I am trying to make a password validator and have run into a problem. It seems my code won't read special character. below is my code:
<?php
$Passwords = array(
'Pas$word1',
'Pas$word2',
'Pas$word3',
'Pas$word4',
'pas$word1',
'PAS$WORD1',
'Password1',
'Pas$word',
'Pas$word 1',
'Pas$word1234567890',
'P$wd1');
function validatePassword($Password)
{
if (preg_match("[^!-/0-9A-Za-z]", $Password)==1)
{
return TRUE;
}
else
{
return FALSE;
}
}
foreach ($Passwords as $Password)
{
if (validatePassword($Password) == false)
{
echo "<p>The password <em>$Password</em> does not appear to be valid.</p>";
}
}
echo "<p>Processing has completed.</p>";
?>
fixed my array so it has single quotes, everything is now displayed. Current problem is that everything is displayed. What is wrong in my validatePassword function?
Any help would be appreciated.
Use single quotes or escape your literal dollar signs with backslashes. Otherwise, $word1 will be interpreted as a variable named word1.
See http://php.net/manual/en/language.types.string.php.
Your second problem is that you do not have delimiters on your regular expression. Change:
if (preg_match("[^!-/0-9A-Za-z]", $Password)==1)
To:
if (preg_match("/[^!-/0-9A-Za-z]/", $Password)==1)
Your third problem is that you have error reporting turned down/off. Had it been on you would have gotten numerous warnings when running your code that would have indicated the source of your problems.
When you are developing new code put this at the top of your file:
error_reporting(E_ALL);
ini_set('display_errors', 'On');
Related
I'm using the following code to return true or false if a string contains a substring in PHP 8.0.
<?php
$username = "mothertrucker"; // This username should NOT be allowed
$banlistFile = file_get_contents("banlist.txt"); //Contains the word "trucker" in it
$banlist = explode("\n", $banlistFile); // Splits $banlistFile into an array, split by line
if (contains($username, $banlist)) {
echo "Username is not allowed!";
} else {
echo "Username is allowed";
}
function contains($str, array $arr)
{
foreach($arr as $a) { // For each word in the banlist
if (stripos($str, $a) !== false) { // If I change $a to 'trucker', it works. "trucker" does not
return true;
}
}
return false;
}
?>
This is to detect if an inappropriate word is used when creating a username. So for example, if someone enters the username "mothertrucker", and "trucker" is included in the ban list, I want it to deny it.
Right now with this code, If I just type in the word "trucker" as a username, it is found and blocks it. Cool. However if there's more to the string than just "trucker", it doesn't detect it. So the username "mothertrucker" is allowed.
I discovered that if I explicitly type in 'trucker' instead of $a in the stripos function, it works perfectly. However, if I explicitly type in "trucker" (with double quotes), it stop working, and only blocks if that's the only thing the user entered.
So what I'm seeing, is it looks like the string $a that I'm passing it is being interpreted by PHP as a double quoted string, when in order for this to detect it properly, it needs to be a single quoted string. But as far as I can tell, I have no control over how php passes passing the variable.
Can I somehow convert it to a single quoted string? Perhaps the explode command I'm using in line 2 is causing it? Is there another way I can pull the data from a txt document and have it be interpreted as a single quote string? Hopefully I'm made sense with my explanation, but you can copy and paste the code and see it for yourself
Thanks for any help!
One potential problem would be any whitespace (which includes things like \r) could stop the word matching, so just trimming the word to compare with can tidy that up...
stripos($str, $a)
to
stripos($str, trim($a))
I do not know what your file actually contains so i dont know what the result of explode is.
Anyways my suggestion is (depending on the speed you want to perform this and also the length of the banlist file also your level of banning) to not explode the file and just look into it as a whole.
<?php
$username = "allow"; // This username should be allowed
$banlist = "trucker\nmotherfucker\n donot\ngoodword";
var_dump(contains($username, $banlist));
function contains($str, $arr)
{
if (stripos($arr, $str) !== false) return true;
else return false;
}
?>
Otherwise if you are going to allow say good which is an allowed word but since it is in the file with goodword it will not (using my example), you should not use stripos but instead use your example and use strcasecmp
Not sure what should be the title for this case, please edit if you have a suitable title for it. See below for the exact question.
