CODEWITHSUNDEEP
phpstringmaxstrlenstring-length
Ryan Sinclair
Ryan Sinclair

Reputation: 205

Minimum and maximum strength length

Im working on a form that needs a password that is between 6 and 25 characters. The username and fullname must be less than 25 characters. The username and fullname part works fine, but when I put in a password thats 10 characters long it echos out my error code as if it were less than 6. What Am I doing wrong with this?

Please take a look at the code and help me please: The issue is within the area commented as //check password length. Thanks everone

The php code is:

    <?php
    echo "<h1>Register</h1>";

    $submit = filter_input(INPUT_POST, 'submit');
    //form data
    $fullname = strip_tags (filter_input(INPUT_POST, 'fullname'));
    $username = strip_tags (filter_input(INPUT_POST, 'username'));
    $password = strip_tags(filter_input(INPUT_POST, 'password'));
    $repeatpassword = strip_tags(filter_input(INPUT_POST, 'repeatpassword'));
    $date = date("Y-m-d");

    if ($submit)
    {
    //check for existence
       if($fullname&&$username&&$password&&$repeatpassword)
       {
       $password = md5($password);
       $repeatpassword = md5($repeatpassword);

    if ($password==$repeatpassword)
    {
    //check char length of username and fullname
        if (strlen($username)>25||strlen($fullname)>25)
        {
        echo "Length of username or full name is too long!";
        }
        else
        {
        //check password length 
            if (strlen ($password)>25 || strlen ($password)<6)
            {
            echo "Password must be between 6 and 25 characters";
            }
            else
            {
            //register user 
            }


        }





    }
    else echo "Your passwords do not match";


}
else echo "Please fill in <b>all</b> fields!";


    }


   ?>`

and the html is:

    <html>

    <form action='register.php' method='POST'>
<table>
    <tr>
        <td>
        Your full name:
        </td>
        <td>
        <input type='text' name='fullname'>
        </td>

    </tr>

    <tr>
        <td>
        choose a username:
        </td>
        <td>
        <input type='text' name='username'>
        </td>

    </tr>


    <tr>
        <td>
        Choose a password:
        </td> 
        <td>
        <input type='password' name='password'>
        </td>

    </tr>

    <tr>
        <td>
        Repeat your password:
        </td> 
        <td>
        <input type='password' name='repeatpassword'>
        </td>

    </tr>

<table>
<p>
<input type='submit' name='submit' value='Register'>

Upvotes: 1

Views: 13244

Answers (3)

Mr. Morgan
Mr. Morgan

Reputation: 53

Why won't you quit the MD5 and instead of that use Whirlpool?

$password_wp  = hash('whirlpool', $password);

Still having your doubts? If it is, your answer on Stackoverflow has already been answered :

Which one is more secured md5 or whirlpool (hashes) and Why?

{ more info }

http://md5-sha-whirlpool.reviews.r-tt.com

Upvotes: 0

Mark Byers
Mark Byers

Reputation: 838206

You overwrite the password with its MD5 sum here:

$password = md5($password);

I'd suggest using different variable names for these different values:

$password_md5 = md5($password);

Naming your variables appropraitely will remove confusion and reduce the risk of errors.

Upvotes: 1

ChrisWue
ChrisWue

Reputation: 19020

You run MD5 on your password and repeat password before you compare it. Do the comparison and length checking before you run MD5 on them.

Upvotes: 1

Related Questions