Say I have a simple form:
<form action="register.php" method="post">
<label>Password:</label>
<?php if (isset($errors[1])) echo $errors[1]; ?> <- Displays error message if there is one
<input type="password" name="user_pass" />
<label>Confirm Password:</label>
<input type="password" name="user_pass_confirm" />
<input type="submit" />
</form>
$user_pass = $security->encrypt($_POST['user_pass']);
$user_pass_confirm = $security->encrypt($_POST['user_pass_confirm']);
$registration->form($user_pass, $user_pass_confirm);
And a class:
if (empty($user_pass)) {
$errors[1] = 'Passwords required';
} else if ($user_pass != $user_pass_confirm) {
$errors[1] = 'Passwords don't match';
}
//if error array empty, create member
What I'm trying to do is validate the password to make it required, make sure they match and I would also add in a preg_match regular expression to ensure that it was at least 8 characters long or whatever.
My problem is, I've already encrypted the password before I submit it (which I believe unencrypted passwords shouldn't be posted, correct me if I'm wrong).
And then when my class gets the encoded string I can't do anything to validate it. I could check for empty by comparing the fields to the encrypted/salted version of nothing but I'm certain that's not the way to do it.
Can anyone point me to the standard procedure for validating passwords or whatever your suggestions are on the solution.
Many thanks