Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Valadate Forms Input
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> PHP
Author Message
pinkbeef
Client



Joined: Jul 19, 2005
Posts: 68
PostPosted: Tue Apr 28, 2009 4:35 pm Reply with quote
Hi I just found this example of a simple form valadation script, can anyone advise m on its security. if its ok ill use it in a RN nuke module.
I found it here ;
http://www.dreamincode.net/forums/showtopic46323.htm

Code:



<?php


if(isset($_POST['formdata'])) {


$information = $_POST['formdata'];


$validate1 = eregi('[^a-z0-9 ]', $information);


$validate1 = (int)$validate1;


$validate2 = eregi('naughty|word', $information);


$validate2 = (int)$validate2;


$validate3 = eregi('[0-9] [a-z]{4,}', $information);


$validate3 = (int)$validate3;


$validate4 = eregi('^(STAFF_)', $information);


$validate4 = (int)$validate4;


$validate5 = strlen($information);


if ($validate1 == 0 && $validate2 == 0 && $validate3 == 1 && $validate4 == 0 && $validate5 > 2 && $validate5 < 25) {


echo "Success!  \"<i>$information</i>\" is a valid string";


// Coding goes here.... inserting to a database?  Setting cookies?  Who knows.  But it passed the gauntlet


} else { 


echo "Sorry, \"<i>$information</i>\" failed.  Here's why: <ul>";


   if ($validate1 == 1) {


echo "<li>Your string contains invalid characters.  It can only contain letters, numbers, and spaces.</li>";


} if ($validate2 == 1) {


echo "<li>Egad!  Don't talk like that! (Hotwords: 'naughty' and 'word')</li>";


} if ($validate3 == 0) {


echo "<li>That doesn't look like a valid address to me! (Must be a number, follwed by a space, then at least four letters)</li>";


} if ($validate4 == 1) {


echo "<li>Sorry, but all accounts starting with <b>STAFF_</b> have been reserved.</li>";


} if ($validate5 < 3) {


echo "<li>\"<i>$information\"</i> is too short (only $validate5 characters)!  It needs to be at least 3.</li>";


} if ($validate5 > 24) {


echo "<li>\"<i>$information</i>\" is too long (a whole $validate5 characters)!  It can't be more than 24.</li>";


}


echo "</ul>";  }


}


?>


<br />


<form action='validator.php' method='post'>


<input type='text' name='formdata' />


<input type='submit' value='Test that string!' />


</form>
[/url]
 
View user's profile Send private message
eldorado
Involved
Involved



Joined: Sep 10, 2008
Posts: 424
Location: France,Translator
PostPosted: Tue Apr 28, 2009 11:35 pm Reply with quote
Sounds like it's a signup form for me. Yes it's good for me. Doesn't allow anything else than [0-9][A-z].

Paranoia rule #1 Thou will not let malicious usernames in your SQL

_________________
United-holy-dragons.net (My RN site)- Rejekz(cod4 clan) - gamerslounge 
View user's profile Send private message Visit poster's website MSN Messenger
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
PostPosted: Wed Apr 29, 2009 7:19 am Reply with quote
You should not need to do a int on all those expressions. Eregi will tell you whether it matches directly.
 
View user's profile Send private message Visit poster's website
pinkbeef
PostPosted: Wed Apr 29, 2009 11:43 am Reply with quote
Nuke has its own signup process which i use, but id like to collect other data that data is as said only short inputs a/z 0/9.

Thanks for the input.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> PHP


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©