...

View Full Version : Validating checkbox how to (novice)



BlackReef
07-25-2010, 11:09 AM
Hello,

So all I need to do is have a checkbox above the 'submit' button that the user must check before the button becomes active.

Once the user checks the checkbox, then the button becomes active - and users can click on this button to get to the new page.

However, I haven't found any tutorials online that handle this exactly. What I have found is example scripts that have multiple checkboxes, etc...and if I try to remove any of them from the script, it seems to mess up the functionality.

So - take this for example. This would actually work perfect, if the male/female option wasn't there, and the 'reset' wasn't there either:



<head>
<script type="text/javascript">
function validate(form) {
// Checking if at least one period button is selected. Or not.
if (!document.form1.sex[0].checked && !document.form1.sex[1].checked){

alert("Please Select Sex");
return false;}


if(!document.form1.agree.checked){alert("Please check the terms and conditions");
return false; }


return true;
}
</script>
</head>

<body>
<table border='0' width='50%' cellspacing='0' cellpadding='0' ><form name=form1 method=post action=action_page.php onsubmit='return validate(this)'><input type=hidden name=todo value=post>

<tr bgcolor='#ffffff'><td align=center ><font face='verdana' size='2'><b>Sex</b><input type=radio name=sex value='male'>Male </font><input type=radio name=sex value='female'><font face='verdana' size='2'>Female</font></td></tr>

<tr><td align=center bgcolor='#f1f1f1'><font face='verdana' size='2'><input type=checkbox name=agree value='yes'>I agree to terms and conditions </td></tr>
<tr bgcolor='#ffffff'><td align=center ><input type=submit value=Submit> <input type=reset value=Reset></td></tr>
</table>
</body>

I try to manually remove the 'male/female' options for this in Dreamweaver, but then the script doesn't work properly.

Can anybody help me out here? Would be greatly appreciated.

Thank you

Philip M
07-25-2010, 12:26 PM
Here you are:-


<html>
<head>

<script type="text/javascript">
function validate(form) {
if (!document.form1.agree.checked){
alert ("Please check the terms and conditions");
return false;
}

return true;
}
</script>
</head>

<body>
<form name= "form1" method="post" action="action_page.php" onsubmit='return validate(this)'>
<input type= "hidden" name="todo" value=post> // What is this supposed to do?
<input type= "checkbox" name="agree" value='yes'>I agree to terms and conditions
<input type= "submit" value="Submit">

</body>
</html>

You should use CSS to contol the layout, not tables.

Quizmaster: Sofia is the capital of which central European country?
Contestant: Bolivia.

BlackReef
07-27-2010, 03:29 AM
Thank you very much mr. Philip M! That did it! You can see the result here:


http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3 (http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3)

Quick question, the way it is now - people can just copy+paste the 'secret' URL into their browser and bypass the checkbox.

Is there any relatively simple way to address this? Maybe when somebody tries to load the page manually it verifies the checkbox and redirects them back to the checkbox page or....something (Im just thinking out loud here)

Old Pedant
07-27-2010, 08:35 AM
The page you are linking to is an ASP page, right?

So don't *DO* the validation in JavaScript! Do it in ASP.



<form name="form1" method="post" action="viewContent.asp">
<input type="hidden" name="idpage" value="18" />
<input type="checkbox" name="agree" value="yes" />
<input type="submit" value="View GEMTECH Technical Manuals"/>
</form>

And then, in the "viewContent.asp" page, do this:


<%
idpage = 0
On Error Resume Next
idpage = CINT(Request("idpage"))
On Error GoTo 0
If idpage = 0 Then Response.Redirect "invalidIdpage.asp"

properURL = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3") ' test this out
If idpage = 18 Then
If LCase(Request.ServerVariables("HTTP_REFERER")) <> properURL Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "youMustAgree.asp"
End If
... then do whatever you do now to show the content per the requested idpage value ...

Note that we do just Request("idpage") so that the code works regardless if idpage is coming from a querystring (from your <a href> links) or from <form method="post">. But then we do Request.Form("agree") so that the value *must* come from a posted <form>.

Now...it is still true that a person could "spoof" you. But they'd have to go to a lot of work to spoof both the HTTP_REFERER and to fake the POST of the <form>. And surely you could construe that spoofing as legal acceptance of the terms.

No??

