Username & Password comparison!
Moderator: General Moderators
-
cashflowtips
- Forum Newbie
- Posts: 22
- Joined: Tue Jul 31, 2007 11:06 pm
Username & Password comparison!
i having a problem on how to check the user name and password during registration session...
the input like this :-
user name : admin
password : admin123
/* False */
if something like this happen, the system should output error message because the password have partial words same as the user name. if can, i would like to limit it to allow only 3 consecutive letter to be same.
example :-
user name : admin
password : admi123
/* False */
user name : admin
password : adm789
/* True (allowed) */
can anybody help me here?
the input like this :-
user name : admin
password : admin123
/* False */
if something like this happen, the system should output error message because the password have partial words same as the user name. if can, i would like to limit it to allow only 3 consecutive letter to be same.
example :-
user name : admin
password : admi123
/* False */
user name : admin
password : adm789
/* True (allowed) */
can anybody help me here?
-
cashflowtips
- Forum Newbie
- Posts: 22
- Joined: Tue Jul 31, 2007 11:06 pm
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Generally, I don't. But this is probably more complicated than you would reach on your own in a relatively short time.
Code: Select all
feyd:~ feyd$ cat a.php
<?php
$a = 'administrator';
$b = array();
$c = 4;
for($i = 0, $j = strlen($a) - $c; $i <= $j; $i++)
{
$b[] = substr($a, $i, $c);
}
$b = implode($b, '|');
if(empty($b))
{
$b = $a;
}
$p = '#(?:' . $b . ')#i';
$t = array('admin123','adm456','admi789', 'min012', 'adin345');
foreach($t as $q)
{
preg_match($p, $q, $m);
echo 'Pattern \'', $p, '\' tested against ', var_export($q, true), ' was ', (empty($m) ? 'not found to match.' : 'found to match ' . var_export(implode($m, ''), true) . '.'), PHP_EOL;
}
feyd:~ feyd$ php -f a.php
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'admin123' was found to match 'admi'.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'adm456' was not found to match.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'admi789' was found to match 'admi'.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'min012' was not found to match.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'adin345' was not found to match.-
cashflowtips
- Forum Newbie
- Posts: 22
- Joined: Tue Jul 31, 2007 11:06 pm
i found two codes but im not sure whether it solve my problem...
and
can it trace something like this :-
user name : 12admin99
password : !(admin)!
will it return true or false?
Code: Select all
$username="admin";
$password="admin123";
$cheek1=substr($username,0,3);
$cheek2=substr($password,0,3);
if($cheek1==$cheek2){
echo "Sorry the username and password have the same first three letters";
}
else{
echo "Username and password are valid as the first three letters dont match";
}Code: Select all
function valid ($user, $pass) {
// Does the password contain the beginning of user?
$t = '/' . substr($user, 0, 4) . '(?:' . substr($user, 4, 0xF) . ')?/i';
if (preg_match($t, $pass)) {
# Password contain part of the username.
return false;
}
return true;
}
$user = 'superadmin';
$pass = 'suderpass';
var_dump(valid($user, $pass));user name : 12admin99
password : !(admin)!
will it return true or false?
- n00b Saibot
- DevNet Resident
- Posts: 1452
- Joined: Fri Dec 24, 2004 2:59 am
- Location: Lucknow, UP, India
- Contact:
- n00b Saibot
- DevNet Resident
- Posts: 1452
- Joined: Fri Dec 24, 2004 2:59 am
- Location: Lucknow, UP, India
- Contact:
fayd's example takes up the user name and matches it in groups of 4 letters... that is defintely for you if you want to search for any part of username in password.
however, i have a question - whcih of the following are valid for you?
- admin / admi123
- admin / dmin123
- admin / 12admin3
- admin / 12min3
however, i have a question - whcih of the following are valid for you?
- admin / admi123
- admin / dmin123
- admin / 12admin3
- admin / 12min3
-
cashflowtips
- Forum Newbie
- Posts: 22
- Joined: Tue Jul 31, 2007 11:06 pm
as long it has 3 consecutive letter, liken00b Saibot wrote:fayd's example takes up the user name and matches it in groups of 4 letters... that is defintely for you if you want to search for any part of username in password.
however, i have a question - whcih of the following are valid for you?
- admin / admi123
- admin / dmin123
- admin / 12admin3
- admin / 12min3
adm
dmn
min
in the password, it will return false.
- admin / admi123
FALSE
- admin / dmin123
FALSE
- admin / 12admin3
FALSE
- admin / 12min3
FALSE
-admin / 12mi3
TRUE
-admin / ad123
TRUE
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
That's not what you said at first. Change $c in feyd's code to 3, and you're set. Beware though that only 3 characters is not smart at all. It's *VERY* easy to accidentally have 3 characters from your username in your password, as a lot of words in the dictionary have similar 3-letter combinations. The same with 4-letter combinations (though not as many).cashflowtips wrote:as long it has 3 consecutive letter, like
adm
dmn
min
in the password, it will return false.
BTW feyd, very intuitive solution.