| some characters in password field
|
rigaconnect
msg:4543446 | 3:13 pm on Feb 7, 2013 (gmt 0) |
I have problems with some characters in password input form
" = \"
' = \'
\ = \\
& = empty
+ = empty
so if user types
n1N'11
in output he will get
n1N\'11
1) what I am doing wrong? In ajax-php password validation file I use simply $password=$_POST['password']; and get such result. In file that records data in mysql, I use $password = $mysqli->real_escape_string($_POST['password']);. But these problems are already at password validation...
2) How to change? I can change \" back to ", but can not change empty to & or +, because do not know what the visitor typed. Or simply not to allow to enter & and +
3) are there some more characters like mentioned?
I am new to programming. Possibly the questions are stupid.
|
skoff
msg:4543457 | 3:48 pm on Feb 7, 2013 (gmt 0) |
you should read more about real_escape_string.. this is it's job.. [php.net...]
|
brotherhood of LAN
msg:4543459 | 3:54 pm on Feb 7, 2013 (gmt 0) |
That'll be "magic quotes", a good intentioned but unncessary/confusing implementation in PHP. The PHP manua has a page on magic quotes [php.net] and how to disable them.
|
rigaconnect
msg:4543476 | 5:11 pm on Feb 7, 2013 (gmt 0) |
hmmm
input code is this
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div style="width:150px; float:left">Password:</div>
<div style="width:770px; float:left">
<input onkeyup="ValidatePassword(this.value)" name="password" type="text" id="password" size="27" value="<?php echo $_POST['password']; ?>"><span id="CheckPassword"></span>
</div>
<div>
<input style="font-weight: bold; color: #fff; background-color: #5D964A; width: 100px; height: 25px;" name="register" type="submit" id="register" value="Register">
</div>
with ajax input is transferred to php
<script type="text/javascript">
// Pasword validation
//pass data without page refresh
function ValidatePassword(){
// Create our XMLHttpRequest object
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
var hr = new XMLHttpRequest();
}
else
{// code for IE6, IE5
var hr = new ActiveXObject("Microsoft.XMLHTTP");
}
// Create some variables we need to send to our PHP file
var url = "_password_validator.php";
var pass = document.getElementById("password").value;
var vars_pass = "&password="+pass;
hr.open("POST", url, true);
// Set content type header information for sending url encoded variables in the request
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// Access the onreadystatechange event for the XMLHttpRequest object
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
document.getElementById("CheckPassword").innerHTML = return_data;
}
}
// Send the data to PHP now... and wait for response to update the status div
hr.send(vars_pass); // Actually execute the request
document.getElementById("CheckPassword").innerHTML = "processing...";
}
</script>
php receives
$password=$_POST['password'];
then validates
elseif( preg_match('/\s/',$password) ) {//preg_match — Perform a regular expression match
$error .= '<font color="#FF0000">Password contains spaces. Please, delete spaces.</font>';
}
If in input enter + or & get info that password contains spaces.
Need to search for reasons in ajax... but do not see something wrong
|
rigaconnect
msg:4543494 | 5:52 pm on Feb 7, 2013 (gmt 0) |
sorry, found answer by myself. May be will be useful for someone else
var vars_pass = "&password="+pass;
must change to
var vars_pass = "&password="+encodeURIComponent(pass);
|
|
|
