[RESOLVED] regex newbie needs help

schwim

Hi there folks!

I'm building an app that uses phpBB's sessions system and I need to honor it's username restrictions. In this case, it's listed as alphanumeric and spacers( spacers are: space, -, +, _, [ and ] ). I looked in the phpBB code and found their regex line to be:

'[A-Za-z0-9-[\]_+ ]+';

and I tried to utilize that in my preg_match, but kept getting a missing bracket error. So I went out and read up on the regex testing sites and tried to build my own, that being:

if(preg_match('/[a-z]|[A-Z]|\d| |\+|-|_|\[|\]/', $_POST['sub_username']);

echo"Things went well.";
}else{
	echo"Things went poorly.";
}

But when I test with "testing!", it tells me that it went well.

I'm continuing to read up on it, but I'm just getting more errors as I go. Could someone let me know how I might achieve the end result I'm going for?

Thanks for your time!

laserlight

schwim wrote:
I tried to utilize that in my preg_match, but kept getting a missing bracket error

You should post what you tried.

schwim wrote:
But when I test with "testing!", it tells me that it went well.

The problem is that you are testing if such a character exists. Rather, you want to test if, from the start to the end, every character is such a character.

NogDog

I would write that regex as:

'/^[A-Za-z0-9\[\]_+ -]+$/'

Anchoring the expression to the start/end of the string, and moving the actual hyphen character to the last character in the character class so that the parser does not think it's indicating a range.

schwim

Thanks to both of you for your help. I greatly appreciate it.

Nog, I've implemented your suggestion in the following manner:

if(preg_match('/^[A-Za-z0-9\[\]_+ -]+$/', $_POST['sub_username'])){
	$stop = '1';
	$stop_reason = 'Username has illegal characters. (Only A-Z, 0-9, space, -, +, _, [ and ] are allowed.)';
	include("./includes/overlord/page-users.php");
	exit;
}

Which, if I understand it correctly, is stating that if the submitted string does not completely match the listed allowed ranges and characters, it will send the error. Testing looks like I've implemented it correctly, but I wanted to be sure.

For instance, testing+user works while testing!user does not.

Have I implemented the check properly?

NogDog

I believe you want to negate the check, which could be done via code logic or negating the character class in the regex:

Use the PHP "not" operator:

if( ! preg_replace('/^[A-Za-z0-9\[\]_+ -]+$/', $_POST['sub_username'])) {
  // illegal character found

Invert the regex (and therefore do not anchor it to the ends of the string):

if(preg_replace('/[^A-Za-z0-9\[\]_+ -]/', $_POST['sub_username'])) {
  // illegal character found (note different meaning of "^" in this usage)

Derokorian

PS. Schwim the reason for your original problem, is that you were not using a delimiter in your regex, therefore the engine thought the opening bracket for the character class was the delimiter, and could not find a matching one to close of the pattern.

schwim

NogDog;11042871 wrote:
I believe you want to negate the check, which could be done via code logic or negating the character class in the regex:

Use the PHP "not" operator:
if( ! preg_replace('/^[A-Za-z0-9\[\]_+ -]+$/', $_POST['sub_username'])) {
  // illegal character found
Invert the regex (and therefore do not anchor it to the ends of the string):
if(preg_replace('/[^A-Za-z0-9\[\]_+ -]/', $_POST['sub_username'])) {
  // illegal character found (note different meaning of "^" in this usage)

Hi there Nog,

I want preg_match and not preg_replace, correct? I just want to check for the illegal characters and stop the process if found, not replace anything.

I'm running with the php not operator but looking between the two methods, I'm trying to find out What's happening.

'/^[A-Za-z0-9\[\]_+ -]+$/'
'/[^A-Za-z0-9\[\]_+ -]/'

The regex wiki states that ^ means NOT and the brackets [] state that the match should be checked against everything within. I see that you switched position for the two. and for the back end, I see that it lost +$, but I don't understand why. Would you mind clarifying how this works? I'm sorry for my density 🙂

schwim

Derokorian;11042877 wrote:
PS. Schwim the reason for your original problem, is that you were not using a delimiter in your regex, therefore the engine thought the opening bracket for the character class was the delimiter, and could not find a matching one to close of the pattern.

Does that mean I didn't include the []s? It looks so much different from nog's example that I'm not sure which part that is 🙂

NogDog

With this regex, preg_match() will return true if all the characters in the string are one of the white-listed characters in the regex:

'/^[A-Za-z0-9\[\]_+ -]+$/'

With this one, it will return true if any of the character in the string are not in the regex:

'/[^A-Za-z0-9\[\]_+ -]/'

Which way you like to use it is probably more personal style preference than anything else. But since the first returns true if everything is okay while the second returns false if everything is okay, your PHP logic is the opposite depending which way you prefer to go with it.

Clear as mud?

Derokorian

schwim;11042881 wrote:
Does that mean I didn't include the []s? It looks so much different from nog's example that I'm not sure which part that is 🙂

What I mean is the regex parser looks at the first character in the string, and when it finds that character again, it knows the pattern is over, and all that is left is modifiers. In NogDog's examples, the delimiter is the '/' character.

laserlight

I suggest reading the PHP manual on PCRE pattern delimiters since Derokorian's explanation is somewhat overly simplified. This is why I stated that you should have posted what you tried: phpBB might have defined that pattern string somewhere central, then in the code that did the check enclosed that pattern string (or the variable/constant thereof) within delimiters to make it a proper PCRE regex pattern, but without seeing your code it is not clear if you did the same thing or blindly used that incomplete pattern string.