MySQL Database:
Now I want to check if the value option in "Right_Option" is having value or not. (As per above, it is not having as Right_Option is "C" & Option_C is not having any value.)
My Code:
$option = "$row['Option_".$right_option."'];";
if($option != ''){
//Other Codes
}
else{
//other codes
}
It gives me an error:
You are using it wrong. Use this instead:
if(isset($row["Option_".$right_option]) && $row["Option_".$right_option] !== ''){
//Other Codes
}
else{
//other codes
}
In facebook comment section when i type alt+0173 and press enter it submit my comment as empty comment and i want to avoid this in my website I use the following code.
if ($react == ''){
#do nothing
} else {
#insert data
}
but it didn't work and insert the data with letter "A" with two dots on the top see the below image. when i copy and past it shows as "Â".
I also try the following code but it also didn't work.
if ($react == '' || $react == 'Â'){
#do noting
} else {
#insert data
}
I didn't verify but i think this is your solution:
alt+0173 is ascii char 173 and called Soft hyphen.
This is sometimes used to go past security scripts as you see no space but there is a char. So you can use a blocked word like bloc+173 char+ked is shown on screen as blocked but sometimes is is not picked up by the security script.
The following line prevents use of this character by removing it(it has no good use anyways).
Put it before your if/else lines.
$string = str_replace(chr(173), "", $string);
in your case:
$react = str_replace(chr(173), "", $react);
So in your case if the string only contains the alt+0173 char the string should now be empty.
Update:
But...
In your case there is something strange happening, you say your input is alt+0173 but you get an Ä which is chr(142).
Even stranger, when i asked to revert the character string to an ascii char with ord($react); you got chr(97) which is a lowercase 'a'.
As you stated you use ajax, but my knowledge of ajax is minimal so i can't help you there but maybe someone can so i hope i clarified the case a bit.
But my best guess is that something changes the value of $react when in comes from the form to the php script and you should look there.
This method helped me to solve the answer.
source: Remove alt-codes from string
$unwanted_array = array( 'Ä'=>'A' );
$react = strtr( $react, $unwanted_array );
$newreact = preg_replace("/[^A-Za-z]+/i", " ", $react);
if ($newreact == "" || $newreact == " "){
#do nothing
} else {
#insert data
}
While coding, i sometimes make the error of writing a single = instead of == in an if-statement. So lets say i have this:
<?php
$name = 'piet';
if($name == 'jan'){
print 'hello jan';
}
?>
And i make a mistake and write this instead:
<?php
$name = 'piet';
if($name = 'jan'){
print 'hello jan';
}
?>
This won't throw an error of course, since it is valid php code. However, i never use this short-hand notation, so if i enter it by mistake it will break the logic of my code without telling me why. Is there a solution for this? I am using aptana which is an editor based on eclipse. Is there any way i can add my own custom errors to an editor (or php) based on for example regular expressions? Or are there any other approaches to alert me whenever i make this mistake?
Just change the order to this:
if('jan' == $name) {
This is known under Yoda conditions:
So if you now make the mistake:
if('jan' = $name) {
This will give you an error!
I am attempting to write a validation class in php and have hit a snag. I am using the following code to check a value against a defined regex pattern but when I try to run the script I receive an error message saying:
"Warning: preg_match() [function.preg-match]: Empty regular expression in C:\wamp\www\valid\Class.Validate.php on line 109"
Can anyone spot my mistake ?
public function is_regex($var, $expression, $msg)
{
if (trim($var) <> "") {
$Valid = (bool)preg_match($expression, $var);
if ($Valid == false) {
return $msg;
}
}
}
and I am using this to call the function
array('Type'=>'Regex','Var'=>$_POST['test'], 'Expression'=>'[A-Za-z]{1,20}$','Msg'=>'Expression does not match')
As far as I see, you need to enclose regexp into enclosure characters, for example |
so your checking array will be like
array('Type'=>'Regex','Var'=>$_POST['test'], 'Expression'=>'|[A-Za-z]{1,20}$|','Msg'=>'Expression does not match')
You can also define character in function, but in this case if you'll have this character in regexp, you'll need to escape it