tomwaits4noman
05-16-2009, 07:06 PM
hello
I am trying to use regular expressions in a registration form to stop mysql injections but to also validate e-mail and to create a strong password.
I am able to get the regular expression for the password working by itself.
I have tried using javascript function that is called with an onbuttonclick when you click on the submit button
If any one could help would appreciate have included the regular expressions code I have been using as well as the registration form
thanks
======
code in the header
function validate(){
password = document.getElementById("pword").value;
email = document.getElementById("email").value;
if (password.match(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;){
alert("Strong Password");
else {
alert("Weak password");
}
if (email.match("^.*\..{2,4}") == null){
alert("That is not a valid email address");
} else
{
</script>
code in the body
echo "<button type = \"button\" onclick = \"validate()\"submit\"</button>";
============
here is the regular expressions code
var pw_pattern = /(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;
function check_pattern(divID, pattern) {
var the_string = document.getElementById(divID).value;
if(the_string.match(pattern)) {
alert("Strong Password");
}
else {
//alert("Weak password");
}
}
var sql_pattern = /(^.[delete])(([select])|([.\;])|( ).*$/;
function check_pattern(divID, pattern) {
var the_string = document.getElementById(divID).value;
if(the_string.match(pattern)) {
//alert("login successful");
}
else {
//alert("login failed");
}
}
below is the code of the registration form which works
<html>
<head>
<title>title</title>
<script></script>
<link rel="stylesheet" href="style/layout.css" media="screen" />
</head>
<body>
<div id="container">
<?php include('include/header.php'); ?>
<?php include('include/submenu.php'); ?>
<?php include('include/navmenu.php'); ?>
<div id="content">
<?php
if(isset($_POST['uname'])) { // check the value
$con = mysql_connect("localhost", "root", "");
if(!$con) {
die("Unable to connect to DBMS. Please try again later.");
}
else {
$fn = $_POST["fname"];
$sn = $_POST["sname"];
$un = $_POST["uname"];
$pw = $_POST["pword"];
$eml = $_POST["email"];
$dob = $_POST["d_year"]."-".$_POST["d_mon"]."-".$_POST["d_day"];
mysql_select_db("quizes", $con);
$strQ = "INSERT INTO users(username, password, name, surname, email_address, dob) VALUES ('";
$strQ = $strQ.$un."', '";
$strQ = $strQ.$pw."', '";
$strQ = $strQ.$fn."', '";
$strQ = $strQ.$sn."', '";
$strQ = $strQ.$eml."', '";
$strQ = $strQ.$dob."');";
mysql_query($strQ);
// code for retrieving the id number of the new account
$to = "";
$subject = "";
$content = "<a href=\"http://localhost/activate.php?id=".$id."\">activation link</a>";
$header = "From: noreply@ttt.com";
//mail($to, $subject, $content, $header);
// send the user activation email
echo "A mail with an activation link has been sent to your email address. Please click on the link to activate your account";
// inform the user
// link to the welcome page
echo "<br />Click here to return to the <a href=\"main.php\">welcome page</a>.";
echo "Data successfully added to the DB.";
}
}
else { // show them the form
echo "<form action=\"registration.php\" method=\"POST\">";
echo "<fieldset><legend>Registration Form</legend>";
echo "Name :<input type=\"text\" id=\"fname\" name=\"fname\" /><br />";
echo "Surname :<input type=\"text\" id=\"sname\" name=\"sname\" /><br />";
echo "Username :<input type=\"text\" id=\"uname\" name=\"uname\" /><br />";
echo "Password :<input type=\"password\" id=\"pword\" name=\"pword\" /><br />";
// echo "Recheck Password :<input type=\"password\" id=\"pword2\" name=\"pword2\" /><br />";
echo "Email :<input type=\"text\" id=\"email\" name=\"email\" /><br />";
// echo "Recheck email :<input type=\"text\" id=\"email2\" name=\"email2\" /><br />";
echo "D.O.B :<select id=\"d_day\" name=\"d_day\">";
for($i=1;$i<32;$i++) {
echo "<option value=\"";
if($i < 10)
echo "0";
echo $i."\">".$i;
}
echo "</select><select id=\"d_mon\" name=\"d_mon\">";
for($i=1;$i<13;$i++) {
echo "<option value=\"";
if($i < 10)
echo "0";
echo $i."\">".$i;
}
echo "</select><select id=\"d_year\" name=\"d_year\">";
for($i=1900;$i<2010;$i++) {
echo "<option value=\"".$i."\">".$i;
}
echo "</select><br />";
echo "<br /><input type=\"submit\" /><br />";
echo "</fieldset>";
echo "</form>";
}
?>
<div id="instructions">Passwords should be at least 8 characters long with a number and or at least one special char</div>
</div>
</div>
</body>
</html>
I am trying to use regular expressions in a registration form to stop mysql injections but to also validate e-mail and to create a strong password.
I am able to get the regular expression for the password working by itself.
I have tried using javascript function that is called with an onbuttonclick when you click on the submit button
If any one could help would appreciate have included the regular expressions code I have been using as well as the registration form
thanks
======
code in the header
function validate(){
password = document.getElementById("pword").value;
email = document.getElementById("email").value;
if (password.match(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;){
alert("Strong Password");
else {
alert("Weak password");
}
if (email.match("^.*\..{2,4}") == null){
alert("That is not a valid email address");
} else
{
</script>
code in the body
echo "<button type = \"button\" onclick = \"validate()\"submit\"</button>";
============
here is the regular expressions code
var pw_pattern = /(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;
function check_pattern(divID, pattern) {
var the_string = document.getElementById(divID).value;
if(the_string.match(pattern)) {
alert("Strong Password");
}
else {
//alert("Weak password");
}
}
var sql_pattern = /(^.[delete])(([select])|([.\;])|( ).*$/;
function check_pattern(divID, pattern) {
var the_string = document.getElementById(divID).value;
if(the_string.match(pattern)) {
//alert("login successful");
}
else {
//alert("login failed");
}
}
below is the code of the registration form which works
<html>
<head>
<title>title</title>
<script></script>
<link rel="stylesheet" href="style/layout.css" media="screen" />
</head>
<body>
<div id="container">
<?php include('include/header.php'); ?>
<?php include('include/submenu.php'); ?>
<?php include('include/navmenu.php'); ?>
<div id="content">
<?php
if(isset($_POST['uname'])) { // check the value
$con = mysql_connect("localhost", "root", "");
if(!$con) {
die("Unable to connect to DBMS. Please try again later.");
}
else {
$fn = $_POST["fname"];
$sn = $_POST["sname"];
$un = $_POST["uname"];
$pw = $_POST["pword"];
$eml = $_POST["email"];
$dob = $_POST["d_year"]."-".$_POST["d_mon"]."-".$_POST["d_day"];
mysql_select_db("quizes", $con);
$strQ = "INSERT INTO users(username, password, name, surname, email_address, dob) VALUES ('";
$strQ = $strQ.$un."', '";
$strQ = $strQ.$pw."', '";
$strQ = $strQ.$fn."', '";
$strQ = $strQ.$sn."', '";
$strQ = $strQ.$eml."', '";
$strQ = $strQ.$dob."');";
mysql_query($strQ);
// code for retrieving the id number of the new account
$to = "";
$subject = "";
$content = "<a href=\"http://localhost/activate.php?id=".$id."\">activation link</a>";
$header = "From: noreply@ttt.com";
//mail($to, $subject, $content, $header);
// send the user activation email
echo "A mail with an activation link has been sent to your email address. Please click on the link to activate your account";
// inform the user
// link to the welcome page
echo "<br />Click here to return to the <a href=\"main.php\">welcome page</a>.";
echo "Data successfully added to the DB.";
}
}
else { // show them the form
echo "<form action=\"registration.php\" method=\"POST\">";
echo "<fieldset><legend>Registration Form</legend>";
echo "Name :<input type=\"text\" id=\"fname\" name=\"fname\" /><br />";
echo "Surname :<input type=\"text\" id=\"sname\" name=\"sname\" /><br />";
echo "Username :<input type=\"text\" id=\"uname\" name=\"uname\" /><br />";
echo "Password :<input type=\"password\" id=\"pword\" name=\"pword\" /><br />";
// echo "Recheck Password :<input type=\"password\" id=\"pword2\" name=\"pword2\" /><br />";
echo "Email :<input type=\"text\" id=\"email\" name=\"email\" /><br />";
// echo "Recheck email :<input type=\"text\" id=\"email2\" name=\"email2\" /><br />";
echo "D.O.B :<select id=\"d_day\" name=\"d_day\">";
for($i=1;$i<32;$i++) {
echo "<option value=\"";
if($i < 10)
echo "0";
echo $i."\">".$i;
}
echo "</select><select id=\"d_mon\" name=\"d_mon\">";
for($i=1;$i<13;$i++) {
echo "<option value=\"";
if($i < 10)
echo "0";
echo $i."\">".$i;
}
echo "</select><select id=\"d_year\" name=\"d_year\">";
for($i=1900;$i<2010;$i++) {
echo "<option value=\"".$i."\">".$i;
}
echo "</select><br />";
echo "<br /><input type=\"submit\" /><br />";
echo "</fieldset>";
echo "</form>";
}
?>
<div id="instructions">Passwords should be at least 8 characters long with a number and or at least one special char</div>
</div>
</div>
</body>
</html>