Solved

Perl - check new password for user name

Posted on 2011-02-18
5
287 Views
Last Modified: 2012-05-11
I have a snip of code in a script where users reset their password, here doing a check to see make sure the user does not use their name in their new password.

I'm trying to use the Q and E, which I thought would strip out the special characters and numbers but guess not.

From the script below, how can I get a match if the new password contains the users name? I guess I could do a substitute and remove all numbers and any special characters found, any suggestions?

Thanks,


#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
                print "NO Match\n";
               }

Open in new window

0
Comment
Question by:bt707
  • 3
  • 2
5 Comments
 
LVL 26

Expert Comment

by:wilcoxon
ID: 34930138
You have it backwards.  It should be $pass =~ /$username/ since you want to check the password to see if it contains the username.
0
 

Author Comment

by:bt707
ID: 34930169
wilcoxon,

I'm checking it both ways, to see if the password contains the user name and also if the new password contains the name.

So already have what you showed in the code, have it both with an OR

&& (($username =~ /\Q$pass\E/i) ||
($pass =~ /\Q$username\E/i)

what am I missing?

0
 
LVL 26

Expert Comment

by:wilcoxon
ID: 34930193
Hmm.  I need to read closer - you have both conditions.  \Q and \E say that what is between them is a literal quote (disabling pattern metacharacters (not to strip out anything).

$pass =~ /\Q$username\E/ should handle matching the username as part of the password.

Your code is not matching because the password does not contain the username.  If you want to strip out non-word characters first then you should add the below two lines (or only one of them depending on which you want stripped) before the if conditions.

$username =~ s{[^a-zA-Z]}{}g;
$pass =~ s{[^a-zA-Z]}{}g;
#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
                print "NO Match\n";
               }

Open in new window

0
 
LVL 26

Accepted Solution

by:
wilcoxon earned 500 total points
ID: 34930205
Sigh.  Ignore the code attached to the previous answer - I never hit attach and assumed it would go away when I hit submit (rather than attaching and submitting).

So, including stripping non-letters, the code would be (done because I was submitting another comment anyway).
#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

# keep only letters in both the password and username
$pass =~ s{[^a-zA-Z]}{}g;
$username =~ s{[^a-zA-Z]}{}g;

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
               print "NO Match\n";
             }

Open in new window

0
 

Author Closing Comment

by:bt707
ID: 34930234
Ok, this will help get what I want, I was thinking the Q and E was suppose to do something else then what it's doing and you pointed out.

I was getting what I want from just stripping the numbers from the username  - $username =~ s/[0-9]//g; - but that will not work for all users, what you added and gave me should get me where I wanted to be.

Thanks!!!
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question