diff --git a/var/www/signup.php b/var/www/signup.php index 887d501..eb829b0 100644 --- a/var/www/signup.php +++ b/var/www/signup.php @@ -8,12 +8,12 @@ if(4 <= strlen($_POST['signup_username']) && strlen($_POST['signup_username']) <= 25){ if(4 <= strlen($_POST['signup_password']) && strlen($_POST['signup_password']) <= 25){ // Make sure no special characters are present - if((preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/',$_POST['signup_username']) && (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/',$_POST['signup_password'])){ + if(ctype_alnum($_POST['signup_username']) && ctype_alnum($_POST['signup_password'])){ // Need to first check if a user with the desired username already esists $db_check_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["signup_username"]."'"); $db_check_statement->execute(); $db_check_statement->setFetchMode(PDO::FETCH_ASSOC); - $db_check_returned = $db_statement->fetchAll(); + $db_check_returned = $db_check_statement->fetchAll(); $existingUsers = $db_check_returned[0]['COUNT(*)']; if($existingUsers == 0){ $db_connection->exec("INSERT INTO login (username, pword) VALUES ('".$_POST["signup_username"]."','".$_POST["signup_password"]."')"); @@ -47,8 +47,8 @@

-

>And you are...?

-
Up to 25 characters, and no special characters
+

And you are...?

+
Username and password both can be up to 25 alphanumeric characters
Username:
Password: