[1c3]

Hi there!

I need a validation script that checks a form.

Username and Password only a-z and 0-9
email contains a @ and at least one .

And i want the script to be run when a user cklicks the submit button. So I also need the pageloading to be stopped. Can that be done with "return false;"?

Thanks in advance

[philzilla]

i am now going to present you with the opportunity to find the answer for yourself, and thereby giving you that toasty feeling of solving your own problem: http://javascript.internet.com/

[1c3]

=P

thanks

[James L]

Hey,

If you don't get it let me know... I have quite an extensive email validation script somewhere that I used to use.

I don't really see the point in using Javascript to verify passwords though... anything client side is completely UNSECURE, so anyone could get the actual password.

I guess if this is a script where a user is first creating a password, entering it twice, etc, and it will be emailed to you, where you will add it to a server sided password database that would be o.k. Just don't try to use Javascript to verify someones password before they enter your site... to weak.

...hope this helps!

[1c3]

No!!
I am just using it to validate a register form.
The logg in is handled by PHP and SQL

[foamy]

You could also do the validation with PHP on the server side if you prefer, since you'll be processing your form for the login anyway.

The following works for .com, .gov, .edu, .net, .mil and .org.

Code:
function is_email_valid($email)
{
  return ereg("^[^@ ]+@[^@ ]+\\.(([a-zA-Z][a-zA-Z])|([Cc][Oo][Mm])|" .
              "([Gg][Oo][Vv])|([Ee][Dd][Uu])|([Nn][Ee][Tt])|" .
              "([Mm][Ii][Ll])|([Oo][Rr][Gg]))$",
              $email);
}

Alternatively I've used this one as well.

Code:
  function is_valid_email($email) {
     $regex = '^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3}))$';
     if (!eregi($regex,$email)) {
       return false;
     }
     else {
       return true;
     }   
  }

[Richard Edgar]

I am just using it to validate a register form.

I trust that this is being done simply to let the client get an error message faster. The server should not trust the validation result - all sorts of interesting things can be done if the server is foolish enough to assume that the JavaScript code has been run....

[1c3]

But if I run just JS it will be faster.

[clam2000]

The problem is that there is always a way to send bogus data that hasn't been checked with the javascript. your php script needs to check the data again before processing it or someone will eventually come along and do bad things to your server.

--will

[1c3]

How do you mean?
Is there away to bypass the JS?

[James L]

yup... go into your preferences and disable scripting.

[1c3]

Oh... didn't think about that... well.. I guess I have to do a server side validation too then

[James L]

I love working with Javascript, but I always ensure that anything I do with it is "non-essential". I will use it for rollovers, for example, but if the user has JS disabled in their browser then the link will still work fine, just without the flashy effect. I also use it for other things, like if I want the date, a clock, etc on the page without any server side effort. Again, if the user has scripting disabled, no hard no foul... they just won't see the date.

I have seen sites where the navigation was COMPLETELY dependant on scripting.... you see this some times with various drop down, dynamic menus. This means that if the user has scripting disabled, they can't go ANYWHERE within the site!


If it is something ESSENTIAL to your site, and it involves scripting, go server side to be on the safe side.

Cheers!

[Richard Edgar]

yup... go into your preferences and disable scripting

Or even

Code:
telnet host.com 80

I can put as much data in a field as I want, regardless of the "length" attribute. Similarly, I can change hidden values if I want. Fundamentally, what leaves my ethernet port is entirely under my control, and sites often forget that.

[1c3]

Ok.

Thanks for all the help.
I will try to build some kind of PHP protection to