Jump to content

Validating password characters


LeonLatex
Go to solution Solved by Barand,

Recommended Posts

I have set up this block for validating password reg.

// Validering av passord
	if (strlen($password) < 8 || !preg_match("/[A-Z]/", $password) || !preg_match("/[0-9]/", $password)) {
    $error_message = "Passordet må være minst 8 tegn langt, inneholde minst én stor bokstav og ett tall.";
    // Legg til en feilmelding i en feilmeldingsarray for å vise senere.

In can't make it work with Scandinavian special letters Ææ, Øø, Åå
Does someone here know how to fix this?
 

Link to comment
Share on other sites

Your Norwegian characters worked for me...

CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `firstname` varchar(20) DEFAULT NULL,
  `lastname` varchar(20) DEFAULT NULL,
  `user_name` varchar(30) DEFAULT NULL,
  `password` varchar(150) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

 

$pwd = 'Ææ, Øø, Åå';

// HASH AND STORE THE PASSWORD
$stmt = $pdo->prepare("update user set password = ? where id = 2");
$stmt->execute([ password_hash($pwd, PASSWORD_DEFAULT) ]);

// NOW CHECK THE PASSWORD STORED OK
$res = $pdo->query("select password from user where id = 2");
$hash = $res->fetchColumn();
echo password_verify($pwd, $hash) ? 'VALID' : 'Oops!';            //==> VALID

 

Link to comment
Share on other sites

5 hours ago, LeonLatex said:

Barand, i cant make it work wit Æ, Ø or Å. They won't save to the database. All other letters is saved in the database. Is the problem in the hashing of the password?

A password hash will always consist of alphanumeric ASCII characters. You will always be able to save that in your database.

The fact that you're saying "if the password has non-alphanumeric ASCII characters then I can't save it in the database" means you're doing something wrong.

Link to comment
Share on other sites

14 hours ago, LeonLatex said:

i cant make it work wit Æ, Ø or Å. They won't save to the database.

Not should they! 

NEVER store passwords in plain text (i.e. as entered by the User). 

Put the entered password through a one-way hashing algorithm and store the output of that.
When the user tries to log in, hash the entered password and compare that with what's in the database.  

That way, you have no character set issues (hashes are all plain ASCII characters) and no Reportable Data Breach if and when someone makes off with a copy [of a backup] of your database! 

Regards,
   Phill Ward. 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.