[SOLVED] eregi: white space

[EternalSorrow]

I've implemented a login system which uses this code as the core.

 

The problem I'm having is with empty spaces in users' names.  They can create names with spaces, but when they go to view their account a message comes up which states:

 

Username not registered

 

As I have a test account with a space, I know this is untrue.

 

I've looked at the code, novice that I am, and was curious if the problem was coming from the Username error checking area which uses eregi for validation.  It doesn't appear to validate white spaces as recognizable, but I have no idea how to tell eregi to see the spaces.  I've checked online, but no luck.

 

Anyone have any ideas?

 

Here's a portion of the code for the userinfo page which holds the error message:

<?
/* Requested Username error checking */
$req_user = trim($_GET['user']);
if(!$req_user || strlen($req_user) == 0 ||
   !eregi("^([0-9a-z])+$", $req_user) ||
   !$database->usernameTaken($req_user)){
   die("Username not registered");
}

/* Logged in user viewing own account */
if(strcmp($session->username,$req_user) == 0){
   echo "<h1>My Account</h1>";
}
/* Visitor not viewing own account */
else{
   echo "<h1>User Info</h1>";
}

if($session->logged_in){

/* Display requested user information */
$req_user_info = $database->getUserInfo($req_user);

/* Avatar */
echo "<div style=\"float: right;\"><img src=".$req_user_info['avatar']."></div>";

/* Username */
echo "<b>Username: ".$req_user_info['username']."</b><br>";

/* Email */
echo "<b>Email:</b> ".$req_user_info['email']."<br>";

/* Info */
echo "<b>Information:</b> ".$req_user_info['information']."<br>";

/**
* Note: when you add your own fields to the users table
* to hold more information, like homepage, location, etc.
* they can be easily accessed by the user info array.
*
* $session->user_info['location']; (for logged in users)
*
* ..and for this page,
*
* $req_user_info['location']; (for any user)
*/

/* If logged in user viewing own account, give link to edit */
if(strcmp($session->username,$req_user) == 0){
   echo "</div>

 

 

[gijew]

First step would be to see if $req_user actually has any data. Second step would be to find a script that's a tad bit updated to 2009. There's several security holes in the snippet you have and that's no bueno.

 

Besides the security, just add a space in there regular expression and it should do the trick.

[EternalSorrow]

The req_user definitely has data, as it works properly with user names that don't have spaces within them.  I'd look into making the script safer and more up-to-date, but the site is small and hardly worth the trouble.  I also would have no idea where to start with the update, as I'm unsure what's outdated and what has still been retained.

 

Thanks for the info about the regular expression, it did the trick wonderfully.