some characters in password field

Forum Moderators: coopster

Message Too Old, No Replies

some characters in password field

rigaconnect

3:13 pm on Feb 7, 2013 (gmt 0)

I have problems with some characters in password input form

" = \"
' = \'
\ = \\
& = empty
+ = empty

so if user types
n1N'11

in output he will get
n1N\'11

1) what I am doing wrong? In ajax-php password validation file I use simply $password=$_POST['password']; and get such result. In file that records data in mysql, I use $password = $mysqli->real_escape_string($_POST['password']);. But these problems are already at password validation...

2) How to change? I can change \" back to ", but can not change empty to & or +, because do not know what the visitor typed. Or simply not to allow to enter & and +

3) are there some more characters like mentioned?

I am new to programming. Possibly the questions are stupid.

skoff

3:48 pm on Feb 7, 2013 (gmt 0)

you should read more about real_escape_string.. this is it's job.. [php.net...]

brotherhood of LAN

3:54 pm on Feb 7, 2013 (gmt 0)

That'll be "magic quotes", a good intentioned but unncessary/confusing implementation in PHP. The PHP manua has a page on magic quotes [php.net] and how to disable them.

rigaconnect

5:11 pm on Feb 7, 2013 (gmt 0)

hmmm
input code is this
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div style="width:150px; float:left">Password:</div>
<div style="width:770px; float:left">

<input onkeyup="ValidatePassword(this.value)" name="password" type="text" id="password" size="27" value="<?php echo $_POST['password']; ?>"><span id="CheckPassword"></span>
</div>

<div>
<input style="font-weight: bold; color: #fff; background-color: #5D964A; width: 100px; height: 25px;" name="register" type="submit" id="register" value="Register">
</div>

with ajax input is transferred to php
<script type="text/javascript">
// Pasword validation
//pass data without page refresh
function ValidatePassword(){
// Create our XMLHttpRequest object
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
var hr = new XMLHttpRequest();
}
else
{// code for IE6, IE5
var hr = new ActiveXObject("Microsoft.XMLHTTP");
}
// Create some variables we need to send to our PHP file
var url = "_password_validator.php";
var pass = document.getElementById("password").value;

var vars_pass = "&password="+pass;

hr.open("POST", url, true);
// Set content type header information for sending url encoded variables in the request
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// Access the onreadystatechange event for the XMLHttpRequest object
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
document.getElementById("CheckPassword").innerHTML = return_data;

}
}
// Send the data to PHP now... and wait for response to update the status div
hr.send(vars_pass); // Actually execute the request
document.getElementById("CheckPassword").innerHTML = "processing...";
}
</script>

php receives
$password=$_POST['password'];

then validates
elseif( preg_match('/\s/',$password) ) {//preg_match � Perform a regular expression match
$error .= '<font color="#FF0000">Password contains spaces. Please, delete spaces.</font>';
}

If in input enter + or & get info that password contains spaces.
Need to search for reasons in ajax... but do not see something wrong

rigaconnect

5:52 pm on Feb 7, 2013 (gmt 0)

sorry, found answer by myself. May be will be useful for someone else
var vars_pass = "&password="+pass;
must change to
var vars_pass = "&password="+encodeURIComponent(pass);