Login Security

robfog

Have a basic question.

Have a login containing id and username. If nothing is placed in the username field then an error occurs. If a space is placed in the field then the record in relation to the id is displayed which I do not wish to occur.

I have used:

if(empty($id) || empty($username)) {
}

and

if ($username == "") {
Brand();
commonHeader("$Company","Oops...");
fontSize("+1","blue","Arial","<b>You have forgotten to include your Username. Please go back and complete this section.");
commonFooter($Relative,$UserID);
exit;
}

Is there a symbol or term which will cover any number of spaces or is there a better method?

bastien

if (regex("[A-Za-z0-9_]{1,}",$username){
//do something
}else{
echo "login failed";
}

see {man]regex[/man] for more detail

the above regex (i hope) looks to give a true or false on any string that is alpha or numeric or has an underscore of at least one letter...

you should probably adapt your code to ask for username and login as opposed to username and id as you have seen it is easy to get around

other options include

if((empty($id) || empty($username)||($username==' '))

can also stipulate min length for username
username of a certain type - all alpha / all numeric etc

hth

robfog

Thanks for that. Using your advise I pulled bits and pieces from a couple of places and now while it's not perfect it works well enough.