For my rule here I want to validate a password field that contains at least 5 characters long but those must not be abcde or 12345 or reverse. How can I? Here I don't want to force users to enter at least 1 letter 1 number or a symbols in combination.
$uppercase = preg_match('#[A-Z]#', $password);
$lowercase = preg_match('#[a-z]#', $password);
$number = preg_match('#[0-9]#', $password);
if(!$uppercase || !$lowercase || !$number || strlen($password) < 8) {
// tell the user something went wrong
}
documentation: http://php.net/manual/de/function.preg-match.php
source: Regex for password PHP
Related
I am validating phone numbers and this is my conditions,
if (!empty($phone)) {
if (!filter_var($phone, FILTER_VALIDATE_INT) || !filter_var($phone, FILTER_VALIDATE_INT) === 0 || !is_numeric($phone) || !intval($phone)) {
// Error msg
// This segment working fine but
// Its throwing error msg when I am using a mobile number starting with a zero
// Like 01234567890
} else {
if (strlen($phone) > 16 || strlen($phone) < 8) {
// Error msg
} else {
// Valid msg
}
}
} else {
// Error msg
}
I want to through error msg if someone using 8 zeros or 16 zeros and I think its working but if someone using a valid phone number which is starting with a zero, then its throwing error msg as well.
How to pass number starting with a zero but mot all zeros?
Employ the same classic lookahead technique that is commonly used for validating passwords.
Ensure that the phone is between 8 and 16 digits and has at least one non-zero.
Code: (Demo)
echo preg_match('/^(?=0*[1-9])\d{8,16}$/', $phone) ? 'Pass' : 'Fail';
Do not cast phone numbers as integers or store them as integers in a database if they can possibly start with a zero in your project.
Without regex, use an assortment of string function calls for the same effect. Demo
echo ctype_digit(ltrim($phone, '0')) && $length >= 8 && $length <= 16 ? 'Pass' : 'Fail';
The function I used to encrypt the password:
$password = crypt($password,"$2sd\$qwsazxcdrgfggfdfsdsd");
password verify function to match password:
while($row = $result->fetch_assoc()){
if($row["email"] === $username && password_verify($password,$row["password"])){
$message .= "Logging Success!";
$userFound = true;
$_SESSION["email"]=$row["email"];
$_SESSION["fullname"] = $row["full_name"];
header('Location: view_contact.php');
exit;
}else{
$userFound = false;
}
}
Problem here is, when I enter password. I can login through only entering 8 correct digit passwords and other digits are ignored.
Try to use
password_hash($password, PASSWORD_DEFAULT)
instead of crypt
If you use just crypt() then you select the obsolete 56 bit DES based algorithm which indeed only looks at the first 8 characters.
Use "$5$...." or "$6$..." as Salt to select the 256 or 512 bit SHA2 based algorithms.
See "man 3 crypt" under Linux or https://en.wikipedia.org/wiki/Crypt_(C) or http://php.net/manual/de/function.crypt.php
I'm trying to validate the length of a phone number staying within a range. Let's say at least 9 characters but not more than 12 so I can get international phone numbers.
I tried several things but none of them work.
The option below for instance validates correctly that it has not letter, however it doesn't matter the length of the number I introduce, I always get the Error Message: "Your phone number needs to have 9-11 numbers" even if I introduce a 9, 10 or 11 eleven digits number.
Thank you so much
if (empty($_POST["cellphone"])) {
$cellphoneErr = "Cell Phone is required";
} else {
$cellphone = test_input($_POST["cellphone"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[0-9]*$/",$cellphone)) {
$cellphoneErr = "Only numbers allow";
}
elseif(strlen($_POST["cellphone"] < 9) || strlen($_POST["cellphone"] > 11)){
$cellphoneErr = "Your phone number needs to have 9-11 numbers";
}
}
Use preg_match() with quantifier {min,max}:
if (!preg_match("/^[0-9]{9,11}$/",$cellphone)) {
$cellphoneErr = "Has to be 9 to 11 numbers.";
}
elseif(strlen($_POST["cellphone"] < 9) || strlen($_POST["cellphone"] > 11)){
Should be:
elseif(strlen($_POST["cellphone"]) < 9 || strlen($_POST["cellphone"]) > 11){
Your parenthesis are wrong.
I'm adding some very basic validation to a "name" form field. Generally, it's impossible to actually validate a name, but I figured I could at least verify that it's not empty, greater than maybe 2 characters (Al is the shortest name I can think of), and that those characters aren't just empty space.
Here's the conditionals I'm using:
// Check length of name field
if(!isset($name) || $name < 2 || (strlen($name) > 0 && strlen(trim($name)) == 0)) {
// Name field only spaces
if((strlen($name) > 0 && strlen(trim($name)) == 0) || trim($name) == '') {
$errors['name'] = "Please enter a real name...";
}
// Name too short
else {
$errors['name'] = "Are you sure <strong>".htmlspecialchars($name)."</strong> is your name?";
}
$msg_type = "error";
}
However, when I run this with a valid name, I get the "Name too short" error. I know it's got to be a problem with how I'm combining the conditionals, but I can't figure out where that problem lies.
$name < 2 doesn't work. You're trying to use strlen($name) < 2.
Well, there is a tool called regex which people have invented for string matching and it could be pretty conveniently used for validation cases like yours. If you want to validate a word let's say with at least 2 characters of length, you could do the following:
if(!preg_match('/\b\w{2,}/', $name)) {
$errors['name'] = "Are you sure <strong>".htmlspecialchars($name)."</strong> is your name?";
}
Where:
\b: word boundary
\w: word character
{2,}: two or more times for the word character
I have a password validation script for the signup process and it works OK if I don't set a maximum length limit. If I add a maximum limit of 32 it ignores the validation, creating the account, even if I have more than 32 characters.
Working script:
if (preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["password"]) === 0)
{
echo "The password must contain lower case characters, upper case characters and numbers. It's length should be between 8 and 32 characters.";
}
Not working script:
if (preg_match("/^.*(?=.{8,32})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["password"]) === 0)
{
echo "The password must contain lower case characters, upper case characters and numbers. It's length should be between 8 and 32 characters.";
}
Please let me know before downrating so that I can edit my question. Thanks!
To limit the length, just edit your regular expression. You're already half way there.
/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,32}$/
Demo: http://regex101.com/r/nK5yY6
Doing it in one big regex is a bit of a code maintenance nightmare. Splitting it up is far easier to figure out for someone else looking at your code, and it allows you to give more specific error messages as well.
This solution works for me , try it :
$password = $_POST["password"];
$uppercase = preg_match('#[A-Z]#', $password);
$lowercase = preg_match('#[a-z]#', $password);
$number = preg_match('#[0-9]#', $password);
$length = preg_match("#^.{8,32}$#" , $password);
if(!$uppercase || !$lowercase || !$number || !$length ) {
echo "The password must contain lower case characters, upper case characters and numbers. It's length should be between 8 and 32 characters.";
}
if (preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["password"]) === 0 || strlen($_POST['password']) < 8 || strlen($_POST['password']) > 32 )
{
echo "The password must contain lower case characters, upper case characters and numbers. It's length should be between 8 and 32 characters.";
}
If you are looking for password with atleast 1 digit and 1 alphabet please try this:
^.*(?=.{8,32})(?=.*\d)(?=.*[a-zA-Z]).*$