Password Length
Posted: Tue Feb 09, 2010 9:03 am
I've been landed with a php script that needs to have a minimum password length added to it.
I thought strlen would be the answer but I'm either not putting it in the correct spot or have the syntax wrong - who knows. Attached is the offending part of the code if anyone could assist. Your help would be greatly appreciated.
if ($act == "newpwd")
{
if (($_POST["newpassword"]) && ($_POST["confirmpassword"]) && ($_POST["newpassword"] == $_POST["confirmpassword"]))
{
$result = mysql_query("SELECT * FROM $membersTable WHERE id = '".$_SESSION["userid"]."'", $db);
if ($row = mysql_fetch_array($result))
{
$db_password = md5($_POST["newpassword"]);
$sql = "UPDATE $membersTable SET user_pwd = '$db_password' WHERE id = '".$_SESSION["userid"]."'";
$doit = mysql_query($sql, $db);
$headers .= "Reply-to: $company_email\r\n";
$headers .= "From: $company_email\r\n";
$headers .= "Errors-to: $company_email\r\n";
mail($row["user_email"], "Your change of password", "This is in response to your request to change your password for the XXXXXXXXXX online system \n \nEmail address: ". $row["user_email"] ." \nPassword: ". $_POST["newpassword"] ." \n\nThank You \nAdministrator", $headers);
$error .= "<center><b>THANK YOU</b> <br>Your password has been emailled to your email address . Please check your email for confirmation. </center>";
unset($act);
}
}
else
{
if (($_POST["newpassword"]) != ($_POST["confirmpassword"]))
{
$error = "<br/><center><font color=\"#FF0000\"><b>Your passwords do not match, please try again</b></font></center>";
}
else if (!$_POST["newpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please enter a password</b></font></center>";
}
else if (!$_POST["confirmpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please confirm your password</b></font></center>";
}
$act = "chgpwd";
}
}
if ($act == "chgpwd")
{
if ($error)
{
$body .= $error;
}
$body .= "<div id=\"calc_change_pwd_menu\">";
$body .= "<form action=\"$urlPath\" method=\"post\">";
$body .= "<input type=\"hidden\" name=\"act\" value=\"newpwd\">";
$body .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><br/> <td bgcolor=\"#ffffff\">New Password</td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"newpassword\" ></td></tr>";
$body .= "<tr> <td bgcolor=\"#ffffff\" >Confirm Password </td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"confirmpassword\" ></td></tr>";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><td bgcolor=\"#f1f1f1\" colspan=\"2\"><input type=\"button\" value=\"Back\" onClick=\"window.location.href='$urlPath'\"> <input type=\"submit\" value=\"Submit\"></td></tr>";
$body .= "</table>";
$body .= "</div>";
I thought strlen would be the answer but I'm either not putting it in the correct spot or have the syntax wrong - who knows. Attached is the offending part of the code if anyone could assist. Your help would be greatly appreciated.
if ($act == "newpwd")
{
if (($_POST["newpassword"]) && ($_POST["confirmpassword"]) && ($_POST["newpassword"] == $_POST["confirmpassword"]))
{
$result = mysql_query("SELECT * FROM $membersTable WHERE id = '".$_SESSION["userid"]."'", $db);
if ($row = mysql_fetch_array($result))
{
$db_password = md5($_POST["newpassword"]);
$sql = "UPDATE $membersTable SET user_pwd = '$db_password' WHERE id = '".$_SESSION["userid"]."'";
$doit = mysql_query($sql, $db);
$headers .= "Reply-to: $company_email\r\n";
$headers .= "From: $company_email\r\n";
$headers .= "Errors-to: $company_email\r\n";
mail($row["user_email"], "Your change of password", "This is in response to your request to change your password for the XXXXXXXXXX online system \n \nEmail address: ". $row["user_email"] ." \nPassword: ". $_POST["newpassword"] ." \n\nThank You \nAdministrator", $headers);
$error .= "<center><b>THANK YOU</b> <br>Your password has been emailled to your email address . Please check your email for confirmation. </center>";
unset($act);
}
}
else
{
if (($_POST["newpassword"]) != ($_POST["confirmpassword"]))
{
$error = "<br/><center><font color=\"#FF0000\"><b>Your passwords do not match, please try again</b></font></center>";
}
else if (!$_POST["newpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please enter a password</b></font></center>";
}
else if (!$_POST["confirmpassword"])
{
$error = "<br/><center><font color=\"#FF0000\"><b>Please confirm your password</b></font></center>";
}
$act = "chgpwd";
}
}
if ($act == "chgpwd")
{
if ($error)
{
$body .= $error;
}
$body .= "<div id=\"calc_change_pwd_menu\">";
$body .= "<form action=\"$urlPath\" method=\"post\">";
$body .= "<input type=\"hidden\" name=\"act\" value=\"newpwd\">";
$body .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><br/> <td bgcolor=\"#ffffff\">New Password</td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"newpassword\" ></td></tr>";
$body .= "<tr> <td bgcolor=\"#ffffff\" >Confirm Password </td> <td bgcolor=\"#ffffff\"><input type=\"password\" name=\"confirmpassword\" ></td></tr>";
$body .= "<tr><td> </td></tr>";
$body .= "<tr><td bgcolor=\"#f1f1f1\" colspan=\"2\"><input type=\"button\" value=\"Back\" onClick=\"window.location.href='$urlPath'\"> <input type=\"submit\" value=\"Submit\"></td></tr>";
$body .= "</table>";
$body .= "</div>";