********

EDIT: If it's not obvious, the file names I used there (e.g., "youMustAgree.asp") are just for illustrative purposes. Use your own filenames. Or whatever code you prefer.

Old Pedant
07-27-2010, 08:41 AM
Thank you very much mr. Philip M! That did it! You can see the result here:


http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3 (http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3)



Um...no, we can't. When I use that page, the function validate() is not there and causes an error when debug is turned on.

BlackReef
07-27-2010, 08:13 PM
Um...no, we can't. When I use that page, the function validate() is not there and causes an error when debug is turned on.

Hi Old Pedant.

Looks like the store owner got on there overnight and changed the code, sorry man. Looks like Im going to have to redo it, again

BlackReef
07-27-2010, 08:45 PM
The page you are linking to is an ASP page, right?

So don't *DO* the validation in JavaScript! Do it in ASP.



<form name="form1" method="post" action="viewContent.asp">
<input type="hidden" name="idpage" value="18" />
<input type="checkbox" name="agree" value="yes" />
<input type="submit" value="View GEMTECH Technical Manuals"/>
</form>

And then, in the "viewContent.asp" page, do this:


<%
idpage = 0
On Error Resume Next
idpage = CINT(Request("idpage"))
On Error GoTo 0
If idpage = 0 Then Response.Redirect "invalidIdpage.asp"

properURL = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3") ' test this out
If idpage = 18 Then
If LCase(Request.ServerVariables("HTTP_REFERER")) <> properURL Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "youMustAgree.asp"
End If
... then do whatever you do now to show the content per the requested idpage value ...

Note that we do just Request("idpage") so that the code works regardless if idpage is coming from a querystring (from your <a href> links) or from <form method="post">. But then we do Request.Form("agree") so that the value *must* come from a posted <form>.

Now...it is still true that a person could "spoof" you. But they'd have to go to a lot of work to spoof both the HTTP_REFERER and to fake the POST of the <form>. And surely you could construe that spoofing as legal acceptance of the terms.

No??

********

EDIT: If it's not obvious, the file names I used there (e.g., "youMustAgree.asp") are just for illustrative purposes. Use your own filenames. Or whatever code you prefer.

wow, thanks for this. So, a few questions. On the form page, that seems easy enough...but on the ViewCategories.asp page, that .asp file actually controls all the content pages (which are added dynamically through the store software control panel).

Should I just put the script inside the viewcategories.asp file, even though we only actually need it for viewContent.asp?idpage=18 ? If so, does it matter where i put the code in the file?

.ASP is a bit techincal to me, Im sure its easier than it seems though.

BlackReef
07-27-2010, 08:50 PM
Just for reference, here is the contents of the viewcontent.asp file as it stands:



<% response.Buffer=true %>
<!--#include file="../includes/settings.asp"-->
<!--#include file="../includes/storeconstants.asp"-->
<!--#include file="../includes/opendb.asp"-->
<!--#include file="../includes/languages.asp"-->
<!--#include file="../includes/currencyformatinc.asp"-->
<!--#include file="../includes/adovbs.inc"-->
<!--#include file="../includes/stringfunctions.asp"-->
<!--#include file="../includes/ErrorHandler.asp"-->
<!--#include file="pcStartSession.asp"-->
<%

dim pTempIntPageID, pcv_IDPage

pTempIntPageID=session("idContentPageRedirect")
if pTempIntPageID = "" then
pTempIntPageID=getUserInput(request("idpage"),10)
end if

'// Validate Content Page ID
if not validNum(pTempIntPageID) then
response.redirect "default.asp"
end if
pcv_IDPage=pTempIntPageID
session("idContentPageRedirect")=""

'// Check for admin preview
if scSeoURLs=1 then ' Retrieve additional querystring (if any) from session variable
pcIntAdminPreview = InStr(lcase(session("strSeoQueryString")),"adminpreview=1")
else
pcIntAdminPreview = getUserInput(request("adminPreview"),10)
end if
if not validNum(pcIntAdminPreview) then pcIntAdminPreview=0
if pcIntAdminPreview = 1 and session("admin") <> 0 then
query1 = ""
else
query1 = " AND pcCont_InActive=0 AND pcCont_Published=1"
end if


