Make sure username is not a phone number

Question

I'm writing a mobile website and I would like the user to be able to login via username or phone number. I think the easist way to validate their response it to not allow them to signup using a phone number as their user name.

The problem is that I'll need to check if the input of the username field is JUST a 10 or 11 digit number. This is where my inexperance in regex comes to my disadvantage. I'm hoping to try something like

    function do_reg($text, $regex)
{
    if (preg_match($regex, $text)) {
        return TRUE;
    } 
    else {
        return FALSE;
    }
}

     $username = $_POST['username'];
     if(do_reg($username, '[0-9]{10,11}')){
            die('cannot use a 10 or 11 digit number as a username');
     }

The above regex is matching all numbers that are 10-11 digits long. I think maybe I need a way to say if the ONLY thing in the user input field is a 10-11 digit number get mad otherwise release the butterflies and rainbows.

EDIT: For the record I decided to make sure the username wasn't JUST a number. Thought this would be simpler and I didn't like the idea of having people use numbers as logins.

So I ended up with

if (!empty($username) && preg_match('/^\d+$/', $username )) {
              die('username cannot be a number');
}

Thanks for the help all.

Your `do_reg` function has no reason to exist. It's useless - use `preg_match` instad. — hsz, Apr 03 '11 at 21:59

score 7 · Accepted Answer · answered Apr 03 '11 at 22:00

7

You are almost correct, except PCRE in PHP requires delimiters, and probably some anchors to make sure the field consists only of numbers.

 if(do_reg($username, '/^\d{10,11}$/')){
//                     ^^         ^^

And probably use \d instead of [0-9].

(BTW, you should just call preg_match directly:

if (!preg_match('/^\d{10,11}$/', $username)) {
   release('bufferflies', 'rainbows');
}

answered Apr 03 '11 at 22:00

kennytm

510,854
105
1,084
1,005

I would recommend always using `[0-9]`, not `\d` for the following reason: http://stackoverflow.com/questions/890686/should-i-use-d-or-0-9-to-match-digits-in-a-perl-regex/891741#891741 – Matt Apr 03 '11 at 22:22
@Matt: Depends on whether OP wants to accept ５５５６７８９ as a phone number :) – kennytm Apr 03 '11 at 22:29
is there any speed advantages to `\d` over `[0-9]` I tend to use them interchangable with no ryme or reason. – Brooke. Apr 03 '11 at 23:09

score 3 · Answer 2 · answered Apr 03 '11 at 22:00

3

You need to anchor the regex to match the entire string: ^[0-9]{10,11}$.

^ matches the beginning of a string; $ matches the end.

answered Apr 03 '11 at 22:00

SLaks

868,454
176
1,908
1,964

score 1 · Answer 3 · answered Apr 04 '11 at 00:01

1

Limit usernames to only 10 characters and require there username to start with a letter. How would a user write a 10 digit phone number as their username if they are required to enter in at least 1 alpha character (since phone numbers can't start with a 0/o or a 1/l)? (Heck I would require at least 3 alpha chars just to be safe).

When your app gets bigger then you can allow for longer usernames and take into account some of these issues:

Do not use ^ or $ signs if you are only testing the username: if(do_reg($username, '/^\d{10,11}$/')){

The reason I say this is anyone could defeat that by placing a letter in their username, a1235551212 instead use this: if(do_reg($username, '/\d{10,11}/')){ because that will flag a1235551212d

Also, importantly, remember, that all of these regular expressions are only checking for numbers, there's nothing to stop a user from doing the following: ltwo3for5six7890. Unless of course you limit the username size.

answered Apr 04 '11 at 00:01

user2150628

79
2

I don't care if they use a number as a username persay. It's more of I don't want the possiiblity of a username matching a phone number. I am checking for unique phone numbers but when they login I want to be able to say `if ($login == $digits) {//use phone} else{ //use username} However, plus 1 for requiring at least one alpha character I like that idea :) – Brooke. Apr 04 '11 at 00:34
The plus one is in conjunction with the max length of 10 for the username. I still recommend at least 3 alpha chars and the username starts with a char. If you only use 1 alpha then the user could do 123555l2l2 (notice the L's). What I was trying to get at in my last example is that ltwo3for5six7890 is actually a phone number in disguise. – user2150628 Apr 04 '11 at 00:43
yeah the problem isn't it being a phone number. Or even looking like a phone number. I'm storing my phone numbers at 11 digits in my database. So when they login I just need to make sure the username or the phonenumber match what they enterd on login. So if `ltwo3for5six7890` matched their username that's fine. I just don't want one user with `15555555555` as their username and another as `15555555555` as their phone number because then my query would return two results. – Brooke. Apr 04 '11 at 01:08

score 0 · Answer 4 · answered Apr 03 '11 at 22:06

0

You just should include start and end of the string in the regex

^[0-9]{10,11}$

answered Apr 03 '11 at 22:06

pcofre

3,976
18
27

Make sure username is not a phone number

4 Answers4