University of Washington CSE 154

Section 5: Regular Expressions, Validation; Cookies

Except where otherwise noted, the contents of this document are Copyright © Marty Stepp, Jessica Miller, and Victoria Kirst. All rights reserved. Any redistribution, reproduction, transmission, or storage of part or all of the contents in any form is prohibited without the author's expressed written permission.

Recall: Regex Syntax Reference

special chars
`\|`	or
`()`	grouping
`^`	start
`$`	end

quantifiers
`*`	0 or more
`+`	1 or more
`?`	0 or 1
`{min,max}`	between min and max

character sets
`[abcde]`	one of those characters
`[a-z]`	a character from a through z
`\d`	digit
`\s`	whitespace

The next exercise uses regular expressions. (lecture slides)

Exercise : Regular Expressions (by Zack Cava)

Write a regular expression (slides) that would match the following kinds of patterns. You can use the site Rubular to test your regex.

students' letter grades such as A, B+, or D- (try it) (data)
DNA (strings of A, C, G, or T) in upper/lower case (try it) (data)
a US ZIP code (try it) (data)
a credit card number, with optional dashes every 4 numbers (try it) (data)
a real number such as 3.14 or -42.8775 (try it) (data)
dollar amounts of at least $100.00 (try it) (data)
words that contain at least two vowels (A, E, I, O, or U) (try it) (data)

Exercise Solution

Grades: /^[abcdf][+-]?$/i
DNA string: /^[acgt]+$/i
US ZIP: /^\d{5}(-\d{4})?$/
Credit Card: /^\d{4}(-?\d{4}){3}$/
Real Number: /^[-]?\d+(\.\d+)?$/
$100+: /^\$[1-9]\d{2,}\.\d{2}$/
Words w/ 2 Vowels: /^[a-z]*[aeiou][a-z]*[aeiou][a-z]*$/i

Recall: Regular expressions in PHP

function	description
`preg_match(regex, string)`	returns `TRUE` if `string` matches `regex`
`preg_replace(regex, replacement, string)`	returns a new string with all substrings that match `regex` replaced by `replacement`
`preg_split(regex, string)`	returns an array of strings from given `string` broken apart using given `regex` as delimiter (like `explode` but more powerful)

The next exercise uses regular expressions. (lecture slides)

Exercise : Regex Images (by Jamie Pell)

The code for images.php displays all JPG images in the images/ folder. Modify it using regular expressions so that it will display only image file namess that match each of the following patterns: (sample solution)

files that contain the word "Abbath", case insensitively
files that begin with "Abbath" and end with either "cat", "dog", or "sheep"
files that end in a number, such as puppy0247.jpg
files that begin with a 4-letter sequence of As or Bs, such as "Abba" or "baBb"

(example output)

Exercise Solution

<?php
$folder = "images";
$images = glob("$folder/*.jpg");

$regex = "/abbath/i";       # contain "abbath", case insensitive

foreach ($images as $image) {
	if (preg_match($regex, $image)) {
		?>
		<img src="<?= $image ?>" alt="an awesome picture" />
		<?php
	}
}

# begin with "abbath" and end with "cat", "dog", or "sheep"
# $regex = "/^$folder\/abbath(.*)(dog|cat|sheep).jpg$/";  
# $regex = "/[0-9].jpg$/";   # end in a number
# $regex = "/^[ab]{4}/i";    # start with 4 As/Bs
?>

Exercise : Sandwich Order (by Katlyn Edwards)

order.html allows the user to order a sandwich. Modify order-submit.php to use regular expressions to validate the order. If the order is invalid, kill the page with a brief error message. (sample solution)

Tip amount must be a non-negative real number with two digits after the decimal
State must be a two-digit string of letters
Address must begin with an integer followed by words, such as "1234 Fifth St"
Sandwich type must be one of Turkey, Ham, BLT, or Roast Beef

Exercise Solution

order-submit.php

Recall: Setting cookies in PHP

setcookie("name", "value");
...
$variable = $_COOKIE["name"];   # retrieve value of cookie later

setcookie("username", "martay");
setcookie("age", 19);
...
if (isset($_COOKIE["username"])) {
	$username = $_COOKIE["username"];
	print("Welcome back, $username.\n");
}

any cookies sent by client are stored in $_COOKIES associative array
use isset function to see whether a given cookie name exists

Exercise : Longcat Count (by Phil Sheperd)

Use a cookie (slides) to count the number of times the user has viewed longcat.php. Display this count to the user on the page, e.g. "You have visited 7 time(s)." (sample solution) For added challenge:

Make the cat grow longer by repeating middle.jpg once for each page view.
Make the page heading gain one more "o" in "Long" for each page view. (hint)
Make the cookie expire after 10 seconds.

Exercise Solution

longcat.php

Exercise : Prize (by Michael Beswetherick)

prize.php is a travel site. We want roughly every 10th visitor to win a "free trip". (sample solution)

Every time the page loads, there should randomly be a 1-in-10 chance that the viewer wins a prize.
If the user wins, show a congratulation message.
Use a cookie to remember whether the current user has won the prize. If so, on all future page visits give them a link to redeem their prize.
Give the user 24 hours to redeem the prize before the cookie expires. (Test it with very small values such as 10 seconds.)

Exercise Solution

prize.php

Exercise : Birthdays (by Phil Sheperd)

cake What day of the month were you born on? Let's check the box for everyone's day in birthdays.php. The form submits to itself, but if you leave the page and come back, it forgets what boxes were checked.

Remove the redundancy between all the checkboxes on the page using a loop.
Use a cookie(s) to remember which checkboxes are checked when the form submits. If the user comes back, the same checkboxes should be checked.
(How many cookies should you use, and what should you store in them?)
(sample solution)

Exercise Solution

birthdays.php
birthdays.php (alternate version)

Exercise : Unsafe Cookie (by Shiny Yang)

The following page unsafe.php (source) is a mockup of a badly written user login page. The programmer implemented the login page poorly because of a misunderstanding about cookies. Without peeking at the source, figure out the following:

What cookies does the page set? Why are they a bad idea?
How can you find out about the cookies stored by a given page?
Can you figure out a way to discover a user's password? The page has accounts for stepp, reges, helenem, and jessica. The password for stepp is booyah but you don't know the others...
What does this say about the safety of cookies and what kind of information should be stored in them?

Exercise Solution

The page sets cookies named uwnetid, password, and loggedin.
Use Chrome's Resources tab or Firebug's Cookies tab to see the cookies. Log in as one user and then their password is visible in the cookie, which is bad.
BUG: After logging in, you can type another user's ID and resubmit the form to see their password in the cookie.
BUG: If you manually set the cookie uwnetid to a name such as reges and set the cookie loggedin to true (such as in Firebug Cookies tab → Cookies → Create Cookie), it will think you are logged in even if you don't know any password.
User-sensitive or private information should not be stored in cookies!