Hi I want to split a variable to check what type of user they are. If they are user type 1 their username will be in the form "LLL" where L is a letter. If they are user type 2 their username will be in the form "LLNNNNN" where L is a letter and N is a number. I thought I could use PHP split and then is_numeric function to check the username. Would this be the best way to do it? If so what is the code I need to use to split the variable?
Many thanks for your help
NH
If "LLL" and "LLNNNN" are the 'standard' format, then you can use strlen to check the string length. If string length is 3, then its usertype1. If its 6, the usertype is 2. Well, this is the simplest way. But if you want to thoroughly check, you can explode the variable into an array, (so the array will be $arr[0]="L"; $arr[1]="L"; $arr[2]="L"; and so on ). Then foreach array element, check if its a character or a number. If the character count is 3 and number count is 0, then the usertype is 1. If character count is 2 and number count is 4, then its usertype2.
It really depends on what logic you want to use in your script.
The cleanest way to handle this is:
$id='ha12345';
switch(true)
{
case preg_match("/^\w{2}\d{5}$/",$id):
//user is LLNNNNN
echo "LLNNNNN";
break;
case preg_match("/^\w{3}$/",$id):
//user is LLL
echo "LLL";
break;
default:
//put login error here. use "username or password" is wrong so they
//can't brute-guess your id format or ids. You also don't want to mention
//"incorrect format".
}For lots of regex goodness go here for tutorial. It's for .Nut but regex works the same way for any perl compatible regex and this tutorial is really easy to understand compared to others.
Insight into this particular regex.
each significant part is followed by the explanation in brackets:
/^[from start of string]\w{2}[expect 2 word characters]\d{5}[then 5 numeric digits]$[then end of string]/
This way 1234-ha12345-3242lkj won't match, even though there is a LLNNNNN substring in it.
preg_match returns boolean so you can use it wherever true or false will trip a condition, like in an if, or while, whatever. It is very flexible and powerful but not the most efficient.
You are damn right !
forgot to mention the security and language compatibility benefit... \w will match non-english characters if locale is set (usually with a language pulldown)
The security benefit is such a login check immunizes you against sql and XSS injection on your login form field by locking in the allowable patterns and size. The approach of the OP was a good one even if he needed a little help with details...
If you use php to hash the user password input instead of mysql's password function, you break sql injection on the password, since you will match passwords on the hashed value, not plain text in the query using mysql's password() function. An injection attempt will just get gobbled. You also avoid sending a plaintext password over your network if the mysqld is on another server.
-Viz
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.