mysql - how to check if password contains username in php -
this code. trying add 1 more step if entered password contains entered username returns error pass cannot contain username. talking 'contains', , not wholy password. in case elseif($password == "$user_username") $error .= $lang['46'];}
also thank full if can tell me vulnerablties in script
$user_username = cleanit($_request['username']); stemplate::assign('user_username',$user_username); $password = cleanit($_request['password']); stemplate::assign('password',$password); if($user_username == "") { $error .= $lang['41']; //error: please enter username } elseif(strlen($user_username) < 4) //your username should have 4 chars { $error .= $lang['42']; } elseif(!preg_match("/^[a-za-z0-9]*$/i",$user_username)) //name contains letters , numbers { $error .= $lang['43']; } elseif(!verify_email_username($user_username)) //username taken { $error .= $lang['44']; } elseif($password == "") //no password entered { $error .= $lang['45']; } if($error == "") { $sid = intval($_session['userid']); $pw = md5($password); $query="update members set username='".mysql_real_escape_string($user_username)."', password='".mysql_real_escape_string($pw)."', pwd='".mysql_real_escape_string($password)."' userid='".mysql_real_escape_string($sid)."'"; $result=$conn->execute($query); $_session['username']=$user_username; header("location:$config[baseurl]/welcome");exit; }
just append condition:
elseif(stristr($password, $username) !== false) // password contains username { $error .= $lang['46']; }
Comments
Post a Comment