Minimum and maximum strength length

Question

Im working on a form that needs a password that is between 6 and 25 characters. The username and fullname must be less than 25 characters. The username and fullname part works fine, but when I put in a password thats 10 characters long it echos out my error code as if it were less than 6. What Am I doing wrong with this?

Please take a look at the code and help me please: The issue is within the area commented as //check password length. Thanks everone

The php code is:

    <?php
    echo "<h1>Register</h1>";

    $submit = filter_input(INPUT_POST, 'submit');
    //form data
    $fullname = strip_tags (filter_input(INPUT_POST, 'fullname'));
    $username = strip_tags (filter_input(INPUT_POST, 'username'));
    $password = strip_tags(filter_input(INPUT_POST, 'password'));
    $repeatpassword = strip_tags(filter_input(INPUT_POST, 'repeatpassword'));
    $date = date("Y-m-d");

    if ($submit)
    {
    //check for existence
       if($fullname&&$username&&$password&&$repeatpassword)
       {
       $password = md5($password);
       $repeatpassword = md5($repeatpassword);

    if ($password==$repeatpassword)
    {
    //check char length of username and fullname
        if (strlen($username)>25||strlen($fullname)>25)
        {
        echo "Length of username or full name is too long!";
        }
        else
        {
        //check password length 
            if (strlen ($password)>25 || strlen ($password)<6)
            {
            echo "Password must be between 6 and 25 characters";
            }
            else
            {
            //register user 
            }


        }





    }
    else echo "Your passwords do not match";


}
else echo "Please fill in <b>all</b> fields!";


    }


   ?>`

and the html is:

    <html>

    <form action='register.php' method='POST'>
<table>
    <tr>
        <td>
        Your full name:
        </td>
        <td>
        <input type='text' name='fullname'>
        </td>

    </tr>

    <tr>
        <td>
        choose a username:
        </td>
        <td>
        <input type='text' name='username'>
        </td>

    </tr>


    <tr>
        <td>
        Choose a password:
        </td> 
        <td>
        <input type='password' name='password'>
        </td>

    </tr>

    <tr>
        <td>
        Repeat your password:
        </td> 
        <td>
        <input type='password' name='repeatpassword'>
        </td>

    </tr>

<table>
<p>
<input type='submit' name='submit' value='Register'>

This question appears to be off-topic because it is OBSOLETE. — CSᵠ, Oct 15 '14 at 14:39

ChrisWue · Answer 1 · 2012-04-08T21:11:57.407

1

You run MD5 on your password and repeat password before you compare it. Do the comparison and length checking before you run MD5 on them.

edited Apr 08 '12 at 21:11

answered Apr 08 '12 at 20:32

ChrisWue

18,612
4
58
83

Mark Byers · Accepted Answer · 2012-04-08T21:31:52.290

1

You overwrite the password with its MD5 sum here:

$password = md5($password);

I'd suggest using different variable names for these different values:

$password_md5 = md5($password);

Naming your variables appropraitely will remove confusion and reduce the risk of errors.

edited Apr 08 '12 at 21:31

answered Apr 08 '12 at 20:32

Mark Byers

811,555
193
1,581
1,452

Then I would send the variable $password_md5 to my database correct? – Ryan Sinclair Apr 08 '12 at 20:42
Correct; you could also just move the portion of code where you `md5` your password to where you `//register user`; no sense in using `md5` on `$repeatpassword` again since you've already checked that it matches the `$password`. – stealthyninja Apr 08 '12 at 20:44
I put $password = md5($password); just above //register user. But should I use $password = md5($password) or the $password_md5 = md5($password) there? Which is more friendly and less likely to cause future issues? – Ryan Sinclair Apr 08 '12 at 20:54
If you put `$password = md5($password);` there, then it should work just fine since presumably you then insert it into the database. Forget about `$password_md5`, that was just a suggestion Mark Byers made for future reference for storing the modified version of a variable when you still want to run checks on the original one. – stealthyninja Apr 08 '12 at 21:05

score 0 · Answer 3 · edited May 23 '17 at 12:05

0

Why won't you quit the MD5 and instead of that use Whirlpool?

$password_wp  = hash('whirlpool', $password);

Still having your doubts? If it is, your answer on Stackoverflow has already been answered :

Which one is more secured md5 or whirlpool (hashes) and Why?

{ more info }

http://md5-sha-whirlpool.reviews.r-tt.com

edited May 23 '17 at 12:05

Community

1
1

answered Jun 28 '14 at 06:17

Mr. Morgan

53
1
6

Minimum and maximum strength length

3 Answers3