using regular expressions in a registration form
hello
I am trying to use regular expressions in a registration form to stop mysql injections but to also validate e-mail and to create a strong password.
I am able to get the regular expression for the password working by itself.
I have tried using javascript function that is called with an onbuttonclick when you click on the submit button
If any one could help would appreciate have included the regular expressions code I have been using as well as the registration form
thanks
======
code in the header
code in the bodyCode:function validate(){ password = document.getElementById("pword").value; email = document.getElementById("email").value; if (password.match(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;){ alert("Strong Password"); else { alert("Weak password"); } if (email.match("^.*\..{2,4}") == null){ alert("That is not a valid email address"); } else { </script>
echo "<button type = \"button\" onclick = \"validate()\"submit\"</button>";
============
here is the regular expressions code
Code:var pw_pattern = /(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/; function check_pattern(divID, pattern) { var the_string = document.getElementById(divID).value; if(the_string.match(pattern)) { alert("Strong Password"); } else { //alert("Weak password"); } } var sql_pattern = /(^.[delete])(([select])|([.\;])|([*]).*$/; function check_pattern(divID, pattern) { var the_string = document.getElementById(divID).value; if(the_string.match(pattern)) { //alert("login successful"); } else { //alert("login failed"); } }
below is the code of the registration form which works
Code:<html> <head> <title>title</title> <script></script> <link rel="stylesheet" href="style/layout.css" media="screen" /> </head> <body> <div id="container"> <?php include('include/header.php'); ?> <?php include('include/submenu.php'); ?> <?php include('include/navmenu.php'); ?> <div id="content"> <?php if(isset($_POST['uname'])) { // check the value $con = mysql_connect("localhost", "root", ""); if(!$con) { die("Unable to connect to DBMS. Please try again later."); } else { $fn = $_POST["fname"]; $sn = $_POST["sname"]; $un = $_POST["uname"]; $pw = $_POST["pword"]; $eml = $_POST["email"]; $dob = $_POST["d_year"]."-".$_POST["d_mon"]."-".$_POST["d_day"]; mysql_select_db("quizes", $con); $strQ = "INSERT INTO users(username, password, name, surname, email_address, dob) VALUES ('"; $strQ = $strQ.$un."', '"; $strQ = $strQ.$pw."', '"; $strQ = $strQ.$fn."', '"; $strQ = $strQ.$sn."', '"; $strQ = $strQ.$eml."', '"; $strQ = $strQ.$dob."');"; mysql_query($strQ); // code for retrieving the id number of the new account $to = ""; $subject = ""; $content = "<a href=\"http://localhost/activate.php?id=".$id."\">activation link</a>"; $header = "From: noreply@ttt.com"; //mail($to, $subject, $content, $header); // send the user activation email echo "A mail with an activation link has been sent to your email address. Please click on the link to activate your account"; // inform the user // link to the welcome page echo "<br />Click here to return to the <a href=\"main.php\">welcome page</a>."; echo "Data successfully added to the DB."; } } else { // show them the form echo "<form action=\"registration.php\" method=\"POST\">"; echo "<fieldset><legend>Registration Form</legend>"; echo "Name :<input type=\"text\" id=\"fname\" name=\"fname\" /><br />"; echo "Surname :<input type=\"text\" id=\"sname\" name=\"sname\" /><br />"; echo "Username :<input type=\"text\" id=\"uname\" name=\"uname\" /><br />"; echo "Password :<input type=\"password\" id=\"pword\" name=\"pword\" /><br />"; // echo "Recheck Password :<input type=\"password\" id=\"pword2\" name=\"pword2\" /><br />"; echo "Email :<input type=\"text\" id=\"email\" name=\"email\" /><br />"; // echo "Recheck email :<input type=\"text\" id=\"email2\" name=\"email2\" /><br />"; echo "D.O.B :<select id=\"d_day\" name=\"d_day\">"; for($i=1;$i<32;$i++) { echo "<option value=\""; if($i < 10) echo "0"; echo $i."\">".$i; } echo "</select><select id=\"d_mon\" name=\"d_mon\">"; for($i=1;$i<13;$i++) { echo "<option value=\""; if($i < 10) echo "0"; echo $i."\">".$i; } echo "</select><select id=\"d_year\" name=\"d_year\">"; for($i=1900;$i<2010;$i++) { echo "<option value=\"".$i."\">".$i; } echo "</select><br />"; echo "<br /><input type=\"submit\" /><br />"; echo "</fieldset>"; echo "</form>"; } ?> <div id="instructions">Passwords should be at least 8 characters long with a number and or at least one special char</div> </div> </div> </body> </html>
CSS Codes
Reply With Quote
Bookmarks