stackoom
  简体   繁体   中英

function for checking strlen of a password doesn't work in php

 原文  2021-12-23 09:18:50       php/ function/ string-length

Question

I was making a sign-up page and everything worked and got send to the db but you could enter a weak pwd. I wanted to make sure that the pwd length had a minimum length of 8. I added these lines of code but when I tested it it skipped this code and you could enter any pwd you want. does anyone know why this line is getting skipped and what a sollution for this problem is?

function pwdTooShort($pwd) {
    $result;

    if (strlen($pwd) > 7) {
        $result = true;
    }
    else{
        $result = false;
    }
    return $result;
}

if (isset($_POST["submit"])) {
    $pwd = $_POST["pwd"];
    require_once 'functions.inc.php';

    if(pwdTooShort($pwd) !== false)  {
        header("location: ../sign-in.php?error=passwordtooshort");
        exit();
    }
}

if (isset($_GET["error"])){
    if($_GET["error"] == "passwordtooshort"){
        echo "<p> password is too short </p>";
    }
}

<form action="include/signup.inc.php" method = "post">
    <input type="password" name = "pwd" />
</form>

2 answers

solution1
 1 ACCPTED  2021-12-23 09:38:40

You have some logic issues.

Your pwdTooShort() will now return true if the password has more than 7 characters (backwards). You can change that function to:

function pwdTooShort($pwd)
{
    // Return true if it is 7 characters or shorter
    return mb_strlen($pwd) <= 7;
}

I also changed strlen() to mb_strlen() to account for multibyte characters, as @vee suggested in comments.

Improvement suggestion

The if -statement is technically correct, but is "over complicated".

You can change

if (pwdTooShort($pwd) !== false)

to either

if (pwdTooShort($pwd) === true)

or just

if (pwdTooShort($pwd))

to make it easier to read

solution2
 0  2021-12-23 09:41:27

From your function name to check password too short, I think it should return true if too short and false if it is not.
Here is the code. It is just flip true and false .

/**
 * Check if password is too short (less than 8 characters).
 *
 * @param string $pwd The raw password without hash.
 * @return bool Return `true` if it is too short, return `false` if it is not.
 */
function pwdTooShort($pwd) {
    $result;

    if (mb_strlen($pwd) > 7) {
        $result = false;
    }
    else{
        $result = true;
    }
    return $result;
}

The code above, I changed from strlen() to mb_strlen() to let it supported multi byte characters (unicode text) and exactly count the characters.
I recommend you not limit the characters to non unicode. This is recommeded by OWASP .

Allow usage of all characters including unicode and whitespace. There should be no password composition rules limiting the type of characters permitted.

The whitespace they said means between character. You can still trim($password) .

The rest of the code will be work fine with this.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question __toString method doesn't work with strlen function strlen() doesn't work with $_POST PHP - why doesn't count() work like strlen() on a string? Nusoap doesn't work with PHP password_hash function? Why strlen doesn't work in a paticular digit php password check with hash doesn't work Username and Password validate doesn't work in PHP? Checking PHP Strlen of multiple strings php strlen range function php strlen function and 2 vars
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM