validate date and pass word with php

fpt_992

Hi All,
I have just started to learn php for few days and i get stuck in this part. Please help me.
Here is my code. The key point is that i donot want users to type in ridiculous things such as 15/55/2008. About the password, it has to be about 8-12 characters with at least 2 digits.
Please help me.
Many thanks.

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Car and Passion</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<script type="text/javascript">
<!--

function startTime()
{
var today=new Date();
var h=today.getHours();
var m=today.getMinutes();
var s=today.getSeconds();
// add a zero in front of numbers<10
m=checkTime(m);
s=checkTime(s);
document.getElementById('txt').innerHTML=h+":"+m+":"+s;
t=setTimeout('startTime()',500);
}

function checkTime(i)
{
if (i<10)
  {
  i="0" + i;
  }
return i;
}

// -->
</script>
</head>

<body onLoad="startTime()">
<a href="index.html"><img id="header" src="images/header.jpg"></a>
<div id="wrapper">
	<div class="menu">
		<ul>
			<li><a href="index.html">Home</a></li>
            <li><a href="profilex.html" id="current">Profile</a></li>
            <li><a href="editprofile.html">Edit Profile</a></li>
            <li><a href="blog.html">Blog</a></li>
            <li><a href="logout.php">Log Out</a></li>
		</ul>
	</div>
    <br />

<div id= "pro1"><br />
<h2>Profile</h2>
<?php
require("shared_function.php");
dbConnect();
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$pass=$_POST["pass"];
$email=$_POST["email"];
$phone=$_POST["phone"];
$type=$_POST["type"];
$add=$_POST["add"];
$birth=$_POST["birth"];

$_SESSION['fname']=$fname;
$_SESSION['lname']=$lname;
$_SESSION['pass']=$pass;
$_SESSION['email']=$email;
$_SESSION['phone']=$phone;
$_SESSION['type']=$type;
$_SESSION['add']=$add;
$_SESSION['birth']=$birth;

$count=0;
$query3="select * from ass where email='$email'";
$result=mysql_query($query3) or die (mysql_error());
if(mysql_num_rows($result)>0){
echo"This Email address is already exists in the database, please create another one.";
echo '<a href="registration.html">Return</a>';
}else{if(ereg("^([A-Za-z ]+)$", $fname)) {
echo "First name <em>$fname</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "First name <em>$fname</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^([A-Za-z ]+)$", $lname)) {
echo "Last name <em>$lname</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Last name <em>$lname</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[A-Za-z0-9!]{8,16}$", $pass)){
echo "Password <em>$pass</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Password <em>$pass</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[@]{1}[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[.]{1}[A-Za-z]{2,5}[.]?[a-z]*$", $email)) {
echo "Email <em>$email</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Email <em>$email</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9A-Za-z,-_.() /]+$", $add)) {
echo "Address <em>$add</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Address <em>$add</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9]{7,12}$", $phone)) {
echo "Phone <em>$phone</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Phone <em>$phone</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9A-Za-z,-_.() /]+$", $type)) {
echo "Affiliation <em>$type</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Affiliation <em>$type</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^([0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4})$", $birth)) {
echo "Birth <em>$birth</em> is <strong style='color:green'>correct</strong><br />";
}else {
echo "Birth <em>$birth</em> is <strong style='color:red'>not correct</strong><br />";$count++;
}



if($count>0)
echo '<a href="registration.html">Back</a>';;

if($count==0)
{
$query1="insert into `ass` (`fname`, `lname`, `pass`, `email`, `add`, `phone`, `type`, `birth`) values('$fname', '$lname', '$pass', '$email', '$add', '$phone', '$type','$birth')";
$result = mysql_query($query1) or die(mysql_error());

echo "Congratulation this ". $email ."  account has been successfully recorded in our sever!<br/>";
$query2="select * from ass where email='$email' AND pass='$pass'";
$result = mysql_query($query2) or die(mysql_error());
$row=mysql_fetch_array($result,MYSQL_ASSOC);
echo '<h2>Profile Information</h2> '; 
echo "First name: ".$row['fname'];
echo "Last name: ".$row['lname'];echo '<br/>';
echo "Password: ".$row['pass'];echo '<br/>';
echo "Email: ".$row['email'];echo '<br/>';
echo "Address: ".$row['add'];
echo "Phone: ".$row['phone'];echo '<br/>';
echo "Type: ".$row['type'];echo '<br/>';
echo "Birth: ".$row['birth']; echo '<br/>';

echo '<a href="ediprofile.html">Edit Profile Information</a>';echo '<br/>';
echo '<a href="homepage.html">Back to main page</a>';
}}
?></div>



<div id="footer" >
<?php 
echo date("d/m/y", time());  
?>

<div id="txt"></div>

Copyright &copy; Car & Passion 2011. All rights reserved.
</div>

</div>
</body>
</html>

bradgrafelman

Welcome to PHPBuilder! When posting PHP code, please use the board's [noparse]

..

[/noparse] bbcode tags as they make your code much easier to read and analyze.

As for your issues, the date sanity check could be accomplished using the PHP function [man]checkdate/man, assuming you're able to split apart the date components (something you probably need to do anyway in order to reformat it into a standard format, e.g. YYYY-MM-DD).

As for the password, you can use [man]strlen/man to check the length, and you could also count certain characters such as numbers using a regular expression and [man]preg_match_all/man, which as the manual notes will return the number of "full pattern matches." Thus, if you have a pattern like:

/[0-9]/

you can count how many numbers appear in a given string.

