ANSWER EDIT:
The fix was to change:
if (get_user_data( $input_user, $logindata ) === $input_pwd ) {
to
if (get_user_data(strtolower($input_user), $logindata) === $input_pwd ) {
so that the username is forced to lowercase. I just have to be conscious to store my usernames as all lowercase too.
I am aware of strcasecmp. I am not sure how that would apply to my working code though, as you can only compare 2 variables.
Am I able to make preg_match case insensitive in the context of my working code below?
Can I add the /i regex to my preg_match command to a returned variable?
I just want the username that is entered by the user (including domain name) to be case insenstive. (ie. uSeRnAMe#dOmAIN1.CoM) without having to add every combination of valid username to my pseudo database!
This is my working code:
// Get users
$input_pwd = ( isset( $_POST["password"] ) ? $_POST["password"] : '' );
$input_user = ( isset( $_POST["username"] ) ? $_POST["username"] : '' );
// Your pseudo database here
$usernames = array(
"username#domain1.com",
"username2#domain1.com",
"username3#domain1.com",
"username1#domain2.com",
"/[a-z][A-Z][0-9]#domain2\.com/", // use an emtpy password string for each of these
"/[^#]+#domain3\.com/" // entries if they don't need to authenticate
);
$passwords = array( "password1", "password2", "password3", "password4", "", "" );
// Create an array of username literals or patterns and corresponding redirection targets
$targets = array(
"username#domain1.com" => "http://www.google.com",
"username2#domain1.com" => "http://www.yahoo.com",
"username3#domain1.com" => "http://www.stackoverflow.com",
"username1#domain2.com" => "http://www.serverfault.com",
"/[a-z][A-Z][0-9]#domain2\.com/" => "http://target-for-aA1-usertypes.com",
"/[^#]+#domain3\.com/" => "http://target-for-all-domain3-users.com",
"/.+/" => "http://default-target-if-all-else-fails.com",
);
$logindata = array_combine( $usernames, $passwords );
if ( get_user_data( $input_user, $logindata ) === $input_pwd ) {
session_start();
$_SESSION["username"] = $input_user;
header('Location: ' . get_user_data( $input_user, $targets ) );
exit;
} else {
// Supplied username is invalid, or the corresponding password doesn't match
header('Location: login.php?login_error=1');
exit;
}
function get_user_data ( $user, array $data ) {
$retrieved = null;
foreach ( $data as $user_pattern => $value ) {
if (
( $user_pattern[0] == '/' and preg_match( $user_pattern, $user ) )
or ( $user_pattern[0] != '/' and $user_pattern === $user)
) {
$retrieved = $value;
break;
}
}
return $retrieved;
}
You can do a case insensitive match in PHP with i. For instance, the following will print 'This matches!':
<?php
if ( preg_match('/def/i', 'ABCDEF') ) {
echo 'This matches!';
}
?>
So just add i to the pattern, and the case will be ignored.
One approach if you want case-insensitive usernames is to always lowercase a new one when you store it, and then to always lowercase the comparing value when you check. (This is a lot faster than using preg_match.)
Related
My problem is that it returns an error for every url entered:
The below code takes and checks the url entered, if i enter 'http://eample.com' it would return success but for some reason it returns all urls as unreachable.
<?php
Global $excludeLocal;
$excludeLocal = true; // Whether to exclude checking links on the same host as the plugin resides
// Hook our custom function into the 'shunt_add_new_link' filter
yourls_add_filter( 'shunt_add_new_link', 'churl_reachability' );
// Add a new link in the DB, either with custom keyword, or find one
function churl_reachability( $churl_reachable, $url, $keyword = '' ) {
global $ydb, $excludeLocal;
// Check if the long URL is a different type of link
$different_urls = array (
array ( 'mailto://', 9 ),
array ( 'ftp://', 6 ),
array ( 'javascript://', 13),
array ( 'file://', 7 ),
array ( 'telnet://', 9),
array ( 'ssh://', 6),
array ( 'sip://', 6),
);
foreach ($different_urls as $url_type){
if (substr( $url, 0, $url_type[1] ) == $url_type[0]){
$churl_reachable = true; // No need to check reachability if URL type is different
break;
} elseif ($excludeLocal) {
if (substr($url, 0, strlen('http://'.$_SERVER['SERVER_NAME'])) == 'http://'.$_SERVER['SERVER_NAME']) {
$churl_reachable = true;
break;
}
}
}
// Check if the long URL is a mailto
if ($churl_reachable == false){
$churl_reachable = churl_url_exists( $url ); // To do: figure out how to use yourls_get_remote_content( $url ) instead.
}
// Return error if the entered URL is unreachable
if ( $churl_reachable == false ){
$return['status'] = 'fail';
$return['code'] = 'error:url';
$return['message'] = 'The entered URL is unreachable. Check the URL or try again later.';
$return['statusCode'] = 200; // regardless of result, this is still a valid request
return yourls_apply_filter( 'add_new_link_fail_unreachable', $return, $url, $keyword, $title );
} else {
return false;
}
}
function churl_url_exists( $churl ){
$handle = #fopen($churl, "r");
if ($handle === false)
return false;
fclose($handle);
return true;
}
is there something i might have did wrong ?
