Minimum and maximum strength length

StackOverflow https://stackoverflow.com/questions/10066245

Frage

Im working on a form that needs a password that is between 6 and 25 characters. The username and fullname must be less than 25 characters. The username and fullname part works fine, but when I put in a password thats 10 characters long it echos out my error code as if it were less than 6. What Am I doing wrong with this?

Please take a look at the code and help me please: The issue is within the area commented as //check password length. Thanks everone

The php code is:

    <?php
    echo "<h1>Register</h1>";

    $submit = filter_input(INPUT_POST, 'submit');
    //form data
    $fullname = strip_tags (filter_input(INPUT_POST, 'fullname'));
    $username = strip_tags (filter_input(INPUT_POST, 'username'));
    $password = strip_tags(filter_input(INPUT_POST, 'password'));
    $repeatpassword = strip_tags(filter_input(INPUT_POST, 'repeatpassword'));
    $date = date("Y-m-d");

    if ($submit)
    {
    //check for existence
       if($fullname&&$username&&$password&&$repeatpassword)
       {
       $password = md5($password);
       $repeatpassword = md5($repeatpassword);

    if ($password==$repeatpassword)
    {
    //check char length of username and fullname
        if (strlen($username)>25||strlen($fullname)>25)
        {
        echo "Length of username or full name is too long!";
        }
        else
        {
        //check password length 
            if (strlen ($password)>25 || strlen ($password)<6)
            {
            echo "Password must be between 6 and 25 characters";
            }
            else
            {
            //register user 
            }


        }





    }
    else echo "Your passwords do not match";


}
else echo "Please fill in <b>all</b> fields!";


    }


   ?>`

and the html is:

    <html>

    <form action='register.php' method='POST'>
<table>
    <tr>
        <td>
        Your full name:
        </td>
        <td>
        <input type='text' name='fullname'>
        </td>

    </tr>

    <tr>
        <td>
        choose a username:
        </td>
        <td>
        <input type='text' name='username'>
        </td>

    </tr>


    <tr>
        <td>
        Choose a password:
        </td> 
        <td>
        <input type='password' name='password'>
        </td>

    </tr>

    <tr>
        <td>
        Repeat your password:
        </td> 
        <td>
        <input type='password' name='repeatpassword'>
        </td>

    </tr>

<table>
<p>
<input type='submit' name='submit' value='Register'>

War es hilfreich?

Lösung

You overwrite the password with its MD5 sum here:

$password = md5($password);

I'd suggest using different variable names for these different values:

$password_md5 = md5($password);

Naming your variables appropraitely will remove confusion and reduce the risk of errors.

Andere Tipps

You run MD5 on your password and repeat password before you compare it. Do the comparison and length checking before you run MD5 on them.

Why won't you quit the MD5 and instead of that use Whirlpool?

$password_wp  = hash('whirlpool', $password);

Still having your doubts? If it is, your answer on Stackoverflow has already been answered :

Which one is more secured md5 or whirlpool (hashes) and Why?

{ more info }

http://md5-sha-whirlpool.reviews.r-tt.com

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top