept also the underscore _. If you want strictly letters and numbers only, you can use:

[code]if (!preg_match("/^\([0-9A-Za-z])+$/", $username)) {[/code]
Link to comment
Share on other sites

it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬
Link to comment
Share on other sites

[!--quoteo(post=378865:date=May 31 2006, 05:02 PM:name=Old Novus)--][div class=\'quotetop\']QUOTE(Old Novus @ May 31 2006, 05:02 PM) [snapback]378865[/snapback][/div][div class=\'quotemain\'][!--quotec--]
it keeps saying bad characters in username even if i just put in characters a - z ...for example i put in "hi" as the username and it tells me bad characters... anyone help please? only a-z and 0 - 9 allowed. With no spaces or any marks or wierd letters like this ౬
[/quote]

Bump.

To test the situation make a fake account attempt here:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]

using whatever @dodgeit.com as your email address. Using the @dodgeit will remind us to delete thoes accounts. I am friends with "Old Novus" by the way and will be attempting to help futher the situation.

Another person told us to try:

if (preg_match('/[^A-Za-z0-9]/', $username)) which is similar to what has been suggested here but it didn't work either.
Link to comment
Share on other sites

(preg_match('/[^A-Za-z0-9]/', $username)) is wrong because that is exclusion, and the best you could do with this is to detect if THERE ARE alphanumeric characters in the username.

Anyways, are you sure everything is correct? Can you post the entire code, or at least the $username definition?
Link to comment
Share on other sites

Here is our origional file without our edited input.

I'll put it in a .txt file because it won't let me post it here. it syas we are trying to connect to the forums here? Dunno..

[a href=\"http://195.210.38.23:2082//dl/9666379f92c9cd30073491648a36006c/447e2b1e/files/010606/1149119258/process.txt\" target=\"_blank\"]from mooload free file hosting[/a]
Link to comment
Share on other sites

the username definition?

The reason why we have to have it so it only accepts a-z and 0-9 is because the game server that this php file is writing to doesnt accept spaces or underscores or +à?ÿè all those characters...it only accepts a-z and 0 - 9...and if anything else is in there, then it deletes that letter and bam it will overwrite an account...big security issue...that is why it must only accept a-z and 0-9 :/ very frustrating lol.
Link to comment
Share on other sites

[!--quoteo(post=378889:date=May 31 2006, 07:02 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:02 PM) [snapback]378889[/snapback][/div][div class=\'quotemain\'][!--quotec--]
NO, what I mean is, how do you get $username?

$username = $_POST['username']?
[/quote]

I believe $username is the username we are specifying when making the account. The username being what we are having problems with. A-Z etc.

Here is the link so you can see what the form looks like:

[a href=\"http://216.55.161.24/\" target=\"_blank\"]http://216.55.161.24/[/a]
Link to comment
Share on other sites

Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
Link to comment
Share on other sites

[!--quoteo(post=378895:date=May 31 2006, 07:34 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 31 2006, 07:34 PM) [snapback]378895[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Add a line:
[code]var_dump($_POST['username']):[/code]
Some where near the verification thing. This will tell you what is in the variable, or if it doesn't exists.

Please post what it outputs here. And also, my regex may be wrong bc that's not my strong point...
[/quote]

When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]

[!--quoteo(post=378901:date=May 31 2006, 07:52 PM:name=vumpler)--][div class=\'quotetop\']QUOTE(vumpler @ May 31 2006, 07:52 PM) [snapback]378901[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When we add that it won't go through the process again. It just stops before making the account at a validating blank page. If you couldn't see the script there here is the full one with the addition you said to make:

[a href=\"http://68.144.216.100/Not%20so%20myspace/process.txt\" target=\"_blank\"]http://68.144.216.100/Not%20so%20myspace/process.txt[/a]
[/quote]

Oh and if we don't use: eregi (whereas you were using preg) we reallly can't get anywhere. That's why we changed it.
Link to comment
Share on other sites

if (!eregi("([0-9A-Za-z])", $username)) {

this is still letting the script run...but it isnt blocking the wierd letters like this à++}áÜ...is there anyway to tweak that line to make it so there is ONLY a-z and 0 - 9 allowed, with no spaces or symbols?
Link to comment
Share on other sites

if (!eregi_match("/^\([0-9A-Za-z])+$/", $username)) {
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();

This isnt working...we need it to ONLY allow a-z and 0-9 and nothing else...
Link to comment
Share on other sites

OK, I have a working one I guess. It's actually the same as I posted before, but with a minor typo corrected:

[code]<?php

// Some entries to test
$test_array = array ('username', '21358', 'user2', 'l337z_cx', 'ccc*ccc', 'cr@p');

// Last Regex, OMG, forgot to remove the backslash! "\"!
// $old_regex = "/^\([0-9A-Za-z])+$/";

// This one shold do the job
$regex = "/^([A-Za-z0-9])+$/";

// Testing all entries
for ($i=0; $i<count($test_array); $i++) {
   echo $test_array[$i] . ': ';
   echo (!preg_match($regex, $test_array[$i])) ? 'Bad' : 'OK';
   echo '<br />';
}

?>[/code]

This will generate:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]username: OK
21358: OK
user2: OK
l337z_cx: Bad
ccc*ccc: Bad
cr@p: Bad[/quote]

So it's basically:

[code]if ((!preg_match("/^([A-Za-z0-9])+$/", $username)) {
   echo '<script language="Javascript">alert ("Bad characters in username")</script>';
   include("index.html");
   exit();
} else {
   echo 'OK, good to go!';
}[/code]

Just to point something out, that regex above will return false for any string with characters other than letters and numbers. This includes the space.

So, to avoid annoyances, use the trim() function to remove leading/trailing spaces that are commonly mis-entered by users:

' accident' will return false.
But if you trim(' accident'), it will become 'accident' and therefore return true.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.