LeonLatex Posted September 5, 2023 Share Posted September 5, 2023 I have set up this block for validating password reg. // Validering av passord if (strlen($password) < 8 || !preg_match("/[A-Z]/", $password) || !preg_match("/[0-9]/", $password)) { $error_message = "Passordet må være minst 8 tegn langt, inneholde minst én stor bokstav og ett tall."; // Legg til en feilmelding i en feilmeldingsarray for å vise senere. In can't make it work with Scandinavian special letters Ææ, Øø, Åå Does someone here know how to fix this? Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/ Share on other sites More sharing options...
Barand Posted September 5, 2023 Share Posted September 5, 2023 Why? Any keyboard characters, be they alphanumeric or spaces or punctuation, should be permitted (and encouraged) in passwords. Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611620 Share on other sites More sharing options...
LeonLatex Posted September 5, 2023 Author Share Posted September 5, 2023 Barand, i cant make it work wit Æ, Ø or Å. They won't save to the database. All other letters is saved in the database. Is the problem in the hashing of the password? Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611621 Share on other sites More sharing options...
Solution Barand Posted September 5, 2023 Solution Share Posted September 5, 2023 Do your database , table and db connection all share the same utf8 encoding? 1 Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611622 Share on other sites More sharing options...
Barand Posted September 6, 2023 Share Posted September 6, 2023 Your Norwegian characters worked for me... CREATE TABLE `user` ( `id` int(11) NOT NULL AUTO_INCREMENT, `firstname` varchar(20) DEFAULT NULL, `lastname` varchar(20) DEFAULT NULL, `user_name` varchar(30) DEFAULT NULL, `password` varchar(150) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; $pwd = 'Ææ, Øø, Åå'; // HASH AND STORE THE PASSWORD $stmt = $pdo->prepare("update user set password = ? where id = 2"); $stmt->execute([ password_hash($pwd, PASSWORD_DEFAULT) ]); // NOW CHECK THE PASSWORD STORED OK $res = $pdo->query("select password from user where id = 2"); $hash = $res->fetchColumn(); echo password_verify($pwd, $hash) ? 'VALID' : 'Oops!'; //==> VALID Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611623 Share on other sites More sharing options...
LeonLatex Posted September 6, 2023 Author Share Posted September 6, 2023 No, but I fixed it now. I set the charset to utf8mb4. Thanks Barand. Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611624 Share on other sites More sharing options...
requinix Posted September 6, 2023 Share Posted September 6, 2023 5 hours ago, LeonLatex said: Barand, i cant make it work wit Æ, Ø or Å. They won't save to the database. All other letters is saved in the database. Is the problem in the hashing of the password? A password hash will always consist of alphanumeric ASCII characters. You will always be able to save that in your database. The fact that you're saying "if the password has non-alphanumeric ASCII characters then I can't save it in the database" means you're doing something wrong. Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611628 Share on other sites More sharing options...
Phi11W Posted September 6, 2023 Share Posted September 6, 2023 14 hours ago, LeonLatex said: i cant make it work wit Æ, Ø or Å. They won't save to the database. Not should they! NEVER store passwords in plain text (i.e. as entered by the User). Put the entered password through a one-way hashing algorithm and store the output of that. When the user tries to log in, hash the entered password and compare that with what's in the database. That way, you have no character set issues (hashes are all plain ASCII characters) and no Reportable Data Breach if and when someone makes off with a copy [of a backup] of your database! Regards, Phill Ward. Quote Link to comment https://forums.phpfreaks.com/topic/317255-validating-password-characters/#findComment-1611633 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.