|
|
JavaScript Validation
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
Hi there!
I need a validation script that checks a form.
Username and Password only a-z and 0-9
email contains a @ and at least one .
And i want the script to be run when a user cklicks the submit button. So I also need the pageloading to be stopped. Can that be done with "return false;"?
Thanks in advance
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Occasionally Useful
Join Date: Jun 2001
Location: Liverpool, UK
Status:
Offline
|
|
i am now going to present you with the opportunity to find the answer for yourself, and thereby giving you that toasty feeling of solving your own problem: http://javascript.internet.com/
|
"Have sharp knives. Be creative. Cook to music" ~ maxelson
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2003
Status:
Offline
|
|
Hey,
If you don't get it let me know... I have quite an extensive email validation script somewhere that I used to use.
I don't really see the point in using Javascript to verify passwords though... anything client side is completely UNSECURE, so anyone could get the actual password.
I guess if this is a script where a user is first creating a password, entering it twice, etc, and it will be emailed to you, where you will add it to a server sided password database that would be o.k. Just don't try to use Javascript to verify someones password before they enter your site... to weak.
...hope this helps!
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
No!!
I am just using it to validate a register form.
The logg in is handled by PHP and SQL
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2000
Location: Shallow Alto, CA
Status:
Offline
|
|
You could also do the validation with PHP on the server side if you prefer, since you'll be processing your form for the login anyway.
The following works for .com, .gov, .edu, .net, .mil and .org.
Code:
function is_email_valid($email)
{
return ereg("^[^@ ]+@[^@ ]+\\.(([a-zA-Z][a-zA-Z])|([Cc][Oo][Mm])|" .
"([Gg][Oo][Vv])|([Ee][Dd][Uu])|([Nn][Ee][Tt])|" .
"([Mm][Ii][Ll])|([Oo][Rr][Gg]))$",
$email);
}
Alternatively I've used this one as well.
Code:
function is_valid_email($email) {
$regex = '^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3}))$';
if (!eregi($regex,$email)) {
return false;
}
else {
return true;
}
}
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2002
Status:
Offline
|
|
I am just using it to validate a register form.
I trust that this is being done simply to let the client get an error message faster. The server should not trust the validation result - all sorts of interesting things can be done if the server is foolish enough to assume that the JavaScript code has been run....
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
But if I run just JS it will be faster.
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Aug 2002
Status:
Offline
|
|
The problem is that there is always a way to send bogus data that hasn't been checked with the javascript. your php script needs to check the data again before processing it or someone will eventually come along and do bad things to your server.
--will
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
How do you mean?
Is there away to bypass the JS?
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2003
Status:
Offline
|
|
yup... go into your preferences and disable scripting.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
Oh... didn't think about that... well.. I guess I have to do a server side validation too then
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2003
Status:
Offline
|
|
I love working with Javascript, but I always ensure that anything I do with it is "non-essential". I will use it for rollovers, for example, but if the user has JS disabled in their browser then the link will still work fine, just without the flashy effect. I also use it for other things, like if I want the date, a clock, etc on the page without any server side effort. Again, if the user has scripting disabled, no hard no foul... they just won't see the date.
I have seen sites where the navigation was COMPLETELY dependant on scripting.... you see this some times with various drop down, dynamic menus. This means that if the user has scripting disabled, they can't go ANYWHERE within the site!
If it is something ESSENTIAL to your site, and it involves scripting, go server side to be on the safe side.
Cheers!
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2002
Status:
Offline
|
|
yup... go into your preferences and disable scripting
Or even
I can put as much data in a field as I want, regardless of the "length" attribute. Similarly, I can change hidden values if I want. Fundamentally, what leaves my ethernet port is entirely under my control, and sites often forget that.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2003
Location: J�mtland - Sweden
Status:
Offline
|
|
Ok.
Thanks for all the help.
I will try to build some kind of PHP protection to
|
Mighty3k @ #MacNN
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|