Also note that the [man]ereg/man (and similar) functions have been deprecated for some time now. Instead, consider using one of the [man]PCRE[/man] functions such as [man]preg_match/man.

Another issue... why are you limiting the characters allowed in the user's password? In today's age of weak, easily-guessed passwords, why are you discouraging the use of strong passwords by limiting the domain of allowed characters?

Finally, note that it's advisable to use something like [man]filter_var/man with the FILTER_VALIDATE_EMAIL filter/option rather than a regexp pattern that may or may not have false positives and negatives.

fpt_992

hi,
Thank you for immediate reply. Could you please be more specific in case of my code? Im just starter so i dont understand much.
Thanks again

fpt_992

anyone help me please ?

fpt_992

Ok, i follow the instruction, it works, but when i enter the password which is smaller than 8 characters, nothing happen. There is something wrong there. but i cannot figure it out. Could you guys take a look at my code, especially the password validation section. Thank you so much

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Car and Passion</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<script type="text/javascript">
<!--

function startTime()
{
var today=new Date();
var h=today.getHours();
var m=today.getMinutes();
var s=today.getSeconds();
// add a zero in front of numbers<10
m=checkTime(m);
s=checkTime(s);
document.getElementById('txt').innerHTML=h+":"+m+":"+s;
t=setTimeout('startTime()',500);
}

function checkTime(i)
{
if (i<10)
  {
  i="0" + i;
  }
return i;
}

// -->
</script>
</head>

<body onLoad="startTime()">
<a href="index.html"><img id="header" src="images/header.jpg"></a>
<div id="wrapper">
	<div class="menu">
		<ul>
			<li><a href="index.html">Home</a></li>
      		<li><a href="registration.html">Register</a></li>
		</ul>
	</div>


<div id= "pro1"><br />
<h2>Profile</h2>
<?php
require("shared_function.php");
dbConnect();
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$pass=$_POST["pass"];
$email=$_POST["email"];
$phone=$_POST["phone"];
$type=$_POST["type"];
$add=$_POST["add"];
$birth=$_POST["birth"];

$_SESSION['fname']=$fname;
$_SESSION['lname']=$lname;
$_SESSION['pass']=$pass;
$_SESSION['email']=$email;
$_SESSION['phone']=$phone;
$_SESSION['type']=$type;
$_SESSION['add']=$add;
$_SESSION['birth']=$birth;

$count=0;
$query3="select * from ass where email='$email'";
$result=mysql_query($query3) or die (mysql_error());
if(mysql_num_rows($result)>0){
echo"This Email address is already exists in the database, please create another one.";
echo '<a href="registration.html">Return</a>';
}else{if(ereg("^([A-Za-z ]+)$", $fname)) {
echo "First name <em>$fname</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "First name <em>$fname</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^([A-Za-z ]+)$", $lname)) {
echo "Last name <em>$lname</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Last name <em>$lname</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(strlen($pass)>7) {
if (strlen($pass)<17) {
if (ereg("^([a-zA-z]+[0-9]{2,})$", $pass)){
echo "Password <em>$pass</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Password <em>$pass</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}}}
if(ereg("^[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[@]{1}[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[.]{1}[A-Za-z]{2,5}[.]?[a-z]*$", $email)) {
echo "Email <em>$email</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Email <em>$email</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9A-Za-z,-_.() /]+$", $add)) {
echo "Address <em>$add</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Address <em>$add</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9]{7,12}$", $phone)) {
echo "Phone <em>$phone</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Phone <em>$phone</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^[0-9A-Za-z,-_.() /]+$", $type)) {
echo "Affiliation <em>$type</em> is <strong style='color: green'>correct</strong><br/>";
} else {
echo "Affiliation <em>$type</em> is <strong style='color: red'>not correct</strong><br/>";$count++;
}
if(ereg("^([0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4})$", $birth)) {
echo "Birth <em>$birth</em> is <strong style='color:green'>correct</strong><br />";
}else {
echo "Birth <em>$birth</em> is <strong style='color:red'>not correct</strong><br />";$count++;
}



if($count>0)
echo '<a href="registration.html">Back</a>';;

if($count==0)
{
$query1="insert into `ass` (`fname`, `lname`, `pass`, `email`, `add`, `phone`, `type`, `birth`) values('$fname', '$lname', '$pass', '$email', '$add', '$phone', '$type','$birth')";
$result = mysql_query($query1) or die(mysql_error());

echo "Congratulation this ". $email ."  account has been successfully recorded in our sever!<br/>";
$query2="select * from ass where email='$email' AND pass='$pass'";
$result = mysql_query($query2) or die(mysql_error());
$row=mysql_fetch_array($result,MYSQL_ASSOC);
echo '<h2>Profile Information</h2> '; 
echo "First name: ".$row['fname'];echo '&nbsp';
echo "Last name: ".$row['lname'];echo '<br/>';
echo "Password: ".$row['pass'];echo '<br/>';
echo "Email: ".$row['email'];echo '&nbsp';
echo "Address: ".$row['add']; echo '&nbsp';
echo "Phone: ".$row['phone'];echo '<br/>';
echo "Type: ".$row['type'];echo '&nbsp';
echo "Birth: ".$row['birth']; echo '<br/>';

echo '<a href="ediprofile.html">Edit Profile Information</a>';echo '<br/>';
echo '<a href="homepage.html">Back to main page</a>';
}}
?></div>



<div id="footer" >
<?php 
echo date("d/m/y", time());  
?>

<div id="txt"></div>

Copyright &copy; Car & Passion 2011. All rights reserved.
</div>

</div>
</body>
</html>