'// Select pages compatible with customer type
if session("customerCategory")<>0 then ' The customer belongs to a customer category
' Load pages accessible by ALL, plus those accessible by the customer pricing category that the customer belongs to
if session("customerType")=0 then
' Customer category does NOT have wholesale privileges, so exclude those pages
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType='CC_" & session("customerCategory") &"')"
else
' Customer category HAS wholesale privileges, so include wholesale-only pages
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType = 'W' OR pcCont_CustomerType='CC_" & session("customerCategory") &"')"
end if
else
if session("customerType")=0 then
' Retail customer or customer not logged in: load pages accessible by ALL
query2 = " AND pcCont_CustomerType = 'ALL'"
else
' Wholesale customer: load pages accessible by ALL and Wholesale customers only
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType = 'W')"
end if
end if


Dim rs, connTemp
call opendb()
query="SELECT pcCont_PageName, pcCont_IncHeader, pcCont_MetaTitle, pcCont_Description, pcCont_Parent, pcCont_MetaDesc, pcCont_MetaKeywords, pcCont_PageTitle FROM pcContents WHERE pcCont_IDPage=" & pcv_IDPage & query1 & query2
set rs=Server.CreateObject("ADODB.Recordset")
set rs=connTemp.execute(query)
if err.number<>0 then
call LogErrorToDatabase()
set rs=nothing
call closedb()
response.redirect "techErr.asp?err="&pcStrCustRefID
end if
if rs.eof then
set rs=nothing
call closeDB()
response.redirect "msg.asp?message=300"
end if

pcv_PageNameH=rs("pcCont_PageName")
pcv_IncHeader=rs("pcCont_IncHeader")
if not pcv_IncHeader<>"" then
pcv_IncHeader="0"
end if
pcv_DefaultTitle=rs("pcCont_MetaTitle")
if isNull(pcv_DefaultTitle) or trim(pcv_DefaultTitle)="" then
pcv_DefaultTitle=ClearHTMLTags2(pcv_PageNameH,0)
end if
pcv_DefaultTitle = pcv_DefaultTitle & " - " & scCompanyName
pcv_Description=rs("pcCont_Description")

pcInt_Parent=rs("pcCont_Parent")
if not validNum(pcInt_Parent) then pcInt_Parent=0

pcv_DefaultDescription=rs("pcCont_MetaDesc")
if pcv_DefaultDescription="" or isNull(pcv_DefaultDescription) then
pcv_DefaultDescription=pcv_DefaultTitle
end if
pcv_DefaultKeywords=rs("pcCont_MetaKeywords")
pcv_PageTitle=rs("pcCont_PageTitle")

set rs=nothing
call closeDB()

' If this content page contains the header & footer, load them
' Otherwise just load the content page code itself.

if pcv_IncHeader="1" then %>
<!--#include file="header.asp"-->
<!--#include file="pcValidateHeader.asp"-->
<div id="pcMain">
<table class="pcMainTable">

<%
if pcv_PageTitle<>"" then
%>
<tr>
<td>
<h1><%=pcv_PageTitle%></h1>
</td>
</tr>
<%
end if
%>
<tr>
<td>
<%
end if
%>

<%=pcv_Description%>

<%
'// Back button
if pcInt_Parent=0 then
pcvPageLink="home.asp"
else
pcvPageLink="viewPages.asp?idpage=" & pcInt_Parent
end if
%>
<hr />
<div style="margin-top: 10px; margin-left: 26px;">
<div align="left"><a href="<%=pcvPageLink%>"><img src="<%=rslayout("back")%>" title="alt="<%=dictLanguage.Item(Session("language")&"_viewPages_1")%>"" alt="<%=dictLanguage.Item(Session("language")&"_viewPages_1")%>"></a>
</div>
</div>
<%
if pcv_IncHeader="1" then
%>
</td>
</tr>
</table>
</div>
<!--#include file="footer.asp"-->
<%
end if
%>

Old Pedant
07-27-2010, 08:56 PM
I don't know the answer.

Depends on how the pages are generated.

You could certainly try that and yank it out if it doesn't work.

Old Pedant
07-27-2010, 09:00 PM
Whoops...you posted as I was posting.

