I am working on validating username, pass and email with php. I need to be sure I get it right so nobody can bypass the login page.
This is the values:
$email=$_POST['email'];
$username=$_POST['uname'];
$passwd=$_POST['pass'];
$passwd2=$_POST['passcopy'];
So far I have email validation:
if(!(preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $_POST['email'])))
die(msg(0,"You haven't provided a valid email"));
password equal:
if ($passwd != $passwd2) {
die(msg(0,"Passwords are not equal"));
}
password length:
if ((strlen($passwd) < 8) || (strlen($passwd) > 16)) {
die(msg(0,"Your password must be between 8 and 16 characters. Please type in a longer password"));
}
I know I need to validate the username. I was thinking only lowercase a-z0-9 to avoid people making similar usernames? Then password, what characters should I allow in a password?
PS. I still don’t understand preg_match and ereg. If somebody could explain this "/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+ and make a preg_match for my username and password validation it would be very helpful.
the string
^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+is a regular expression, that describes a pattern that you validate the email string against.Let me break the different parts down for you.
^this indicates that the pattern should start matching at the beginning of the line.[\.A-z0-9_\-\+]+this part is composed of two sub parts, first[\.A-z0-9_\-\+]that describes a class of characters, and then a + that indicates that you want one or more of the previous class.[@]matches exactly one@sign.[A-z0-9_\-]+another class of characters with a+after that means that you want one or more of the characters that are in the class.