validation of user name / email / password

Forum Moderators: coopster

Message Too Old, No Replies

validation of user name / email / password

rlkanter

11:19 pm on May 2, 2005 (gmt 0)

I currently have email and names being checked with the following:

Email: if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",
$email ) ){
Username Name:
if (!eregi("^[a-z0-9_-]{2,15}$",$name)

I'm not sure what to allow for passwords through, what is common?

Also is it safe to assume a md5 of a password will be a-z , A-Z, 0-9?

Right now I am creating a random md5'ed string that is stored in the user file. A cookie is stored on the users pc with their username and that random string in order to keep them logged in, once they initally login.

ironik

11:44 pm on May 2, 2005 (gmt 0)

I normally set a minimum strength on a password of 6 characters, (sometimes with forced use of a numerical character) and the optional use of punctuation characters. But, because it is hashed anyway, it doesn't really matter what you allow, just that you prevent users from putting silly things in like 1 character for a password. The more requirements you put in for a password the harder it'll be for someone to 'guess' a login, but you have to tread the line between strength and convenience.

The output of an md5 hash is always a-f 0-9 (hex-like characters).