0

I have a form, but I am having trouble getting the strlen function to work. Below is an example of the code - there is validation further down. I've commented out the code that isn't working. Basically, all I want to do with this section of code is determine that the passwords match, and are more than 7 characters long.

Can anyone help?

if (isset($_POST['formName']) && $_POST['formName'] == "addUser") {

if ( ( $_POST['frmName'] != '') &&
     ($_POST['frmSurname'] != '') &&
     ($_POST['frmEmail'] != '') &&
     ($_POST['frmPassword1'] != '') ) {


    if ($_POST['frmPassword1'] != $_POST['frmPassword2'] )  {

        echo "Passwords do not match!";
    } 

/*  if (strlen( ($_POST['frmPassword1']) < 7 ) {

        echo "Passwords much be a minimum of 7 characters"; 
    } */
buczek
  • 2,011
  • 7
  • 29
  • 40
Tatws24
  • 107
  • 1
  • 2
  • 10
  • 2
    that strlen line has 3 `(` and only 2 `)`, so it's an outright syntax error if you uncomment it. – Marc B Jun 16 '16 at 17:39
  • 1
    Also are `formName` and `frmName` different fields??? – AbraCadaver Jun 16 '16 at 17:40
  • `if (strlen($_POST['frmPassword1']) > 7 )` – Andreas Jun 16 '16 at 17:40
  • 2
    Allow users to use the [passwords / phrases](https://xkcd.com/936/) they desire. [Don't limit passwords.](http://jayblanchard.net/security_fail_passwords.html) – Jay Blanchard Jun 16 '16 at 17:42
  • *Preemptive strike...* **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jun 16 '16 at 17:43
  • agree Jay, I hate when someone tells me how my passord should look. It always means I forget it. – Andreas Jun 16 '16 at 17:43

3 Answers3

2

Look at your ():

strlen( ($_POST['frmPassword1']) < 7 )
      a b                      b     a
      ^-----strlen-------------------^

You're not testing the length of the $_POST value, you're doing strlen on the boolean result of foo < 7, which will always be 0/1:

php > var_dump(strlen(true), strlen(false));
int(1)
int(0)

YOu need:

if (strlen($_POST['frmPassword1']) < 7) {
   a      b                      b    a

Note the labels on the ().

Marc B
  • 356,200
  • 43
  • 426
  • 500
0

You are missing end )

if (strlen( ($_POST['frmPassword1']) < 7 ) {
   1      2  3                     3     2  # 1 is missing

So it would be 

if (strlen( ($_POST['frmPassword1']) < 7 ) ){
   1      2  3                     3     2 1

NOTE : In your question you have mentioned that passwords match, and are more than 7 characters. So use <= (less than or equal).

Abdulla Nilam
  • 36,589
  • 17
  • 64
  • 85
0

This is where its messed up:

if (strlen( ($_POST['frmPassword1']) < 7 ) {

Let's start that statement over.

First you want the string represented by form field frmPassword1:

$_POST['frmPassword1']

Then you want the string length:

strlen($_POST['frmPassword1'])

Then you want to compare it to less than 8 because you specifically asked for more than 7 characters. Therefore, your expression would be:

strlen($_POST['frmPassword1']) < 8

Now make that a complete condition like so:

if( strlen($_POST['frmPassword1']) < 8 ){
 //insert relevant code here telling users password is too short
}

Now you have a working block of code.

Mike -- No longer here
  • 2,064
  • 1
  • 15
  • 37