Jump to content


Photo

Regex to ban password containing userid


  • Please log in to reply
6 replies to this topic

#1 oracle259

oracle259
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 07 July 2006 - 08:17 PM

I needed to know how to create a regex to ban passwords that contain a user's given userid or email. I considered using similar_text but i'm not so familiar with that function and i think regex may be more efficient.

Thanks :D



#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 07 July 2006 - 11:36 PM

you can just use a preg_match!!!!!
<?php
$username = $_POST['regusername'];
$password = "/".$_POST['regpassword']."/";
if (preg_match($username,$password))
{
//deny completeion of registration...
}
else
{
// carry on...
}
?>
follow me on twitter @PHPsycho

#3 oracle259

oracle259
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 08 July 2006 - 02:05 AM

ok but would preg_match work for lets say the password is p.oracle259-ender and userid is oracle259?

#4 oracle259

oracle259
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 08 July 2006 - 02:07 AM

Also can i use variables like $pwd and $userid in other regex


#5 oracle259

oracle259
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 08 July 2006 - 02:26 AM

ok i read up on preg_match but the php manual recommends using strpos as it is faster. So let me know if this code would surffice:

<?php
$password = 'p.oracle259-ender';
$userid  = 'oracle259';
$inpass = strpos($password, $userid);

if ($incheck === true) {
  echo "Error: Sorry password cannot contain your set userid'";
} else {
  encrypt password
  make password DB safe
  insert password into DB
}


#6 ShogunWarrior

ShogunWarrior
  • Members
  • PipPipPip
  • Advanced Member
  • 528 posts
  • LocationIreland

Posted 08 July 2006 - 10:29 PM

Oracle259, I think it should be:
if($inpass!=FALSE)

Because it will return false if not found, so I don't think it will return BOOLEAN true.
<a href="http://www.daviddora...nmedia.com/">My New Site/Blog</a> | <a href="http://www.daviddora...m/check/">Check your page for broken links/images/scripts</a>

Zend Certified Engineer
Follow me on Twitter: http://twitter.com/davidd

#7 BinaryStar

BinaryStar
  • Staff Alumni
  • Advanced Member
  • 74 posts
  • LocationBethlehem, PA

Posted 10 July 2006 - 02:23 AM

Couldn't you also just use stristr? If you are only looking for one string within another why not? You are not really matching a pattern but just s imple string. Just a suggestion.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users