Hmmm... Looks to me like you could slip it in here:


pTempIntPageID=session("idContentPageRedirect")
if pTempIntPageID = "" then
... put the protection code here ...
pTempIntPageID=getUserInput(request("idpage"),10)
end if

BlackReef
07-27-2010, 09:21 PM
wow, that really works. Im playing with it now, but so far, so good. Thank you sir so much for you help

BlackReef
07-27-2010, 10:49 PM
wow, that really works. Im playing with it now, but so far, so good. Thank you sir so much for you help

Wow, so everything worked for the most part, thanks again.

I do have one more question if you don't mind.

You can see on this page:

http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3

If you don't check the box and try to hit the submit button, it redirects you to a duplicate page (that I setup) and the only difference between the two pages is the second one has a "You MUST confirm...." message. You can see this page here:

http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19


idpage=19 is also the page that you get automatically sent to if you try to manually put in the 'secret' URL in your browser.

Now, the ONLY problem I am having is that if on the second page (idpage=19) you try and check the box and click submit, it will always send you to the first page, where you have to check the box again and submit to finally go to the download page.

Is it possible to set it up so both pages send you to the 'secret' page as long as the check box is checked?

I tried to get a bit creative with it, maybe there is a better way.

Thanks again

Old Pedant
07-27-2010, 10:54 PM
Can you show the actual code you used?

Should be a trivial change.

In my original code, you could do it thus:


properURL1 = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3")
properURL2 = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19")
If idpage = 18 Then
referer = LCase(Request.ServerVariables("HTTP_REFERER"))
If referer <> properURL1 AND referer <> properURL2 Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "youMustAgree.asp"
End If

See? Just check for both URLs and allow either one.

BlackReef
07-27-2010, 11:05 PM
Hi,

Ok well I added the 2nd URL to the viewcontent.asp page, didn't seem to work:


<% response.Buffer=true %>
<!--#include file="../includes/settings.asp"-->
<!--#include file="../includes/storeconstants.asp"-->
<!--#include file="../includes/opendb.asp"-->
<!--#include file="../includes/languages.asp"-->
<!--#include file="../includes/currencyformatinc.asp"-->
<!--#include file="../includes/adovbs.inc"-->
<!--#include file="../includes/stringfunctions.asp"-->
<!--#include file="../includes/ErrorHandler.asp"-->
<!--#include file="pcStartSession.asp"-->
<%

dim pTempIntPageID, pcv_IDPage

pTempIntPageID=session("idContentPageRedirect")
if pTempIntPageID = "" then
idpage = 0
On Error Resume Next
idpage = CINT(Request("idpage"))
On Error GoTo 0
If idpage = 0 Then Response.Redirect "http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19"

properURL = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3")
properURL2 = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19")

If idpage = 18 Then
If LCase(Request.ServerVariables("HTTP_REFERER")) <> properURL Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19"
End If
pTempIntPageID=getUserInput(request("idpage"),10)
end if

'// Validate Content Page ID
if not validNum(pTempIntPageID) then
response.redirect "default.asp"
end if
pcv_IDPage=pTempIntPageID
session("idContentPageRedirect")=""

'// Check for admin preview
if scSeoURLs=1 then ' Retrieve additional querystring (if any) from session variable
pcIntAdminPreview = InStr(lcase(session("strSeoQueryString")),"adminpreview=1")
else
pcIntAdminPreview = getUserInput(request("adminPreview"),10)
end if
if not validNum(pcIntAdminPreview) then pcIntAdminPreview=0
if pcIntAdminPreview = 1 and session("admin") <> 0 then
query1 = ""
else
query1 = " AND pcCont_InActive=0 AND pcCont_Published=1"
end if


'// Select pages compatible with customer type
if session("customerCategory")<>0 then ' The customer belongs to a customer category
' Load pages accessible by ALL, plus those accessible by the customer pricing category that the customer belongs to
if session("customerType")=0 then
' Customer category does NOT have wholesale privileges, so exclude those pages
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType='CC_" & session("customerCategory") &"')"
else
' Customer category HAS wholesale privileges, so include wholesale-only pages
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType = 'W' OR pcCont_CustomerType='CC_" & session("customerCategory") &"')"
end if
else
if session("customerType")=0 then
' Retail customer or customer not logged in: load pages accessible by ALL
query2 = " AND pcCont_CustomerType = 'ALL'"
else
' Wholesale customer: load pages accessible by ALL and Wholesale customers only
query2 = " AND (pcCont_CustomerType = 'ALL' OR pcCont_CustomerType = 'W')"
end if
end if


