How can this ereg code possibly be updated to preg_match?

Question

I have reviewed the answers to this out the wazoo. I've googled this the same.

I have a variable that works really great with php 5.4 ereg but fails miserably with the latest stuff.

ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])))

I have tried the following with no joy:

preg_match('/^$user.$pass/',

preg_match('/{$user.$pass}/',

preg_match({$user.$pass},

preg_match('{$user.$pass}',

I don't know what to do. I've also tried rewriting the code to use different input lines, but to no avail.

Does the rest of the line need escaping as well?

Is it possible that this function just doesn't port easily into the latest php versions?

This is the complete line of code. It looks to see if a user and password match the user and password for this page and trims out spaces. (I probably should sanitize it outside of this if statement.) It also checks the SESSIONS status. It may be a bit ugly but it works great in 5.4:

elseif(((!empty($_POST['user']) and !empty($_POST['pass']) and ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])))) or (isset($_SESSION['logged']) and ($_SESSION['logged'] === true) and isset($_SESSION['user']) and ($_SESSION['user'] == $user))) and ($_SESSION['attempts'] < 5))

ADDITIONAL: I found a way around the ereg or the preg_match. It works great.

Answer 1

The (main) usage difference between ereg() and preg_match is the delimiters.

So if your code was:

ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])));

the new equivalent code should be:

preg_match('/'.$user.$pass.'/', preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])));

Please note the lack of {, } or ^ in the first parameter of preg_match().