Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
vikky

Regarding User Registration

Recommended Posts

Sir,
    
    As mentioned in your book the strong password system is good. So I increased the characters required for the password from 6 to 8.

if (preg_match('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){8,}$/', $_POST['pass1']) ) {
        

    }

To test the modification I tried to register with 6 characters password but it had not showed any error and I got registered. Then I cleared the browser's cache and restarted the Apache xampp, but again it had not showed any error and I got registered.

Then I decreased the number of password characters to 4 - it had not showed any error and I got registered.

Please guide me about this.

Thanking You,

Share this post


Link to post
Share on other sites

It's hard to say given the information provided. However, that your code uses 'pass1' suggests this isn't the registration form but rather the password update form. Are you sure you've edited the correct file?

Share this post


Link to post
Share on other sites

Hi Greetings,

    Yes Sir, this is the registration script. There are two fields for the password in the registration script (1) for the password and another (2) for the confirm password. I had posted only the modified password part of the script above. Now the complete modified password part of the script is:

// Check for a password and match against the confirmed password:
    if (preg_match('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*)
{8,}$/', $_POST['pass1']) ) {
        if ($_POST['pass1'] === $_POST['pass2']) {
            $p = $_POST['pass1'];
        } else {
            $reg_errors['pass2'] = 'Your password did not match the confirmed password!';
        }
    } else {
        $reg_errors['pass1'] = 'Please enter a valid password!';
    }

Many Thanks,

Share this post


Link to post
Share on other sites

Sorry for the delayed reply; had to take the time to set this all up on a server again. I ran the script with the 6 changed to 8 and it did also allow me to register. Then I realized it was probably because of the forward lookahead and the parens and where the minimum does and does not apply. Changing the minimum to apply to the whole grouping works better:

if (preg_match('/^((\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*)){8,}$/', $_POST['pass1']) ) {

All that being said, since I wrote this edition, both the industry and my personal feelings how validating passwords has changed. If I were to do this again today, I'd just require a minimum length (say 12 characters) and not care at all what characters are in that password. With modern computers, "thisismypassword" or "this-is-my-password" is more secure than "1Ad92q" for a number of reasons. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...