Passing values in the same page & password-validation

[NoUser2U]

Hi all,I'm busy with a form (for the millionth time) but now i'm trying to really build up a website. Fortunately, since i practiced a lot the past few months i could write the form in a much shorter time then a couple of months ago.Anyway, i have some basic questions which i can't seem to resolve:QUESTION 1) My form has the scheme:

<?phpif(!$_POST || isset($_POST['edit'])) {?>	<!-- HTML-form here (method=post) -x1	form contains a submit button with value="preview"--><?php} elseif(isset($_POST['preview'])) {	// 1- do some validation on user submitted form x1?>	<!-- 2- display users information to let user check for misspellings, display this in another HTML-form (method=post) -x2	using hidden input fields and 2 submit buttons at the end, one with value="submit" the other 	with value="edit" --><?php	} elseif(isset($_POST['submit'])) {	//write to database}?>

Now i need to pass the password that's inserted by the user in form -x1 (see above, in the first if() structure) to the last elseif() structure (where it get's written to the database). For passing all the other info, like email, name, gender, birthdate et al. i'm using hidden input fields in form 2 (see -x2 reference in the codeblock). But how do i pass the password from form 1 to the end of the script? If i use a hidden input field for the password in form 2 and assigning the value of that hidden input-field the password, then the password is also viewable from the document source and i don't want that. Or isn't that such a bad idea regarding security?Question 2)In the validation i want to search the user submitted password for 3 or more consecutive characters (any of the allowed characters, the allowed characters are: a-z, A-Z, 0-9, _ and -, see also Question 3 below), using preg_match(). If 3 or more consecutive characters are found, then password is invalid and user has to try again.The code i thought would work for this was:

if(preg_match('/\.{3,}/', $_POST['password']){	  die('Password may not contain 3 or more consecutive characters');}

But no matter what i try (i think i just tried anything for the expression to match, using square brackets, using no backslash, just anything i could think of), i can't seem to get it to work.Question 3)The allowed characters in the password field are: a-z, A-Z, 0-9, _ and -. Any other character will result in a die('retype password') thing. I have done this using the following regular expression:

if(preg_match("/[~`!@#$%^&*\(\)+=\{\}\[\]:;\'<>,?\/\\\|\¬\¦]/", $_POST['password'])){ 			// checks if password does not contain any of the mentioned characters		die('Your password contains incorrect characters. 			Only a-z, A-Z, 0-9, _ and - characters are allowed.');}

Although above code works, is it the correct way to do this?Thank you in advance!

[birbal]

1) why do you need review form separately..you can directly check the inputs..if it goes wrong show errors on same page..so that user can recorrect all..if all are ok..process it.whatevere you passing via GET or POST nothings is secure..unless if you are not using encrypted connection2) i think you need to apply lookback here3) it is the best way to do it with whitelist aproach...instead of matching what should not be inserted..it will be better to match which should insert

^[a-zA-Z0-9_-]$

[NoUser2U]

I review the form 'seperately' to let the user to see how his information is going to be saved into the database. This 'review'-form is not submitted on a different page, but on the same page, i could do without it though. About the lookback-technique (or isn't it a technique?)...i've never heard of that before in the programming-context. I just tried googling for it, but nothing really helpful came out. Can you specify it?About the whitelist-approach: I thought of it in the first place, but how should i use it then? How do i use preg_match to search strings that do nót contain certain characters or character-ranges?

if(!preg_match("/^[characterrange]?/", $string)){	  die('$string contains characters that are not allowed. Try again')}

Will above code do? (i tried the above code in my example though, using "/^[a-zA-Z0-9_-]? /", but it didn't work; i still could enter any punctuation characters in the password field).

