Page 1 of 1

Username & Password comparison!

Posted: Tue Sep 11, 2007 10:02 pm
by cashflowtips
i having a problem on how to check the user name and password during registration session...

the input like this :-

user name : admin
password : admin123
/* False */

if something like this happen, the system should output error message because the password have partial words same as the user name. if can, i would like to limit it to allow only 3 consecutive letter to be same.

example :-

user name : admin
password : admi123
/* False */

user name : admin
password : adm789
/* True (allowed) */

can anybody help me here?

Posted: Tue Sep 11, 2007 10:15 pm
by feyd
What have you tried so far?

Posted: Tue Sep 11, 2007 10:22 pm
by cashflowtips
feyd wrote:What have you tried so far?
i tried to find any example from the net but couldn't find anything. most of the example are comparing between array. can you help me here?

Posted: Tue Sep 11, 2007 10:31 pm
by feyd
Generally, I don't. But this is probably more complicated than you would reach on your own in a relatively short time.

Code: Select all

feyd:~ feyd$ cat a.php
<?php
$a = 'administrator';
$b = array();
$c = 4;
for($i = 0, $j = strlen($a) - $c; $i <= $j; $i++)
{
        $b[] = substr($a, $i, $c);
}

$b = implode($b, '|');

if(empty($b))
{
        $b = $a;
}

$p = '#(?:' . $b . ')#i';
$t = array('admin123','adm456','admi789', 'min012', 'adin345');

foreach($t as $q)
{
        preg_match($p, $q, $m);
        echo 'Pattern \'', $p, '\' tested against ', var_export($q, true), ' was ', (empty($m) ? 'not found to match.' : 'found to match ' . var_export(implode($m, ''), true) . '.'), PHP_EOL; 
}
feyd:~ feyd$ php -f a.php 
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'admin123' was found to match 'admi'.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'adm456' was not found to match.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'admi789' was found to match 'admi'.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'min012' was not found to match.
Pattern '#(?:admi|dmin|mini|inis|nist|istr|stra|trat|rato|ator)#i' tested against 'adin345' was not found to match.

Posted: Tue Sep 11, 2007 11:48 pm
by cashflowtips
i found two codes but im not sure whether it solve my problem...

Code: Select all

$username="admin";
$password="admin123";

$cheek1=substr($username,0,3);
$cheek2=substr($password,0,3);

if($cheek1==$cheek2){
     echo "Sorry the username and password have the same first three letters";
}
else{
     echo "Username and password are valid as the first three letters dont match";
}
and

Code: Select all

function valid ($user, $pass) {
    // Does the password contain the beginning of user?
    $t = '/' . substr($user, 0, 4) . '(?:' . substr($user, 4, 0xF) . ')?/i';
    if (preg_match($t, $pass)) {
        # Password contain part of the username.
        return false;
    }
    return true;
}

$user = 'superadmin';
$pass = 'suderpass';

var_dump(valid($user, $pass));
can it trace something like this :-

user name : 12admin99
password : !(admin)!

will it return true or false?

Posted: Wed Sep 12, 2007 2:12 am
by n00b Saibot
feyd, what exactly were you doing there :lol:

Posted: Wed Sep 12, 2007 2:52 am
by cashflowtips
can anyone help me here?

Posted: Wed Sep 12, 2007 3:04 am
by n00b Saibot
fayd's example takes up the user name and matches it in groups of 4 letters... that is defintely for you if you want to search for any part of username in password.
however, i have a question - whcih of the following are valid for you?
- admin / admi123
- admin / dmin123
- admin / 12admin3
- admin / 12min3

Posted: Wed Sep 12, 2007 3:54 am
by cashflowtips
n00b Saibot wrote:fayd's example takes up the user name and matches it in groups of 4 letters... that is defintely for you if you want to search for any part of username in password.
however, i have a question - whcih of the following are valid for you?
- admin / admi123
- admin / dmin123
- admin / 12admin3
- admin / 12min3
as long it has 3 consecutive letter, like
adm
dmn
min

in the password, it will return false.

- admin / admi123
FALSE
- admin / dmin123
FALSE
- admin / 12admin3
FALSE
- admin / 12min3
FALSE

-admin / 12mi3
TRUE
-admin / ad123
TRUE

Posted: Wed Sep 12, 2007 8:25 am
by superdezign
cashflowtips wrote:as long it has 3 consecutive letter, like
adm
dmn
min

in the password, it will return false.
That's not what you said at first. Change $c in feyd's code to 3, and you're set. Beware though that only 3 characters is not smart at all. It's *VERY* easy to accidentally have 3 characters from your username in your password, as a lot of words in the dictionary have similar 3-letter combinations. The same with 4-letter combinations (though not as many). :P

BTW feyd, very intuitive solution.

Posted: Wed Sep 12, 2007 3:29 pm
by feyd
superdezign wrote:BTW feyd, very intuitive solution.
Trying to keep it simple, relatively.