Results 1 to 15 of 15

Thread: [RESOLVED] How to validate username and password using regex?

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2014
    Posts
    428

    Resolved [RESOLVED] How to validate username and password using regex?

    Hello Guys,

    I want to validate my application's username and password input before login. That's why I have implemented a regex system. Code :

    Code:
    Private UsernameRegex As Match
    UsernameRegex = Regex.Match(tbx_username.Text, "^[A-Za-z0-9_-.]{3,16}$")
    If UsernameRegex.Success Then MsgBox("Do not use illegal characters on the username field!!!", MsgBoxStyle.Information, "Information") : tbx_username.Focus() : Exit Sub
    The regex pattern I am trying to validate is : [A-Za-z0-9_-.]{3,16}
    I want my username textbox to proceed to the login process when the entered text on the username textbox have no other characters other than the allowed characters in my regex. But with my code it is not working actually. I am getting an regex reverse error. Snapshot attached.


    Please help me guys.
    Thanks in advance.....
    Attached Images Attached Images  

  2. #2
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,715

    Re: How to validate username and password using regex?

    Your RegEx is slightly wrong in that you're not escaping the minus character. Use the backslash to escape the minus character and you should be fine. I was able to determine this by plugging your RegEx into http://www.regexr.com/ and when I did so it pointed out the error.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  3. #3
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    38,989

    Re: How to validate username and password using regex?

    Why are you using RegEx for a username and password? Typically, these are two strings that the user has to enter exactly correct, in which case equality is the only passing rule. By using RegEx of any sort, you will either create a rule that allows a user to be "close enough" to some username and password, or will be using a sledgehammer to drive a finishing nail.
    My usual boring signature: Nothing

  4. #4

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2014
    Posts
    428

    Re: How to validate username and password using regex?

    I have heard about MySQL Injection and also followed some protection guide on codeporject. That guide says I should filter user inputs. That's why I used regex to filter username here...

  5. #5
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,715

    Re: How to validate username and password using regex?

    If you're concerned about SQL injections, one of the best preventative measures is to use a parameterized query which JMcIlhinney has an article on in the VB.Net codebank.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  6. #6
    Smooth Moperator techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,532

    Re: How to validate username and password using regex?

    I think it's a validation routine, not a authentication... you know the rules, at least 57 characters, no more than 128, use letters, upper and lower, 12 must be symbols, but not next to each other, must include a 24-digit number but no consecutive numbers, typed in Greek and must result in a limerick.

    And that's just the username. Passwords can only be 8 characters, have at least 1 number, 1 letter, 1 symbol, and contain both upper and lower case letters.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  7. #7

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2014
    Posts
    428

    Re: How to validate username and password using regex?

    Thanks dday9 I will follow this parameterized query tutorial. But also want to provide other security measures.

    But the command of mine above is actually doing the opposite thing. It is actually not allowing the regex patter in the username. It is escaping the regex on pattern and allowing other characters other than the regex. How can I reverse the process???

    tg can you please provide me most secure regex pattern for both username and password???

  8. #8

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2014
    Posts
    428

    Re: How to validate username and password using regex?

    I am not able to find the post of parameterized sql query of JMcIlhinney in the CodeBank. My searching knowledge is a bit low. Can someone provide me his thread link please???

  9. #9
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,715

    Re: How to validate username and password using regex?

    Can someone provide me his thread link please???
    I found JMcIlhinney's blog post Using Parameters in ADO.NET here: http://jmcilhinney.blogspot.com/2009...in-adonet.html

    If I find the vbforums codebank thread I'll also post it.

    Edit: Here is the codebank thread: http://www.vbforums.com/showthread.p...ight=parameter
    Last edited by dday9; Jan 29th, 2015 at 12:04 PM.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  10. #10
    Fanatic Member Toph's Avatar
    Join Date
    Oct 2014
    Posts
    655

    Re: How to validate username and password using regex?

    Parametize your query and you won't need to worry about SQL Injections. Don't use Regex to help you prevent SQL Injections because you will run into many problems.

  11. #11
    Hyperactive Member
    Join Date
    Mar 2012
    Posts
    311

    Re: How to validate username and password using regex?

    Quote Originally Posted by dday9 View Post
    Your RegEx is slightly wrong in that you're not escaping the minus character. Use the backslash to escape the minus character and you should be fine. I was able to determine this by plugging your RegEx into http://www.regexr.com/ and when I did so it pointed out the error.
    In addition to the error in the RegEx pattern that DDay9 pointed out, you also have a logical error in your If statement:
    Code:
    If UsernameRegex.Success Then MsgBox("Do not use illegal characters on the username field!!!", MsgBoxStyle.Information, "Information") : tbx_username.Focus() : Exit Sub
    According to this condition, if the username text matches the RegEx pattern, it will spit out an error message. But I think you want the opposite; if the username doesn't match, then toss the error. BTW, although you are able to connect multiple lines together, it is usually frowned upon... It make it more difficult to read (esp. for others reading your code), it is more difficult to debug (eg you can't just comment out a line), and if there are changes to be made, you have to edit and test the entire line. Finally, I'd use a MsgBoxStyle.Exclamation or MsgBoxStyle.Critical as MsgBoxStyle.Information is used more for general, non-error messages whereas the former styles are used to alert the user to an error.

  12. #12
    Addicted Member
    Join Date
    Mar 2010
    Posts
    226

    Re: How to validate username and password using regex?

    Hi friends,
    You can use regexbuddy to test regex streams.
    Regards

  13. #13
    PowerPoster SJWhiteley's Avatar
    Join Date
    Feb 2009
    Location
    South of the Mason-Dixon Line
    Posts
    2,256

    Re: How to validate username and password using regex?

    Allow the user to choose their user name (e-mail address is nice). Allow the user to pick their password with few restrictions (typically just at least 8 characters). Anything else is annoying and worthless. Using regex is just a pointless exercise in this case.
    "Ok, my response to that is pending a Google search" - Bucky Katt.
    "There are two types of people in the world: Those who can extrapolate from incomplete data sets." - Unk.
    "Before you can 'think outside the box' you need to understand where the box is."

  14. #14

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2014
    Posts
    428

    Re: How to validate username and password using regex?

    Thanks you all for the suggestion guys...Thanks a lot...Problem solved...

  15. #15
    Bad man! ident's Avatar
    Join Date
    Mar 2009
    Location
    Cambridge
    Posts
    5,398

    Re: [RESOLVED] How to validate username and password using regex?

    I spy with my eye a full stop

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width