2

I am trying to add one more step that if entered password contains entered username then it returns error that pass cannot contain username. I am talking about 'contains', and not wholy the password. In that case I could simply do elseif($password == "$user_username") $error .= $lang['46'];}

$user_username = cleanit($_REQUEST['username']);
STemplate::assign('user_username',$user_username);
$password = cleanit($_REQUEST['password']);
STemplate::assign('password',$password);
if($user_username == "")
{
    $error .= $lang['41'];  //Error: Please enter your username
}
elseif(strlen($user_username) < 4) //Your username should have 4 chars 
{
    $error .= $lang['42'];  
}
elseif(!preg_match("/^[a-zA-Z0-9]*$/i",$user_username)) //name only contains letters and numbers
{
    $error .= $lang['43'];
}
elseif(!verify_email_username($user_username)) //username already taken
{
    $error .= $lang['44'];
}
elseif($password == "") //no password entered
{
    $error .= $lang['45'];  
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
Asim
  • 72
  • 7
  • [The Definitive Guide to Forms Based Website Authentication](http://stackoverflow.com/a/477578/623041). – eggyal Jun 05 '12 at 22:07

3 Answers3

3

Just append this to your condition: 

elseif(stristr($password, $username) !== false) // password contains username
{
    $error .= $lang['46'];  
}
AlienWebguy
  • 76,997
  • 17
  • 122
  • 145
  • somehow your script have managed to not to work for me ^_-. what i have done is that added password not equal to username and must contain atleast one number or special character. !preg_match("#[0-9\W]+#", $password) – Asim Jun 06 '12 at 11:33
3

The easiest thing is going to be stripos:

$username = "Corbin";
$password = "mynameiscorbin";
if (stripos($password, $username) !== false) {
    //password contains username
}
Corbin
  • 33,060
  • 6
  • 68
  • 78
0

I think you are looking for stripos().

jeremyharris
  • 7,884
  • 22
  • 31