Unreasonable regex warning? (php)


Results 1 to 3 of 3

Thread: Unreasonable regex warning? (php)

  1. #1
    Join Date
    Aug 2002
    Posts
    476

    Unreasonable regex warning? (php)

    Hi guys,

    Could one of you PHP sharks please explain to me why this redicilously simple regex check:

    if (!ereg("^[A-Za-z0-9]{5-20}$", $password) || !ereg("^[A-Za-z0-9]{5-20}$", $username))

    - produces the following warning:

    Warning: ereg() [function.ereg]: REG_BADBR in...

    Later guys,
    Last edited by arioch; 07-08-2007 at 04:27 PM.

  2. #2
    Join Date
    Jun 2003
    Posts
    173
    I am not sure about PHP but for perl and any other regex system I have used you should use {5,20} in place of {5-20}. I assume you are looking for any alphanumeric string of 5 to 20 characters.

  3. #3
    Join Date
    Aug 2002
    Posts
    476
    Ok, I've now changed the regex into using preg_match() but it's still not working out.

    When typing ''aaaaaaaaaaaaa' in a formfield, I don't get the "Failed check for required symbols" message as I should, but the "wrong username" message from much later down the script. (if ($siteuser !== $formusername)) But when I send an empty form then I get the "Failed check for required symbols" message. Shouldn't the series of preg_match()'es demand at least one of each character or halt with the appropriate die message? I could understand the situation if I used "OR" in the code, but "AND" and the "+" should demand at least one of each, right? I already tried doing it all in one line of regex for each, but that didn't do it.

    Consider the following:
    PHP Code:
    if (!preg_match('/[a-z]+/', $formpassword) AND
                  !preg_match('/[A-Z]+/', $formpassword) AND
                  !preg_match('/[0-9]+/', $formpassword))
                  {
                  echo "<span class='warning'>$formpassword ERROR: Failed check for required symbols in password. Please adhere to the specifications given.</span>";
                  die($loginform);
                  }
          if (!preg_match('/[a-z]+/', $formusername) AND
                  !preg_match('/[A-Z]+/', $formusername) AND
                  !preg_match('/[0-9]+/', $formusername))
                  {
                  echo "<span class='warning'>$formusername ERROR: [COLOR="Lime"]Failed check for required symbols in username. Please adhere to the specifications given.[/COLOR]</span>";
                  die($loginform);
                  }  
          elseif (strlen($formpassword) <8 OR strlen($formpassword) >20)
                          {
                          echo "<span class='warning'>ERROR: Password is of an illegal length</span>";
                          die($loginform);
                          }
          elseif (strlen($formusername) <5 OR strlen($formusername) >20)
                          {
                          echo "<span class='warning'>ERROR: Username is of an illegal length</span>";
                          die($loginform);
                          }
    else 
        {
        $formpassword = md5($formpassword);
        $formusername = md5($formusername);
    //
    // DB stuff below and authorization if userdata validates and matches fetched DB values.
    //
    $query = mysql_query("SELECT name, param FROM parameter WHERE name='siteuser' OR name='siteuserpasswd'") OR die(mysql_error());
    while($row = mysql_fetch_array($query))
          {
          $$row['name'] = $row['param'];
          }
    if ($siteuser !== $formusername)
        {
        echo "<span class='warning'>FAILURE: Authentication failed. Wrong username</span>";
        die($loginform);
        }
        elseif ($siteuserpasswd !== $formpassword)
                {
                echo "<span class='warning'>FAILURE: Authentication failed. Wrong password</span>";
                die($loginform);
                }
        elseif (($siteuser !== $formusername) AND ($siteuserpasswd !== $formpassword))
                {
                echo "<span class='warning'>FAILURE: Authentication failed. Wrong username and password</span>";
                die($loginform);
                }
        elseif (($siteuser == $formusername) AND ($siteuserpasswd == $formpassword)) 
                {
                $_SESSION['authorized'] = TRUE;
                echo "<h3 class='hlook1'> CONFIGURATOR.</h3>";
                //echo menu();
                ?>
    </div><!-- applicationarea end -->
    </body>
    </html>
    <?php
    }
    }
    }
    Last edited by arioch; 07-14-2007 at 07:35 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •