PDA

Click to See Complete Forum and Search --> : Unreasonable regex warning? (php)

arioch
07-08-2007, 04:24 PM
Hi guys,

Could one of you PHP sharks please explain to me why this redicilously simple regex check:

if (!ereg("^[A-Za-z0-9]{5-20}$", $password) || !ereg("^[A-Za-z0-9]{5-20}$", $username))

- produces the following warning:

Warning: ereg() [function.ereg]: REG_BADBR in...

Later guys,
lagdawg
07-09-2007, 08:43 AM
I am not sure about PHP but for perl and any other regex system I have used you should use {5,20} in place of {5-20}. I assume you are looking for any alphanumeric string of 5 to 20 characters.
arioch
07-14-2007, 07:26 PM
Ok, I've now changed the regex into using preg_match() but it's still not working out.

When typing ''aaaaaaaaaaaaa' in a formfield, I don't get the "Failed check for required symbols" message as I should, but the "wrong username" message from much later down the script. (if ($siteuser !== $formusername)) But when I send an empty form then I get the "Failed check for required symbols" message. Shouldn't the series of preg_match()'es demand at least one of each character or halt with the appropriate die message? I could understand the situation if I used "OR" in the code, but "AND" and the "+" should demand at least one of each, right? I already tried doing it all in one line of regex for each, but that didn't do it.

Consider the following:

if (!preg_match('/[a-z]+/', $formpassword) AND
!preg_match('/[A-Z]+/', $formpassword) AND
!preg_match('/[0-9]+/', $formpassword))
{
echo "<span class='warning'>$formpassword ERROR: Failed check for required symbols in password. Please adhere to the specifications given.</span>";
die($loginform);
}
if (!preg_match('/[a-z]+/', $formusername) AND
!preg_match('/[A-Z]+/', $formusername) AND
!preg_match('/[0-9]+/', $formusername))
{
echo "<span class='warning'>$formusername ERROR: Failed check for required symbols in username. Please adhere to the specifications given.</span>";
die($loginform);
}
elseif (strlen($formpassword) <8 OR strlen($formpassword) >20)
{
echo "<span class='warning'>ERROR: Password is of an illegal length</span>";
die($loginform);
}
elseif (strlen($formusername) <5 OR strlen($formusername) >20)
{
echo "<span class='warning'>ERROR: Username is of an illegal length</span>";
die($loginform);
}
else
{
$formpassword = md5($formpassword);
$formusername = md5($formusername);
//
// DB stuff below and authorization if userdata validates and matches fetched DB values.
//
$query = mysql_query("SELECT name, param FROM parameter WHERE name='siteuser' OR name='siteuserpasswd'") OR die(mysql_error());
while($row = mysql_fetch_array($query))
{
$$row['name'] = $row['param'];
}
if ($siteuser !== $formusername)
{
echo "<span class='warning'>FAILURE: Authentication failed. Wrong username</span>";
die($loginform);
}
elseif ($siteuserpasswd !== $formpassword)
{
echo "<span class='warning'>FAILURE: Authentication failed. Wrong password</span>";
die($loginform);
}
elseif (($siteuser !== $formusername) AND ($siteuserpasswd !== $formpassword))
{
echo "<span class='warning'>FAILURE: Authentication failed. Wrong username and password</span>";
die($loginform);
}
elseif (($siteuser == $formusername) AND ($siteuserpasswd == $formpassword))
{
$_SESSION['authorized'] = TRUE;
echo "<h3 class='hlook1'> CONFIGURATOR.</h3>";
//echo menu();
?>
</div><!-- applicationarea end -->
</body>
</html>
<?php
}
}
}