Solved

Perl - check new password for user name

Posted on 2011-02-18
5
283 Views
Last Modified: 2012-05-11
I have a snip of code in a script where users reset their password, here doing a check to see make sure the user does not use their name in their new password.

I'm trying to use the Q and E, which I thought would strip out the special characters and numbers but guess not.

From the script below, how can I get a match if the new password contains the users name? I guess I could do a substitute and remove all numbers and any special characters found, any suggestions?

Thanks,


#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
                print "NO Match\n";
               }

Open in new window

0
Comment
Question by:bt707
  • 3
  • 2
5 Comments
 
LVL 26

Expert Comment

by:wilcoxon
ID: 34930138
You have it backwards.  It should be $pass =~ /$username/ since you want to check the password to see if it contains the username.
0
 

Author Comment

by:bt707
ID: 34930169
wilcoxon,

I'm checking it both ways, to see if the password contains the user name and also if the new password contains the name.

So already have what you showed in the code, have it both with an OR

&& (($username =~ /\Q$pass\E/i) ||
($pass =~ /\Q$username\E/i)

what am I missing?

0
 
LVL 26

Expert Comment

by:wilcoxon
ID: 34930193
Hmm.  I need to read closer - you have both conditions.  \Q and \E say that what is between them is a literal quote (disabling pattern metacharacters (not to strip out anything).

$pass =~ /\Q$username\E/ should handle matching the username as part of the password.

Your code is not matching because the password does not contain the username.  If you want to strip out non-word characters first then you should add the below two lines (or only one of them depending on which you want stripped) before the if conditions.

$username =~ s{[^a-zA-Z]}{}g;
$pass =~ s{[^a-zA-Z]}{}g;
#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
                print "NO Match\n";
               }

Open in new window

0
 
LVL 26

Accepted Solution

by:
wilcoxon earned 500 total points
ID: 34930205
Sigh.  Ignore the code attached to the previous answer - I never hit attach and assumed it would go away when I hit submit (rather than attaching and submitting).

So, including stripping non-letters, the code would be (done because I was submitting another comment anyway).
#! /usr/bin/perl
use strict;
use warnings;

my $pass = 'Jimmy#123';
my $username = 'Jimmy5';

# keep only letters in both the password and username
$pass =~ s{[^a-zA-Z]}{}g;
$username =~ s{[^a-zA-Z]}{}g;

        # My own name? switched username and pass around (sundaram)
        if (   (defined $username)
            && ($username ne "")
            && (($username =~ /\Q$pass\E/i) ||
                ($pass =~ /\Q$username\E/i)
               )
           ) {
               print "MATCH\n";
             } else {
               print "NO Match\n";
             }

Open in new window

0
 

Author Closing Comment

by:bt707
ID: 34930234
Ok, this will help get what I want, I was thinking the Q and E was suppose to do something else then what it's doing and you pointed out.

I was getting what I want from just stripping the numbers from the username  - $username =~ s/[0-9]//g; - but that will not work for all users, what you added and gave me should get me where I wanted to be.

Thanks!!!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now