On Tuesday, April 9, 2002, at 12:24  PM, Analysis & Solutions wrote:

> Yo Erik:
> On Tue, Apr 09, 2002 at 11:39:31AM -0400, Erik Price wrote:
>> elseif (!empty($_POST['newpassword']) &&
>> !$user->set_password($_POST['newpassword']))
> Your order of evaluation is correct.  But, considering the password
> length is evaluated in the set_password() function, checking empty()
> first is a waste of time in 99% of cases.

Hm.  I threw in a test echo statement in the class method, to make sure 
that it wasn't being accessed if $_POST['newpassword'] is in fact 
empty.  The test echo statement is displaying on the receiving page, 
however, even though there is nothing in $_POST['newpassword'].

Here's my class method:

function set_password($password)
{       echo "<p class=\"warning\">set_password() accessed, the new 
password is                                             '$this->password'</p>"; // 
after bug testing
      if (!preg_match('/\d/', $password) ||
          !preg_match('/^[-A-Za-z0-9!@#$%^&*()_ +=\?]{6,10}$/', 
$password) ||
          !preg_match('/[A-Za-z]/', $password)) {
                        return false;
      } else {
          $this->password = $password;
          return true;

and here's the code that's hitting the method (but shouldn't be):

        // the Person class is needed here

        // create a new Person instance
        $user = new Person();
        if (!$user->set_email($_POST['email'])) {
                $error_message = "invalid email";
        } elseif (      (!empty($_POST['newpassword']) && $_POST['newpassword']
$_POST['confirmpassword']) ||
                                (!$user->set_password($_POST['newpassword']))   ) {
                $error_message = "<p class=\"warning\"></p>\n";
        } else {
                $success_message = changeinfo_process(serialize($user));
        if ($error_message) {
                return $error_message;
        } elseif ($success_message) {
                return $success_message;
        } else {
                die("No error or success message?");
        // destroy the Person instance


On the next page, the echo from my class method is appearing:

set_password() accessed, the new password is ''

But as you can see, the value of $_POST['newpassword'] is an empty 
string -- shouldn't the elseif statement testing for 
!empty($_POST['newpassword'] catch this?

Much thanks to anyone with clearer thinking than I.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to