Any help is appreciated
check allow_url_fopen directive in your php.ini
Try to run the command $handle = fopen($churl, "r"); without a # symbol and see the error
I'm trying to ignore uppercase or lowercase with the code below to detect whether the user is blocked or not. Is working when matching the username or email but with the case problem, the validation does not work. How to make it case insensitive? Thanks for helping.
$msg = "something";
$blocked = preg_split('/[\r\n]([a-z])([A-Z])+/', admin_get_option('blocked_users'), -1, PREG_SPLIT_NO_EMPTY);
if ( isset($form['username_or_email']) && in_array( $form['username_or_email'], $blocked) ) {
$errors['username_or_email'] = $msg;
}
if ( isset($form['user_login']) && in_array( $form['user_login'], $blocked) ) {
$errors['user_login'] = $msg;
}
if ( isset($form['user_email']) && in_array( $form['user_email'], $blocked) ) {
$errors['user_email'] = $msg;
}
" i " Modifier Makes the match case insensitive
Hello everyone i want to ask question my html form, requires to input username/Email that you can put.
Then it searches by username or email if in database that account exists if yes process.
The script works, but only with email.
My problem is how to identify in input field is the user written an username or email? Now it checks both but for some reason it dosen't detect username only email typed.
function getUserEmailExist( $input )
{
global $database;
if( preg_match( '/^[a-z0-9]+([_\\.-][a-z0-9]+)*#([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i', $input ) ) {
$type = 2;
$get = $database->checkExistRecovery( $input, $type );
}
if( preg_match( '/[^0-9A-Za-z]/', $input ) ) {
$type = 1;
$get = $database->checkExistRecovery( $input, $type );
}
if( $get ) {
$this->updateRecover( $input, $type );
} else {
return false;
}
}
You need to move your email if statement below.
Because if the input is an email, it's going to match the second preg match anyway.
So you're overwriting your $type variable.
Fixed.
function getUserEmailExist( $input )
{
global $database;
if( preg_match( '/[A-Za-z0-9]+/', $input ) ) {
$type = 1;
$get = $database->checkExistRecovery( $input, $type );
}
if( preg_match( '/^[a-z0-9]+([_\\.-][a-z0-9]+)*#([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i', $input ) ) {
$type = 2;
$get = $database->checkExistRecovery( $input, $type );
}
if( $get ) {
$this->updateRecover( $input, $type );
} else {
return false;
}
}
I think you want your second regex to be /[A-Za-z0-9]+/. You are currently looking for anything that doesn't contain those characters.
Why do you care about all that validation logic? I can't see your actual DB queries, but it seems you could easily do something like this:
SELECT * FROM users
WHERE email = ? OR username = ?
Where ? would be the email or username value.
To start, I'm still a noob with php, and much of what I've learned is from problems being solved across this site that I have also had myself.
I've found the answers here for all of my original questions, but when I put them all together I can't get get the code to work.
I have a basic form that is posting to itself using PHP_SELF. I want all input from the $_POST array to be checked to make sure that it is (1) a positive integer, (2) a whole number, and (3) does not include a decimal.
if( !empty($_POST ) ) {
foreach( $_POST as $key => $amount ) {
if( !is_int($amount) || $amount < 0 || is_float(amount) ) {
die( 'All data must be positive integers.' );
}
}
}
No matter what I type into any of the input fields it always returns the "die" error.
$amount is a string so is_int will always fail, try filter_var instead
if( !empty($_POST ) ) {
$options = array(
'options' => array(
'min_range' => 0
)
);
foreach( $_POST as $key => $amount ) {
if( filter_var($amount, FILTER_VALIDATE_INT, $options) === false ) {
die( 'All data must be positive integers.' );
}
}
}
is_float(amount)
Should be
is_float($amount)
Typo in your code. Replace is_float(amount) with is_float($amount).
Try this.
if(!empty($_POST)) {
foreach($_POST as $key => $amount) {
if(!(is_int($amount) && $amount >= 0)) {
die( 'All data must be positive integers.' );
}
}
}
function procLogin( $user, $pass, $remember, $hostname, $domainame )
{
global $session, $form;
$retval = $session->login( $user, $pass, $remember );
if ( $retval )
{
if ( $session->userlevel == 9 )
if ( $session->isAdmin() )
return ( array(
$session->userlevel, $session->userid
) );
} else {
$process = new process( );
//process->s_Host('domain.com');
//$process->s_Domain('domain.com');
$process->s_Host( $hostname );
$process->s_Domain( $domainname );
$process->s_processSecure( false );
$process->s_User( $user );
$process->s_Pass( $pass );
// First check we actually have a username and password set inside the process object.
if ( $process->g_User() && $process->g_Pass() )
{
if ( $process->processConn() )
{
if ( $process->processBind() )
{
return 'google';
}
}
}
}
}
My problem is if the login is false, why does it not turn towards else condition....
if i remove the code inside else part and put return 'no' it does work.... i just want to know why the code inside the else part does not execute
$session->login(... must somehow always evaluate to true. You would probably be better off posting the code of the login method.
Maybe login is returning "false" as a string? It is evaluating to true because it is not null.
Without a specific error or details of the implementation, or a hint that the PHP runtime or builtin or library is broken ...
This looks like a case of go back, check, debug.