0

I have been debugging some php code today and have run into a very strange problem. A function that I have to check if a password is valid stops executing part way through the function. No errors are generated either by PHP or by the web server itself.

Here is the function in question:

//Common Registration Functions
function checkPassword($password)
{
    $bLen = strlen($password);
    echo $bLen."\n";
    echo $password."\n";
    
    //Remove any illegal characters
    $vPWord = preg_replace("/[^\!\@\#\\\$\%\&\*\-\_\,\.a-zA-Z0-9]/","",$password);
    
    $aLen = strlen($vPWord);
    echo $aLen."\n";
    echo $vPWord."\n";
    
    //If the password length before santization is different than after then the user used illegal characters
    if ($bLen <> $aLen)
    {
        return "pass_charfail"; 
    }
    
    echo "pass length check 1 \n";
    
    //Check sanitized password length
    if (strlen($vPWord) < 6)
    {
        return "pass_short";
    }
    
    echo "pass length check 2 \n";
    
    if (strlen($vPWord) > 10)
    {
        return "pass_long";
    }
    
    echo "pass length check 3 \n";
    
    //Check password strength
    $strength = 0;
    
    if (preg_match("/[^a-z]/",$vPWord))
    {
        $strength += 1;
    }
    
    if (preg_match("/[^A-Z]/",$vPWord))
    {
        $strength += 1;
    }
    
    if (preg_match("/[^0-9]/",$vPWord))
    {
        $strength += 2;
    }
    
    if (preg_match("/[^\!\@\#\\\$\%\&\*\-\_\,\.]/",$vPWord))
    {
        $strength += 4;
    }
    
    if ($strength > 6)
    {
        echo $strength."\n";
        return true;
    }
    
    else
    {
        echo $strength."\n";
        return "pass_weak";
    }
}

Here is the output I get from my error checking setup (my webhost will not enable php debugging for an entire site so I have to go through a separate file which I will post the code from later):

4

Mast

4

Mast

{"success":"noerror"}

Here is the way I have to check for errors:

<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
include("register.php");
?>

And here is the function which calls the function in question above:

function register($username, $password, $email, $squestion, $sanswer)
{   
    //First check if the email is valid
    $data = eVerify($email);
    
    //If email is not valid
    if (!$data)
    {
        return "email_fail";    
    }
    
    //If email is valid then check if it already exists and the verification status
    else
    {       
        //See if the email already exists
        $data = getUID($email,"email",true);
        
        //echo $data."\n";
        
        if ($data)
        {
        
            //Get user ID for later use
            $id = getUID($email,"email",false);
        
            //If the email exists, see if it has been verified or not
            $data = checkVer($id);
            
            //echo $data."\n";
                
            //If email exists but has not been verified
            if (!$data)
            {           
                rSVCode($username,$email,$id);
                                
                return "exists1";
                exit();
            }
        
            //If email exists and has been verified
            else if ($data)
            {
                return "exists2";
                exit();
            }
        }
            
        //If email does not exist, continue registration process
        else
        {
            //Check to see if username has been used
            $data = getUID($username,"username",true);
        
            if ($data)
            {
                return "un_exists";
                exit();
            }
        
            //Check password strength, chars, and length
            else
            {
                $data = checkPassword($password);
            
                if ($data)
                {
                    //Create user account
                    $data = cAccount($username, $password, $email, $squestion, $sanswer);
                
                    if ($data)
                    {
                        //Get user's ID for use later
                        $id = getUID($username,"username",false);
                        
                        //Generate email verification code
                        $data = cVCode($username,$email,$id);
                        
                        //Send verification email
                        $data = sendEVar($email,$username,$data);
                        
                        if ($data)
                        {
                            return "true";
                            exit();
                        }
                        
                        else
                        {
                            return $data;
                            exit();
                        }
                    }
                    
                    else
                    {
                        return $data;
                        exit();
                    }
                }
            
                else
                {
                    return $data;
                    exit();
                }
            }
        }       
    }
}
Improve this question

2 Answers 2

Reset to default
1

The triple === makes sure the return is of the same type.

In your function you don't always return boolean, sometimes you return strings, and that could be an issue.

For example this snippet:

$data = "pass_charfail";
if($data){
  echo 'true';
}else{
  echo 'false';
}

this will echo true because $data is not an empty string.

But the following will echo false, because $data is not a true boolean.

$data = "pass_charfail";
if($data === true){
  echo 'true';
}else{
  echo 'false';
}

One more example in your register function you have

if ($data)
{
   return "true";
   exit();
}

if this value gets return, then false will be echo from the following code:

if($data === true){
  echo 'true';
}else{
  echo 'false';
}

because $data is now a string which is not of type boolean.

hope it makes sense to you!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I got it working again but I am not sure why the change I made makes a difference. If someone could respond to this answer or post their own answer explaining it would be appreciated.

How I fixed it was changing the if ($data) line after checkPassword is called to if ($data === true) and it reported the correct error message instead of claiming a successful registration.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.