#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Posts
    3
    Rep Power
    0

    @'s in ftp passwords


    Is there a way to cancel out a '@' in a users password?

    This is what I am trying to do:

    $fo = fopen( "ftp://$username:$password@$host.$domain/$file", "w" );

    However, I have come accross a user who has a '@' in their password, and hence get errors when the script is run.

    What can I do to prevent this?
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,643
    Rep Power
    4492
    If you just want to remove them, use str_replace()

    $new = str_replace("@",$old);

    If you want to not allow the user to set a password with @ from the beginning, use the string functions to check for it, and send back an error saying the password was bad.

    if(strstr($password,"@"))
    { //bad password }
    else
    { //good password }

    ---John Holmes...
    -- Cigars, whiskey and wild, wild women. --
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Posts
    3
    Rep Power
    0
    Problem is, the user has aready set there password, so I can't use your second option (only for new registrations), and I can't do a str_replace because then the ftp login would fail...
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,643
    Rep Power
    4492
    So make them change it. Do you want to get rid of the '@' or not??!

    ---John Holmes...
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Posts
    3
    Rep Power
    0
    I don't want to get rid of the '@' in there password - unless it is a neccesity. I just want a way of cancelling it out, like you would cancell out a quote (\').

    I need it to still be valid when the login.
  10. #6
  11. No Profile Picture
    The Bisifiniti
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Posts
    25
    Rep Power
    0
    You mean, escape it, like this?
    print "Joe said \"Hi\"";

    Just put a \ before it
  12. #7
  13. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    33
    >>However, I have come accross a user who has a '@' in their password
    >> and hence get errors when the script is run.
    Well then you must be using different ftp then the rest of us, because character '@' is allowed in both username and password. So I recommend you check the rest of your script and find where the error's at, because it surely isn't there.
    And you know I mean that.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2002
    Location
    Phoenix
    Posts
    42
    Rep Power
    13
    Originally posted by AlCapone
    Well then you must be using different ftp then the rest of us, because character '@' is allowed in both username and password. So I recommend you check the rest of your script and find where the error's at, because it surely isn't there.
    The problem I can see with an @ is with using an ftp:// style URI. With this type of URI, everything after the first @ is parsed as the host & path, correct?
    So if you have:
    ftp://username:password@pass@host/path
    ... it's not going to be parsed the way you want it to. The part of the password after the @ is going to be parsed as part of the hostname. At least that's how it seems to me.
  16. #9
  17. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    33
    >>With this type of URI, everything after the first @ is parsed as the host & path, correct?
    Not entirely correct - everything that is after rightmost @ is host[:port]/path, and everything before leftmost : is username. Everything inbetween is password, and that is why : can only be in password, not username, but you can have @ in both username and password.
    And you know I mean that.

IMN logo majestic logo threadwatch logo seochat tools logo