Preg_Match

[Meller Plus]

How may I do so Preg_match disables "<" and ">"
My currently code:

PHP Code:

if (!preg_match("/^[a-zA-Z ]*$<[^>]+/", $_POST["motto"]))
{
    $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Only letters and white space allowed!</marquee></center>"; 
} 


[MentaL]

[NOC]

You may find this useful

https://www.functions-online.com/preg_match.html

[Meller Plus]

You may find this useful

https://www.functions-online.com/preg_match.html

I don't get a shiot of that. Lmao

[asesinato]

if(strlen($motto) <= 20 && preg_match('/^[a-z0-9@=_:,?!.\-]+$/i', $motto))
{
$error here lol
}

If that doesn't work, send me your full code & I'll do it.

[Troll Hotel]

You can change the motto in client aswell so i would prefer to use strtr or str_replace :P

[Matata]

If this is to prevent XSS on the /me page, use htmlspecialchars() when printing the string, instead of this.

[Meller Plus]

If this is to prevent XSS on the /me page, use htmlspecialchars() when printing the string, instead of this.

Thanks,
Problem solved, Another problem found:

Screenshot by Lightshot

You can write with space in the name...
register_engine.php

PHP Code:

<?phpnamespace register_engine;include_once('engine.php');session_start();$error='';if (isset($_POST['submit'])){    if (empty($_POST['username']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a Username.</marquee></center>";    }    if (empty($_POST['password']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a Password.</marquee></center>";    }    if (empty($_POST['rep_password']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please confirm password.</marquee></center>";    }    if (empty($_POST['email']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a E-Mail.</marquee></center>";    }    if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))    {    $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: E-Mail is not avalibe!</marquee></center>";     }        if(strlen($_POST['username']) <= 25 && ctype_alnum($_POST['username']))    {    $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Only letters allowed in username!</marquee></center>";     }    else    {        $username=$_POST['username'];        $password=$_POST['password'];        $email=$_POST['email'];        $referrer=$_POST['referrer'];        $username = mysql_real_escape_string($username);        $password = mysql_real_escape_string($password);        $email = mysql_real_escape_string($email);        $referrer = mysql_real_escape_string($referrer);        $query = mysql_query("select * from users where username='$username'", $phpmyadmin);        $rows = mysql_num_rows($query);        if ($rows == 1)        {            $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Name is taken.</marquee></center>";        }        else         {            $query = mysql_query("select * from users where mail='$email'", $phpmyadmin);            $rows = mysql_num_rows($query);            if ($rows == 1)            {                $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Email is taken.</marquee></center>";            }            else            {                $sql10 = "INSERT INTO `users` (`username`, `password`, `mail`, `rank`, `credits`, `vip_points`, `activity_points`, `look`, `gender`, `motto`, `online`, `home_room`) VALUES ('$username', '$password', '$email', 1, '$Credits', '$Vip_points', '$Activity_points', 'ha-1002-62.hd-195-1.wa-3073-62.cc-3075-62.ea-1403-62.ch-3077-62-63.he-3082-62.sh-295-62.hr-829-32.fa-1208-62', 'M', 'I am new.', '0', '$Home_room');";                mysql_query($sql10) or die(mysql_error());                $_SESSION['login_user']=$username;                header("location: home.php");            }        }        mysql_close($phpmyadmin);    }}?>

[Troll Hotel]

Thanks,
Problem solved, Another problem found:

Screenshot by Lightshot

You can write with space in the name...
register_engine.php

PHP Code:

<?phpnamespace register_engine;include_once('engine.php');session_start();$error='';if (isset($_POST['submit'])){    if (empty($_POST['username']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a Username.</marquee></center>";    }    if (empty($_POST['password']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a Password.</marquee></center>";    }    if (empty($_POST['rep_password']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please confirm password.</marquee></center>";    }    if (empty($_POST['email']))    {        $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Please enter a E-Mail.</marquee></center>";    }    if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))    {    $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: E-Mail is not avalibe!</marquee></center>";     }        if(strlen($_POST['username']) <= 25 && ctype_alnum($_POST['username']))    {    $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Only letters allowed in username!</marquee></center>";     }    else    {        $username=$_POST['username'];        $password=$_POST['password'];        $email=$_POST['email'];        $referrer=$_POST['referrer'];        $username = mysql_real_escape_string($username);        $password = mysql_real_escape_string($password);        $email = mysql_real_escape_string($email);        $referrer = mysql_real_escape_string($referrer);        $query = mysql_query("select * from users where username='$username'", $phpmyadmin);        $rows = mysql_num_rows($query);        if ($rows == 1)        {            $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Name is taken.</marquee></center>";        }        else         {            $query = mysql_query("select * from users where mail='$email'", $phpmyadmin);            $rows = mysql_num_rows($query);            if ($rows == 1)            {                $error = "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>Error: Email is taken.</marquee></center>";            }            else            {                $sql10 = "INSERT INTO `users` (`username`, `password`, `mail`, `rank`, `credits`, `vip_points`, `activity_points`, `look`, `gender`, `motto`, `online`, `home_room`) VALUES ('$username', '$password', '$email', 1, '$Credits', '$Vip_points', '$Activity_points', 'ha-1002-62.hd-195-1.wa-3073-62.cc-3075-62.ea-1403-62.ch-3077-62-63.he-3082-62.sh-295-62.hr-829-32.fa-1208-62', 'M', 'I am new.', '0', '$Home_room');";                mysql_query($sql10) or die(mysql_error());                $_SESSION['login_user']=$username;                header("location: home.php");            }        }        mysql_close($phpmyadmin);    }}?>

I dont really understand your problem but if you mean that users can register with spaces then you can use this :p

Code:

(@preg_match('/^[_a-zA-Z0-9-]+$/', $name)

you should also make a function for the Error message because i think its ugly and long :p

Code:

public static function error($msg){
     		return "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>".$msg."</marquee></center>";
     	}

just put it in a class , usage: Classname::$error('error here');

Also why are you using namespaces on a non functions page ?,?

[Meller Plus]

I dont really understand your problem but if you mean that users can register with spaces then you can use this :p

Code:

(@preg_match('/^[_a-zA-Z0-9-]+$/', $name)

you should also make a function for the Error message because i think its ugly and long :p

Code:

public static function error($msg){
             return "<center><marquee onmouseover='this.stop();' onmouseout='this.start();'>".$msg."</marquee></center>";
         }

just put it in a class , usage: Classname::$error('error here');

Also why are you using namespaces on a non functions page ?,?

Okay don't ask me LMAO, This is my first try for a cms. :s

[Troll Hotel]

Okay don't ask me LMAO, This is my first try for a cms. :s

its ok :p just giving you tips and goodluck with your cms :d

[Meller Plus]

its ok :p just giving you tips and goodluck with your cms :d

Thanks. Btw still doesnt work with the username :s
[PHP] <?php namespace register_engine; include_once('engine.php'); session_start(); - Pastebin.com

[Troll Hotel]

Thanks. Btw still doesnt work with the username :s
[PHP] <?php namespace register_engine; include_once('engine.php'); session_start(); - Pastebin.com

Here i cleaned up your code a bit :p
[PHP] register ? - Pastebin.com
also use exit after a header location :d and use require instead of include when you need your core :P

[Meller Plus]

Here i cleaned up your code a bit :p
[PHP] register ? - Pastebin.com
also use exit after a header location :d and use require instead of include when you need your core :P

Thanks. Had to edit it little but it works! Thanks

[Troll Hotel]

No problem, if you have any other questions just pm me and i will try to help you :p