[birbal]

yes it is a techniiqe which is used in regular expression.lookback in regular expressionit should work...

if(preg_match("/[^a-zA-Z0-9]/", $string)){	  die('$string contains characters that are not allowed. Try again')}

i think it would be better to use javscript to do a preview..where as you dont need to submit anything..just a popup will show up the formated selected fields

[NoUser2U]

Thank you for the link...didn't know it was something specific for regular expressions hence i used the wrong searchterms.Well i did try the exact code with that character set, except "/[^a-zA-Z0-9]/" i have "/^[a-zA-Z0-9]?/"...I'll try it again tomorrow, hopefully it'll work this time.About javascript, i did think of using javascript regarding the use of a 'preview'-screen (and many many other things that javascript would be more of a help than using PHP), but i stuck with PHP even if that meant a workaround about things, because i'm quite new to all this webdevelopment and i thought i should learn PHP (and MySQL + HTML + a bit of CSS) first, before adding another programming language in my arsenal. So what do you advise, stick with PHP no matter what (at least untill i'm past the 'beginner'-stage skill-wise), or should I incorporate javascript whenever that is thought to be more practical/easier for certain things? (like this preview-situation).My PHP-'skilllevel' is still somewhat of a beginner, but not an absolute newcomer anymore. I do have a nice understanding of the basics of PHP, but i still consider myself pretty far from 'intermediate-skilled' or so regarding PHP (and especially webdevelopment in general). Most of the PHP-code presented in examples/tutorials or other help-topics i do understand, but there are also quite some things/principles i still am not that familiar with, for example: OOP, cookie-usage, security, sessions (i have employed a very very basic session-usage in my example-site, but i'm not familiar with the more intermediate technique's of sessions) and some other things.The thing that's mostly drawing me back in advancing is not knowing what the general technique for a specific task is...that is, what the most used or common technique is for a speficic task. Actually understanding/getting familiar with the code is not a problem, that's just a matter of practice, but knowing what technique to use for a certain thing is a bit harder to gain information about....at least as i experienced.

[birbal]

both are not samewhere as it will try to match other than alpha numeric/[^a-zA-Z0-9]/" it will try to match that there is alphnum started with and ended with the alphanum "/^[a-zA-Z0-9]?/

if(preg_match("/[^a-zA-Z0-9]/", $string)){ die('$string contains characters that are not allowed. Try again')}

so when will you check it in preg_match 1st one will raise a error if any other character rather than the alphanum found.and if you put the 2nd one in above code to check with the preg_match it will raise a error for valid values.so its depends on how are you going to check the condition.as for javascript.i did not feel till now to implement javascript..even i am not much familiar with javascript (i know some but i did not work enough that i can say i know js)...i think js used mainly for some fancy stuff...not a mandatory language...(for me )..in some case ajax is usefull though.if you had well base and knowledge of any programing language before its not would be problem...to get it...basic things are quite same..so it would not be much tough to learn and implement js where you need it.i am not much experiance in webdeveloment though..me too quite new in this(less than one year cant remember exact time)..but as i had experiance in OOPS language like cplusplus and c sharp..so it speed up to learn php...and obviously with the help of the other mods and dedicated members..i had learned lot of things from this board about webdevelopment..if you are starting first with php i would say to stick with it. at the start of the time i was confused too about session and cookie issues and security issues...i can say dont be confused and dont think about what you dont know..use what you know..implement it..whenever you will stuck anywhere google it and post it here..you can find all issues in net..clear those doubts...and forward again...you have to do some mistakes to learn something...best way of doing some task you can achive with practise..when you will gain experiancethis is the way i used when i started...may be its dont work for others..but its worked for me good.

[NoUser2U]

Hi, i just tried the pattern

/[^a-zA-Z0-9_-]/"

and it's working now!I can also see the difference with the other pattern, that was straight forward that i'll check only the first and last characters.I got a question though about the above pattern: When '^' is inside the brackets ("/[^some characterrange here]/"), what does it actually do? I know for example that if it's in front of the brackets (like so: "/^[characterrange]/"), it'll check whether the first character of the string that's undergoing the inspection by preg_match, matches anything contained inside the brackets. But how is it exactly interpreted when it's inside the brackets?Thnx in advance!Also thank you for posting about javascript and how you advanced with your webdevelopment experience. I think i'll wait a bit more, like a month or 2, before starting to think about implementing javascript or so.

[birbal]

when ^ its into the [] it will try to match other than specified value...where as outside of the braces will say that it must be the start point.you can search named regexp anchor in google. you will find lot of links.

[birbal]

this the for regexanchorlookback