Spaces in User Registration

[DomMarx]

Hey Guys,

 

I'm currently working on a user registration form and everything is working pretty well, except one major problem. The PHP script sees DavidJones and David Jones as 2 different users. So I was wondering how to go about making the registration script disregard spaces so that users don't end up with the same usernames, only with spaces/no spaces. It would get confusing.

 

So if "David Jones" was already registered and another user was registering as "DavidJones" or "Dav id J ones", then it wouldn't let him.

 

Thanks!

[dalecosp]

At registration, test a version of the proposed username with the spaces removed against the database.  If it exists already, advise that the username is already in use and the user should select another.

[DomMarx]

Hi Dalecosp,

 

thanks for chiming in! I've been searching the web for a proper way to achieve this, but I really don't know where to start codingwise. Here is what i've got, but it only checks if it exists without checking spaces.

$query = "SELECT * FROM `users` WHERE LOWER (`username`) = :username";
$stmt = $dbh->prepare($query);
$stmt->bindValue(':username', strtolower($_POST['username']));
$stmt->execute();

if ($stmt->rowCount() > 0) {
die('this user is already registered.')	;
}

I can't seem to find anything on google that directly touches this point. 

[litebearer]

You need to decide what YOU want to allow as vaild username content. You could use regex to validate user names.

 

Might look here as a starting point (esp answer 5) http://stackoverflow.com/questions/1330693/validate-username-as-alphanumeric-with-underscores

[DomMarx]

Hey litebearer,

 

I looked into regex and the link you gave me. Thanks a lot for taking the time man! I figured out the basics of regex syntax, and I am now trying to apply it to a password field. Here is what i've written:

//checks to see if the password field is empty
if (empty($_POST['password']) && empty($_POST['password2'])) {
    echo 'Please create a password.';
    return false;
}
else{
//if the password field isnt empty, it checks to see that only letters/numbers are used.
$pass = $_POST['password'];
    $goodpass = ereg("/^[a-zA-Z0-9]$/", $pass);
    if ($goodpass) {
		
//checks to see if both passwords match.
if ($_POST['password'] != $_POST ['password2']) {
    die('You entered two different passwords.');}		
}
else{
	echo 'Your password is invalid.';}
}

But everytime I run the function (try to register a new password), I get the 'Your password is invalid" echo. Does anyone know what i've done wrong?

 

Thanks guys!

[litebearer]

aside: ereg is deprecated see ...http://forums.phpfreaks.com/topic/268091-ereg-and-deprecated-error/

[DomMarx]

Thanks for the tip litebearer. It still gives me the same results with preg_match though.

[Strider64]

// Password must be strong
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $pass) === 0)
$errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
}

I find trying to get one RegEx to work one at a time works better, also don't hash your password until checking it .

[DomMarx]

Hi Strider64,

 

Thanks for the help friend! I implemented your code, which is much better than what I had. For some reason, I keep getting:

'<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>' 

I'll try and figure out why that is. Everything seems to be placed in the right order and the hashing is done at the end of the registration function 

 

What i'm aiming to do it check if the fields are empty, else check if the passwords entered are valid using preg_match, then check if password and re-enter password fields match, then move on to next field(city, work, etc.)

 

Just in case, here is how I implemented your code:

//checks to see if the password field is empty
if (empty($_POST['password']) && empty($_POST['password2'])) {
    echo 'Please create a password.';
    return false;
}
else{
$pass = $_POST['password'];
    if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $pass) === 0)
    $errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
}

		
//checks to see if both passwords match.
if ($_POST['password'] != $_POST ['password2']) {
    die('You entered two different passwords.');}		

else{
	echo 'Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit';}

Thanks man!