0

I have reviewed the answers to this out the wazoo. I've googled this the same.

I have a variable that works really great with php 5.4 ereg but fails miserably with the latest stuff.

ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])))

I have tried the following with no joy:

preg_match('/^$user.$pass/',

preg_match('/{$user.$pass}/',

preg_match({$user.$pass},

preg_match('{$user.$pass}',

I don't know what to do. I've also tried rewriting the code to use different input lines, but to no avail.

Does the rest of the line need escaping as well?

Is it possible that this function just doesn't port easily into the latest php versions?

This is the complete line of code. It looks to see if a user and password match the user and password for this page and trims out spaces. (I probably should sanitize it outside of this if statement.) It also checks the SESSIONS status. It may be a bit ugly but it works great in 5.4:

elseif(((!empty($_POST['user']) and !empty($_POST['pass']) and ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])))) or (isset($_SESSION['logged']) and ($_SESSION['logged'] === true) and isset($_SESSION['user']) and ($_SESSION['user'] == $user))) and ($_SESSION['attempts'] < 5))

ADDITIONAL: I found a way around the ereg or the preg_match. It works great.

  • Perhaps you should internet search for an `ereg()` to `preg_match()` conversion wrapper. Worth a shot. – GetSet Jun 22 '20 at 18:05
  • Can you please reorganize the code sample? Also, what are the values of `$user` and `$pass`? Are they strings? – noam Jun 22 '20 at 18:28
  • GetSet, the search takes me down the same rabbit holes as before. –  Jun 22 '20 at 18:28
  • @noam, I don't know how (yet) to 'reorganize' the code. I have tried other approaches. The values are strings, usernames, and passwords. I just tried: preg_match('/strval($user.$pass)/', and that didn't work either. –  Jun 22 '20 at 18:30
  • @JimTippins, I meant reorganize the snippet in the question, so that it is easier to read. Your first attempt seems the closest one, except for the `^` in the beginning. Can you show how are you using the result? Are you only interested in the returned value of `ereg()`, or are you using the result array, that is passed as a third parameter? – noam Jun 22 '20 at 18:33
  • By the way, does this answer help? https://stackoverflow.com/questions/6270004/how-can-i-convert-ereg-expressions-to-preg-in-php – noam Jun 22 '20 at 18:38
  • @noam, I added the complete original line. –  Jun 22 '20 at 18:39
  • @noam, I have spent much time there. I am currently trying to rewrite the code... –  Jun 22 '20 at 18:49
  • I do not understand why this was closed as it is a different problem than the ones described in the "How can I convert ereg expressions to preg in PHP?" and I could not comment on that page because of being <50. Anyway, I fixed it. –  Jun 22 '20 at 20:52

1 Answers1

0

The (main) usage difference between ereg() and preg_match is the delimiters.

So if your code was:

ereg($user.$pass, preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])));

the new equivalent code should be:

preg_match('/'.$user.$pass.'/', preg_replace('/\s/', '', trim($_POST['user']).trim($_POST['pass'])));

Please note the lack of {, } or ^ in the first parameter of preg_match().

noam
  • 538
  • 5
  • 19
  • The program still fails with this line in php 7. Thanks for the response, noam. –  Jun 22 '20 at 18:56