Dim rs, connTemp
call opendb()
query="SELECT pcCont_PageName, pcCont_IncHeader, pcCont_MetaTitle, pcCont_Description, pcCont_Parent, pcCont_MetaDesc, pcCont_MetaKeywords, pcCont_PageTitle FROM pcContents WHERE pcCont_IDPage=" & pcv_IDPage & query1 & query2
set rs=Server.CreateObject("ADODB.Recordset")
set rs=connTemp.execute(query)
if err.number<>0 then
call LogErrorToDatabase()
set rs=nothing
call closedb()
response.redirect "techErr.asp?err="&pcStrCustRefID
end if
if rs.eof then
set rs=nothing
call closeDB()
response.redirect "msg.asp?message=300"
end if

pcv_PageNameH=rs("pcCont_PageName")
pcv_IncHeader=rs("pcCont_IncHeader")
if not pcv_IncHeader<>"" then
pcv_IncHeader="0"
end if
pcv_DefaultTitle=rs("pcCont_MetaTitle")
if isNull(pcv_DefaultTitle) or trim(pcv_DefaultTitle)="" then
pcv_DefaultTitle=ClearHTMLTags2(pcv_PageNameH,0)
end if
pcv_DefaultTitle = pcv_DefaultTitle & " - " & scCompanyName
pcv_Description=rs("pcCont_Description")

pcInt_Parent=rs("pcCont_Parent")
if not validNum(pcInt_Parent) then pcInt_Parent=0

pcv_DefaultDescription=rs("pcCont_MetaDesc")
if pcv_DefaultDescription="" or isNull(pcv_DefaultDescription) then
pcv_DefaultDescription=pcv_DefaultTitle
end if
pcv_DefaultKeywords=rs("pcCont_MetaKeywords")
pcv_PageTitle=rs("pcCont_PageTitle")

set rs=nothing
call closeDB()

' If this content page contains the header & footer, load them
' Otherwise just load the content page code itself.

if pcv_IncHeader="1" then %>
<!--#include file="header.asp"-->
<!--#include file="pcValidateHeader.asp"-->
<div id="pcMain">
<table class="pcMainTable">

<%
if pcv_PageTitle<>"" then
%>
<tr>
<td>
<h1><%=pcv_PageTitle%></h1>
</td>
</tr>
<%
end if
%>
<tr>
<td>
<%
end if
%>

<%=pcv_Description%>

<%
'// Back button
if pcInt_Parent=0 then
pcvPageLink="home.asp"
else
pcvPageLink="viewPages.asp?idpage=" & pcInt_Parent
end if
%>
<hr />
<div style="margin-top: 10px; margin-left: 26px;">
<div align="left"><a href="<%=pcvPageLink%>"><img src="<%=rslayout("back")%>" title="alt="<%=dictLanguage.Item(Session("language")&"_viewPages_1")%>"" alt="<%=dictLanguage.Item(Session("language")&"_viewPages_1")%>"></a>
</div>
</div>
<%
if pcv_IncHeader="1" then
%>
</td>
</tr>
</table>
</div>
<!--#include file="footer.asp"-->
<%
end if
%>

Old Pedant
07-27-2010, 11:09 PM
You only made *ONE* of my changes.

Look again at what I wrote.

You must make your IF depend on *BOTH* properURL and properURL2.


properURL = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3")
properURL2 = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19")

If idpage = 18 Then
referer = LCase(Request.ServerVariables("HTTP_REFERER"))
If referer <> properURL AND referer <> properURL2 Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19"
End If

BlackReef
07-27-2010, 11:14 PM
You only made *ONE* of my changes.

Look again at what I wrote.

You must make your IF depend on *BOTH* properURL and properURL2.


properURL = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=3")
properURL2 = LCase("http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19")

If idpage = 18 Then
referer = LCase(Request.ServerVariables("HTTP_REFERER"))
If referer <> properURL AND referer <> properURL2 Then Response.Redirect properURL
If Trim(Request.Form("agree")) <> "yes" Then Response.Redirect "http://gem-tech.com.mytempweb.com/store/pc/viewContent.asp?idpage=19"
End If


That fixed it! I should have paid attention to the details. Thank you very much for your time, it is greatly appreciated good sir. Your knowledge of this type of stuff is very humbling, I have a long ways to go!

Thanks again good sir, and take care



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum