How can I limit the user so that his password should not contain his name/user/e-mail?
This is the validation script that I use at the moment:
<?php
$register = $_POST['register'];
if (isset ($register))
{
$email = mysql_real_escape_string($_POST['email']);
$username = mysql_real_escape_string($_POST['username']);
$password = sha1(md5(mysql_real_escape_string($_POST['password'])));
$repeat_password = sha1(md5(mysql_real_escape_string($_POST['repeat_password'])));
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$birthday = mysql_real_escape_string($_POST['birthday']);
$sex = mysql_real_escape_string($_POST['sex']);
$registered = date("Y-m-d H:i:s");
// Form validation
// Password validation
$password = $_POST["password"];
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$number = preg_match('@[0-9]@', $password);
$length = preg_match("@^.{8,}$@" , $password);
if(!$uppercase || !$lowercase || !$number || !$length ) {
echo "Parola trebuie sa aiba min 8 caractere si sa contina cel putin o litera mare, o litera mica si o cifra.";
}
// Password = Password validation
elseif ($_POST['password'] != $_POST['repeat_password'])
{
echo "Parolele nu corespund.";
}
// E-mail address format
elseif (!filter_var($email,FILTER_VALIDATE_EMAIL))
{
echo "Formatul adresei de email este invalid.";
}
// No e-mail typed
elseif (empty($_POST['email']))
{
echo "Nu ati completat adresa de email.";
}
// No username typed
elseif (empty($_POST['username']))
{
echo "Nu ati completat numele de utilizator dorit.";
}
// No password or password validation typed
elseif ((empty($_POST['password']) or empty($_POST['repeat_password'])))
{
echo "Parola trebuie introdusa in ambele campuri.";
}
// MySQL validations
else
{
require_once("db_connect.php");
$query_email="SELECT email FROM users WHERE email='$email'";
$result_email=mysql_query($query_email) or die (mysql_error());
$query_username="SELECT username FROM users WHERE username='$username'";
$result_username=mysql_query($query_username) or die (mysql_error());
// Check if e-mail exists
if (mysql_num_rows($result_email)>0)
{
echo "Email-ul introdus a mai fost inregistrat.";
}
// Check if user exists
elseif (mysql_num_rows($result_username)>0)
{
echo "Username-ul introdus a mai fost inregistrat. Va rugam sa va alegeti alt username.";
}
// Add new user to database
else
{
$query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
mysql_query($query) or die (mysql_error());
echo "Cont creat cu succes!";
// Send E-mail
$to = $_POST['email'];
$subject = "Contul meu";
$message = "Contul dumneavoastra a fost creat cu succes! Date contului sunt: ";
$from = "someonelse@example.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers);
}
}
}
?>
I know that MySQL is depreciated. I'll switch to MySQLi ASAP and adapt the script so that it won't be SQL Injection vulnerable. The echoed messages are in romanian. I guess you don't need them translated. Just ignore them.
Since I don't have an e-mail server please check out the "Send E-mail" part as well and let me know if it would work, it's the first time that I use it.
Let me know before downrating so that I can edit my question. Thanks!