I have a form that users can iput their personal details in: name, address, phone number etc. i also want to use some of this information for the users password and username. i have already devised and tested the way to get the user to (unknowingly) get their username and password sorted. the username is made up of the 1st address line and the password is made up of their postcode. they wont get this info unless they have bought a building kit from me. this is only issued after that. what i would like to know is how to remove the white spaces so instead of the password being SE13 1WD (spaces) the password becomes SE131SW (without spaces) i dont mind keeping the spaces in but ppl are used to seeing passwords and usernames without any spaces. i would rather this be done in php instead of javascript. (if this is done in javascript can it be over ridden or bypassed by altering the browser?)

    Cant you join without spaces?

    Of course, you can always [man]str_replace/man the spaces out.

      Hi Buzzby (not to be confused with Buzzly)

      Hope you've got a plan B for when a new user comes from the same street and the same postcode as an existing user. I also hope you've got some way of ensuring that a user can't just ask other users what street they live in and then look up their passwords in the telephone book.

      I assume you're keeping the URL secret, because now you've told everyone how to create a user ID and password on your site, they won't be needing your building kit any more.

      But perhaps I'm just being paranoid?

      Norm

        the building kit has nothing to do with usernames and passwords. the building kits are to do with architecture, refurbishments, extensions and stuff. the number and street and postcode can only be had by 1 person at a time. only 1 family/person can live at one address at any one time. as in 1 family will live at 54 red lane. not 54a or 54 b. note if there was 54a or 54b then that would be different but in order to know what username and password they have they would need to know exactly where they lived. but how would they unless someone told them. plus the information stored behind the username and password is only techy info about architectural stuff. no secrets of the holy grail or 'here is where you can find the turin shroud' malarki.

          You hope!! Why not do something simple like generate a password? You've not been at this long have you, if you had then you would know that everything that can go wrong with a password system will go wrong with it. The 'cleverer' the process the more it will go wrong. Try this for a random 6 character string:

           $newpass = substr(md5(time()),0,6);
          
          it generates an md5 hash string from the system time and truncates it to 6 chars. About as random as you can get.
          

          Just use the user's name and generate a password and send it to them.

          As to only one family at an address: people move, get their post code wrong, share houses, don't like to reveal that they live in a flat so forget the A, B etc. Believe me, your system WILL end up issuing the same address/post code combination because that is the real world.

            it generates an md5 hash string from the system time and truncates it to 6 chars.

            Which means that the total number of possible passwords is 166=16777216
            If you were to use a normal alphanumeric password, even one that is not case-sensitive, the total number of possible passwords would be 36
            6=2176782336

              So truncate it to 8 or 9 chars or whatever you like. Personally, I think 16,000,000 should cover you, but use as many as you like.

              I did not say you had to use Kevin Yank's solution, only that you should use more usual methods to generate your password. I offered Kevin Yank's solution in case you did not know of any way to write your own function or routine.

                anybody who has designed for a client will know that the client will stipulate what he wants. he is opened to some design ideas or changes made by the designer but ultimately the client makes the desicion on what goes and what stays. plus since the client pays the bills he is in the advantageous position of basically dictating what goes where. i have not been at this for long but i have been there long enuff to know if i insist on something i loose my job and get/make no money. i know that a simple password/username solution required. i know what the solution should be. i already have the solution in place. its only a link away. i dont want a random password system. the system i have in place is that the user will actually choose his/her password so therefore there will be uniqueness. my client doesnt want that. it has to be job specific. the business is just for london, england and within the M25 (motorway that circles london) FOR NOW

                  Write a Reply...