Jump to content

Recommended Posts

I am using preg_match to protect my scripts.

I have two questions,

One Is this going to protect the server?

Two As it enters the script it sees that the username and password are empty. but I need them to be empty. So how do I get preg_match to let empty strings through.

 

<?phps
include("inc/security.inc");
//object security this test to see if the login script is has any scripting issues
$script_protector = new security($_POST['username'] , $_POST['password']);
$script_protector ->preg_match_0to9($_POST['username'] , $_POST['password']);
//security needs to return a 1 to enable the next function
if ($script_protector->security_checked() == 1){
include("inc/login.inc");
} else {
//needs to return to last figures
$_SESSION['information']['error']= 2;
include("inc/error.inc");
}
?>

 

<?php
class security
{
private $username;
private $password;
private $past_string;	
// this method(function) is setup for numbers only 0 to 9 and a maxium of 40 numbers	
  public function preg_match_0to9 ($username , $password){
		if (( preg_match('/^[A-Za-z0-9]+$/',$username) ) or (preg_match('/^[A-Za-z0-9]+$/',$password)) ){ 
		//this is make sure the string is not to long
				strlen($username); strlen($password); 
				if (($username >= 40) or ($password >= 40) ){
					$this->past_string = 0;
					//the security test is incorrect
					} else { 
					$this->past_string = 1;
					//the security test is correct
					}
		} else { 
		$this->past_string = 0;
		//the security test is incorrect
		}			
}
// this is function is a return value for the method (function) called   
   public function security_checked() {
            return $this->past_string;        
   }
}
?>

Link to comment
https://forums.phpfreaks.com/topic/142583-preg_match-error/
Share on other sites

thanks

The to answer your question is the  file include("inc/login.inc");has three headers to chose from. The problem is that when I run the script it gets sent to include("inc/error.inc"); automatically. I need preg_match to recognizes  empty strings so that I can stop the error.

 

how do I do that? I googled and can't find anything?

Link to comment
https://forums.phpfreaks.com/topic/142583-preg_match-error/#findComment-747285
Share on other sites

Trust me, have a look on Perl Regex Syntax on the php.net website, look for the Assert and its respective partner \A.

 

You will see what i mean.

 

PS; i believe PERL is from the specific installation of the webserver installed. Therefor whichever version of PERL the system has will use that regex, i believe. Someone help me out on this on 1? lol.

 

http://uk3.php.net/manual/en/regexp.reference.php - look 

 

^

    assert start of subject (or line, in multiline mode)

 

\A

    start of subject (independent of multiline mode)

-------

 

The reason i said this is i've noticed before when people's regex dit work with ^, the \A anchor seemed to fix their problem lol. I think it is more how multiline mode is affected.

Link to comment
https://forums.phpfreaks.com/topic/142583-preg_match-error/#findComment-747996
Share on other sites

Even if perl has that restriction (which I don't know that it does, but I'm not an expert in perl), the preg_xx engine is pcre compatible, not pcre dependent.  It is a separate engine that is modeled after the pcre engine, compiled in c and part of php's internal core. I looked around in the manual and sorry, I'm just not seeing any evidence to support your claims.

 

so...as they say in the gaming world: screenshot or it didn't happen!  In other words, you're going to have to pony up some links about that.

Link to comment
https://forums.phpfreaks.com/topic/142583-preg_match-error/#findComment-748024
Share on other sites

I posted after your edit, so to respond to your edit:

 

Right.  There was never a bug or compatibility issue.  ^ just behaves differently, depending on what modifier(s) you use.  I suppose you could possibly argue that they should have made ^ stay the same no matter what, and have \A be the 'start of line' in multi-line mode.  At face value, that does seem more consistent; I have no idea why it's not done like that.  But I think it's stretching it to say it's some kind of bug that was fixed (or more accurately, bandaided).

Link to comment
https://forums.phpfreaks.com/topic/142583-preg_match-error/#findComment-748094
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.