Helpful Information

Category: FTP Help

@'s in ftp passwords

Is there a way to cancel out a '@' in a users password?

This is what I am trying to do:

$fo = fopen( "ftp://$username:$password@$host.$domain/$file", "w" );

However, I have come accross a user who has a '@' in their password, and hence get errors when the script is run.

What can I do to prevent this?

If you just want to remove them, use str_replace()

$new = str_replace("@",$old);

If you want to not allow the user to set a password with @ from the beginning, use the string functions to check for it, and send back an error saying the password was bad.

if(strstr($password,"@"))
{ //bad password }
else
{ //good password }

---John Holmes...

Problem is, the user has aready set there password, so I can't use your second option (only for new registrations), and I can't do a str_replace because then the ftp login would fail...

So make them change it. Do you want to get rid of the '@' or not??!

---John Holmes...

I don't want to get rid of the '@' in there password - unless it is a neccesity. I just want a way of cancelling it out, like you would cancell out a quote (\').

I need it to still be valid when the login.

You mean, escape it, like this?
print "Joe said \"Hi\"";

Just put a \ before it

>>However, I have come accross a user who has a '@' in their password
>> and hence get errors when the script is run.
Well then you must be using different ftp then the rest of us, because character '@' is allowed in both username and password. So I recommend you check the rest of your script and find where the error's at, because it surely isn't there.

Originally posted by AlCapone
Well then you must be using different ftp then the rest of us, because character '@' is allowed in both username and password. So I recommend you check the rest of your script and find where the error's at, because it surely isn't there.
The problem I can see with an @ is with using an ftp:// style URI. With this type of URI, everything after the first @ is parsed as the host & path, correct?
So if you have:
ftp://username:password@pass@host/path
... it's not going to be parsed the way you want it to. The part of the password after the @ is going to be parsed as part of the hostname. At least that's how it seems to me.

>>With this type of URI, everything after the first @ is parsed as the host & path, correct?
Not entirely correct - everything that is after rightmost @ is host[:port]/path, and everything before leftmost : is username. Everything inbetween is password, and that is why : can only be in password, not username, but you can have @ in both username and password.