I've been landed with a php script that needs to have a minimum password length added to it.
I thought strlen would be the answer but I'm either not putting it in the correct spot or have the syntax wrong - who knows. Attached is the offending part of the code if anyone could assist. Your help would be greatly appreciated.
if ($act == "newpwd")
{
if (($_POST["newpassword"]) && ($_POST["confirmpassword"]) && ($_POST["newpassword"] == $_POST["confirmpassword"]))
{
$result = mysql_query("SELECT * FROM $membersTable WHERE id = '".$_SESSION["userid"]."'", $db);
if ($row = mysql_fetch_array($result))
{
$db_password = md5($_POST["newpassword"]);
$sql = "UPDATE $membersTable SET user_pwd = '$db_password' WHERE id = '".$_SESSION["userid"]."'";
$doit = mysql_query($sql, $db);
$headers .= "Reply-to: $company_email\r\n";
$headers .= "From: $company_email\r\n";
$headers .= "Errors-to: $company_email\r\n";
mail($row["user_email"], "Your change of password", "This is in response to your request to change your password for the XXXXXXXXXX online system \n \nEmail address: ". $row["user_email"] ." \nPassword: ". $_POST["newpassword"] ." \n\nThank You \nAdministrator", $headers);
$error .= "<center><b>THANK YOU</b> <br>Your password has been emailled to your email address . Please check your email for confirmation. </center>";
unset($act);
}
}
else
{
if (($_POST["newpassword"]) != ($_POST["confirmpassword"]))
{
$error = "<br/><center><font color=\"#FF0000\"><b>Your passwords do not match, please try again</b></font></center>";
}
else if (!$_POST["newpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please enter a password</b></font></center>";
}
else if (!$_POST["confirmpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please confirm your password</b></font></center>";
}
$act = "chgpwd";
}
}
if ($act == "chgpwd")
{
if ($error)
{
$body .= $error;
}
$body .= "<div id=\"calc_change_pwd_menu\">";
$body .= "<form action=\"$urlPath\" method=\"post\">";
$body .= "<input type=\"hidden\" name=\"act\" value=\"newpwd\">";
$body .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><br/> <td bgcolor=\"#ffffff\">New Password</td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"newpassword\" ></td></tr>";
$body .= "<tr> <td bgcolor=\"#ffffff\" >Confirm Password </td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"confirmpassword\" ></td></tr>";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><td bgcolor=\"#f1f1f1\" colspan=\"2\"><input type=\"button\" value=\"Back\" onClick=\"window.location.href='$urlPath'\"> <input type=\"submit\" value=\"Submit\"></td></tr>";
$body .= "</table>";
$body .= "</div>";
Password Length
Moderator: General Moderators
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: Password Length
The easiest would probably be to add the condition in your main if and then add an else if down with your others:
Code: Select all
if (($_POST["newpassword"]) && ($_POST["confirmpassword"]) &&
($_POST["newpassword"] == $_POST["confirmpassword"]) &&
(strlen($_POST["newpassword"]) >= 8))
{
// etc...
}
else if (strlen($_POST["newpassword"]) < 8)
{
$error = "<br/><center><font color=\"#FF0000\"><b>Password must be at least 8 characters</b></font></center>";
}mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Re: Password Length
Cheers AbraCadaver, works a treat.
I think I got all confused with the >=8 and <8...... no sorry I'll correct myself, I did get all confused with the >=8 and <8. Hey ho, all sorted now, thanks again!!
I think I got all confused with the >=8 and <8...... no sorry I'll correct myself, I did get all confused with the >=8 and <8. Hey ho, all sorted now, thanks again!!