shackwm60 Posted January 27, 2014 Share Posted January 27, 2014 No doubt ive got this all wrong but i am trying to write a function that evaluates password strength/complexity before i hash/encrypt it and i want to give feedback toi the user about what is weak. I thought that i could create a variable to return a string depending on what the result is but i get nothing back. Obviously im still dont understand this too well. (yes still very noob to this). Thanks in advance for suggestion. function password_strength($password){ $pwdfailure = ""; if (strlen($password) < { // too short $pwdfailure = "Password must be at least 8 characters."; return $pwdfailure; } if (strlen($password) > 20) { // too long $pwdfailure = "Password cannot be longer than 20 characters."; return $pwdfailure; } if (!preg_match("/[A-Z]/", $password)) { // no upper $pwdfailure = "Password must contain an UPPER case character."; return $pwdfailure; } if (!preg_match("/[a-z]/", $password)) { // no lower $pwdfailure = "Password must contain a LOWER case character."; return $pwdfailure; } if (!preg_match("[^\da-zA-Z]", $password)) { // no lower $pwdfailure = "Password must contain a SPECIAL character."; return $pwdfailure; } if (!preg_match("/[0-9]/", $password)) { // no digit $pwdfailure = "Password must contain at least ONE digit."; return $pwdfailure; } } Then i try to test the return value with ... if (password_strength($confirmed_password)) { $pwdmismatch = $pwdfailure; // I tried this $_SESSION["pwdmismatch"] = $pwdfailure; // and this. redirect_to("loginpage.php"); } else { } And i want to echo the $pwdfaioure or $_SESSION["pwdmismatch"] where the login form is. But the string is empty. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted January 27, 2014 Share Posted January 27, 2014 When you call a function that does a "return $value", you have to have something in which to return the value, no? $result = password_strength($confirmed_password); Then process the value of $result afterwards. Quote Link to comment Share on other sites More sharing options...
shackwm60 Posted January 27, 2014 Author Share Posted January 27, 2014 i guess i THOUGHT i was creating a result when i defined $pwdfailure = "some text" based on the if statment in the brackets and then return that $pwdfailure variable? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted January 27, 2014 Share Posted January 27, 2014 Think of the function as the pitcher and the call as the catcher. If the catcher doesn't have a glove he can't catch it. See my previous example please. Or not..... Quote Link to comment Share on other sites More sharing options...
Solution cyberRobot Posted January 27, 2014 Solution Share Posted January 27, 2014 $pwdfailure is no longer in scope once you leave the function. You could try something like this: if($pwdfailure = password_strength($_GET['password'])) { echo $pwdfailure; // I tried this } else { echo 'Password good'; } Also note that the following if test doesn't do what you expect: if (!preg_match("[^\da-zA-Z]", $password)) { // no lower $pwdfailure = "Password must contain a SPECIAL character."; return $pwdfailure; } Quote Link to comment Share on other sites More sharing options...
shackwm60 Posted January 27, 2014 Author Share Posted January 27, 2014 (edited) $pwdfailure is no longer in scope once you leave the function. You could try something like this: if($pwdfailure = password_strength($_GET['password'])) { echo $pwdfailure; // I tried this } else { echo 'Password good'; } doh.. i get it. Now i understand what ginerjm was trying to tell me. Yes that worked. Thanks for that. Edited January 27, 2014 by shackwm60 Quote Link to comment Share on other sites More sharing options...
shackwm60 Posted January 27, 2014 Author Share Posted January 27, 2014 $pwdfailure is no longer in scope once you leave the function. You could try something like this: if($pwdfailure = password_strength($_GET['password'])) { echo $pwdfailure; // I tried this } else { echo 'Password good'; } Also note that the following if test doesn't do what you expect: if (!preg_match("[^\da-zA-Z]", $password)) { // no lower $pwdfailure = "Password must contain a SPECIAL character."; return $pwdfailure; } ok i changed the preg_match to... if (!preg_match('/[\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]/', $password)) { // no SPecial Chars $pwdfailure = "Password must contain a SPECIAL character."; return $pwdfailure; } And it seems to work ive tried a couple samples. This reg expression stuff is difficult for me to grasp. i will have to put some serious time into it when i have a chance. These examples i got from forums. thanks for your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.