Invalid Filename Check

[ucahg]

Hi,

I am making a script that will allow a user to create a page on my site. I only want alphanumerical characters, hyphens, periods, and underscores allowed. As well, two consecutive periods in a row isn't allowed. Here is the script I tried:

PHP Code:

<?PHP
  if (ereg("^[[:alnum:]][[:alnum:]_.-]*[[:alnum:]]$ ",$filename))  {
      if (ereg("..",$filename))
      $error = "invalidfname";
        else
          $error = "none";
    }
    else 
      $error = "invalidfname";

.....

if ($error == "invalidfname") {
?>
<FONT color="red">
<B>ERROR: THE FILENAME YOU CHOSE IS INVALID.  ONLY
ALPHANUMERICAL CHARACTERS, UNDERSCORES, HYPHENS, AND
PERIODS ARE ALLOWED.  TWO CONSECUTIVE PERIODS ARE NOT
ALLOWED.  PLEASE MAKE THE NECCESSARY CHANGES BELOW.</B>
</FONT>
<?PHP
}

No matter what I type in the filename field, I get the error above. What am I doing wrong?

[ucahg]

The user doesn't type the extension, as it will always be .php, and later in the script when the file is created the extension will be added.

[Mark T.]

Are you sure the .extension-part is not necessary. I have no experience with this, but that could be your problem.

[Anarchos]

I've never used ereg functions but here's a preg one that should work okay: preg_match('/^[-a-z0-9_]+(\.[-a-z0-9_]+)*$/i',$filename);

[ucahg]

Thanks Anarchos, your code works as I intended mine too

[DR_LaRRY_PEpPeR]

in the preg functions (maybe ereg too) instead of [a-z0-9_] you can just use \w

[ucahg]

If that's like the [[:alnum:]] in ereg then it won't be good, because it allows accented characters (à,á,â,ã,ä,å,æ,ç,è,é,ê,ë,ì,í,î,ï,ð,ñ,ò,ó,ô,õ,ö,ù,ú,û,ü,ý,ÿ, and their uppercase counterparts) which I do not wish in filenames.

[DR_LaRRY_PEpPeR]

oh ok. i don't know about that...