Password Varification Doesn't work, Doesn't Check Length of Variable

[TecTao]

This is part of continued problems with a previously written script by another Developer about 6 years ago.  Conversion from php4 to php5.

 

The previous version that I am editing was writtne using session variables and Register_globals on.  I'm now going through and changing to $_POST and $_GET and $_COOKIES.

 

Now there is an error on the password verifier.

 

The password ($pass1) is being passed

$pass =$_POST['pass1'];
echo $pass;

 

But the strlen($pass) isn't working.

 

<?php
// password verifier

//$pass1 = $_POST['pass1'];
//$pass2 = $_POST['pass2'];

$pass =$_POST['pass1'];
echo $pass;
function passver($pass){
//set vars to default
$stln = strlen($pass);
echo $stln;
if ($stln < 6 or $strln > 10){
		$res = "Password must be at least 6-10 Characters long and contain at least 1 numeric and alphanumeric character";
		return array(false, $res);
		return(0);
}
$al = 0;
$nu = 0;
$sp = 0;
$chars = preg_split('//', $pass, -1, PREG_SPLIT_NO_EMPTY);


for ($aa=0; $aa<$stln; $aa++){

	if (ord($chars[$aa])>=48 and ord($chars[$aa])<=57){
		$nu++;
	}elseif ((ord($chars[$aa])>=65 and ord($chars[$aa])<=90) or (ord($chars[$aa])>=97 and ord($chars[$aa])<=122)){
		$al++;
	}else{
		$sp++;
	}
}
if ($al > 0 and $nu > 0 and $sp == 0){
	return array(true,"passed");
	return(0);
}
if ($sp > 0 ){
	return array(false,"No special Charecters PLS, Numeric/Alpanumeric ONLY");
	return(0);
}
if ($nu == 0){
	return array(false,"Password must contain numeric characters");
	return (0);
}
if ($al == 0){
	return array(false,"Password must contain alphanumeric characters");
	return(0);
}
}

?>

 

Thanks for any help or direction.

 

[KevinM1]

Are you actually invoking your passver() function anywhere?

 

EDIT: You do know that none of your return (0); statements will ever execute, right?

[TecTao]

list($sucsess,$response) = passver($pass1);

if ($sucsess == false){
?><script>
	alert("<?=$response?>");
	history.back(0);
</script><?

return(0);
}

 

this is from update.php with the previous script as an include file passver.php.  Include line is at the top of the page, the invoking of the function is down on line 52.

 

[xyph]

You were using $pass, later you're using $pass1

[KevinM1]

Okay, so 'not working' means what in this context?  How are you testing the function?

 

I do see a typo:

 

if ($stln < 6 or $strln > 10){

 

$stln is not the same as $strln (notice the 'r').

 

Also, at the top of your script, you define:

 

$pass =$_POST['pass1'];

 

But in update.php, you have:

 

list($sucsess,$response) = passver($pass1);

 

Note that $pass is not $pass1.

[ManiacDan]

If you were developing with all your warnings and errors turned on, many of these things would have been pointed out to you automatically by PHP.

[TecTao]

Yes, I had the error turned on, I didn't catch the two different spellings of stln,  Thanks.

 

It's now passing the test and updating the database, but now I'm dealing with why the page won't refresh back to the edit form page.

 

<script>location.replace("result.php?uid=<?=$uid[0]?>&addyes=<?=$addyes?>&flg=update")</script>

 

This is driving me crazy.

[ManiacDan]

Location is a property of the window object.

 

JS Debuggers are available for every major browser.