-2

i am trying to set a login/sign up part for my site and i am trying to make it so that the user needs to make a password that cant be all uppercase or all lowercase and no less than 8 characters. this is my code and i am not quite sure where it is going wrong or why it isnt working. any ideas?

  if (isset($_POST['submit'])) {

    include_once 'dbh.php';

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //Check for empty fields
    if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    } else {
        //Check if input char are valid
        if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check if email is valid
            if(strlen($pwd) >=8) {
                if (!ctype_upper($pwd) && !ctype_lower($pwd)){
                    echo "great"
            }
        }}


            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {
                $sql = "SELECT * FROM users WHERE user_uid= '$uid'";
                $result = mysqli_query($conn, $sql);
                $resultCheck = mysqli_num_rows($result);

                if ($resultCheck > 0) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing the password
                    $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                    //Insert the user into the database
                    $sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
                    mysqli_query($conn, $sql);
                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }
    }


} else {
    header("Location: ../signup.php");
    exit();
}
madoreo
  • 33
  • 2
  • 9

1 Answers1

-1

You missed semicolon(;) at echo "great";

if (!ctype_upper($pwd) && !ctype_lower($pwd))
{
    echo "great";
}

And there is one excess closing bracket(}) before last else:

}
else {
    header("Location: ../signup.php");
    exit();
}

Try these templates for regular expressions to check your password:

<?php

$passw = "ABFaDAasS";

print_r(preg_match("/^[A-Za-z]{8,}$/",$passw)); // Lowercase and uppercase with length 8 or more. Prints 1 or true
print_r(preg_match("/^[a-z]{8,}$/",$passw)); // Lowercase with length 8 or more. Prints 0 or false
print_r(preg_match("/^[A-Z]{8,}$/",$passw)); // Uppercase with length 8 or more. Prints 0 or false
print_r(preg_match("/^[A-Za-z0-9]{8,}$/",$passw)); // Lowercase and uppercase and all numbers with length 8 or more. Prints 1 or true

But usually after your check syntax you should use hash from given passwords, can just use md5 function like:

echo md5("password"); //prints 5f4dcc3b5aa765d61d8327deb882cf99
Alexey Usachov
  • 1,366
  • 2
  • 6
  • 14