...

View Full Version : Obsolete code



lostinjavascrpt
07-25-2010, 11:48 PM
The code on my web site is obsolete and no longer supported by the creating company. Can anyone help me correct the following section


// CHECK NUMERIC FORMAT
// provide one of the following:
// min=q; if the value is an ID, and you want it > q to be valid..
// max=r; if the value is an ID, and you want it < r to be valid..
if ((e.type == "text" || e.type == "textarea") && (e.numeric || (e.min != null) || (e.max != null)) && !isblank(e.value)) {
var v = parseFloat(e.value);
var v2 = e.value.replace(/,/, "");

if ((isNaN(v)) || (isNaN(v2)) || ((e.min != null) && (v < e.min)) || ((e.max != null) && (v > e.max))) {
errors += "- The field " + getDisplay(e) + " must be a number";
errorsf += "- Le champ " + getDisplay(e) + " doit Ítre un nombre";

if (e.min != null) {
errors += " that is greater than " + e.min;
errorsf += " c'est plus grand que " + e.min;
}

if (e.max != null && e.min != null) {
errors += " and less than " + e.max;
errorsf += " et moins que " + e.max;
} else if (e.max != null) {
errors += " that is less than " + e.max;
errorsf += " c'est moins que " + e.max;
}

errors += ".\n";
errorsf += ".\n";
}

}

In the latest version of Safari (and I am told Chrome) this code rejects all inputs with the error message "The field must be a number etc." It was suggested that I remove this check which I did. This resulted in a different type of error message "Element Title is undefined in Attributes" this could be another error not related to the removal of the above section.
Thanks

Old Pedant
07-26-2010, 04:53 AM
I don't see anything fundamentally wrong in that code.

We don't know what "e" is, because you don't show where it comes from, so indeed if "e" doesn't support the properties you are using the code won't work. But it's clearly possible that "e" does support all those properties.

You will have to show more code before we can determine where the problem is.

lostinjavascrpt
07-26-2010, 02:11 PM
Thanks for the reply, sorry this is rather long.
My programming experience was in the 60's and 70's! From the rest of the programs I think this is javascript 1.1 or 1.2. It has been working since I purchased it in 2003 but the supplier was bought out and the new owners stopped supporting it two years ago, so now I am on my own.


// validation v2.3.0
// Last modified: Monday, February 11, 2002
/*
Syntax: verify([form], [true|false], [true|false]);

Example: verify([form], [true = english|false = french], [true = all fields optional|false = all fields required]);

Attributes for different types
------------------------------

text, textarea, file, password
numeric=[true|false];
min=x;
max=y;
emailFormat=[true|false];
dateFormat=[true|false];
minLen=x;
maxLen=y;
minLen=x; minimum string length (password length > 6 for example)
maxLen=y; maximum string length (not necessary with the use of forms)
compare=oElement; compare the value of the current element with that of another element
allowChar=string; a string on chars, that are allowed (ie "1234567890()-." for a phone number)

select-one, select(non-multiple)
inList=[true|false];
indexList="1,2,3,4,5,..n";
min=x;
max=y;

radio, checkbox
Example: f.element[0].alt = "Title";

generic
optional=[true|false];
compare=formFieldObject;

Warnings
a radio button/checkbox cannot be the first form element in a form.

Features that need to be added (or do we bother?)
mask='mm/dd/yyyy';
requiredBy=formFieldObject; not implemented - if value != '', e.optional=false;
mask - Adding a a condition that if you encounter some special characters... adding special character to the numeric option .... like () - or . (telephone number)
*/

// globals
var clickcheck = 0; //increments in verify(), prevents multiple submit
var errors = "";
var errorsf = "";
var english = true;
var allOptional = false; //Allows user to decide whether all fields are required or not.

function isblank(s)
{
for(var i = 0; i < s.length; i++) {
var c = s.charAt(i);
if ((c != ' ') && (c != '\n') && (c != '\t')) return false;
}
return true;
}

function oCROption(checked, value)
{
this.checked = checked;
this.value = value;
}

function oCR(e)
{
this.name = e.name;
this.type = e.type;
if(e.alt != null) this.alt = e.alt;
if(e.optional != null) this.optional = e.optional;
this.myOptions = new Array();
}

function getDisplay(e) {
if ((e.alt != null) && (e.alt != "")) {
display = e.alt;
} else {
display = e.name;
}

return display;
}

function allowedChar(strValidCharacterSet, strToBeChecked) {
var i;

if (!strToBeChecked.length) { return false; }

for (i=0; i<strToBeChecked.length; i++) {
if (strValidCharacterSet.indexOf(strToBeChecked.charAt(i)) == -1) {
return false;
}
}

return true;
}

function verify(f, english, allOptional)
{

var msg = "";
var empty_fields = "";
lastElement = "_NoElement";
var myArray = new Array();

//must create a new array of objects to loop through
for(i=0;i<f.length;i++) {
e = f.elements[i];
if((e.type != "checkbox") && (e.type != "radio")) {
myArray[myArray.length] = e;
} else {
chkObjExist = 0;
for(j=0;j<myArray.length;j++){
if(myArray[j].name == e.name){
chkObjExist=j;
}
}

if(!chkObjExist) {
idx = myArray.length;
myArray[idx] = new oCR(e);
myArray[idx].myOptions[myArray[idx].myOptions.length] = new oCROption(e.checked, e.value);
} else {
myArray[chkObjExist].myOptions[myArray[chkObjExist].myOptions.length] = new oCROption(e.checked, e.value);
}
}
}

// now loop through the new array
for(var i = 0; i < myArray.length; i++) {
var e = myArray[i]; // collections refered to by name

if(e.validated != null && e.validated != undefined)e.validated=false;

if(!e.validated && e.name != lastElement) {
lastElement = e.name;
e.validated=true;

// uncomment for no required fields ..
if (allOptional == true) {
if(e.optional == null) e.optional = true;
}

// NOT OPTIONAL - Does blank check
if (((e.type == "text") || (e.type == "textarea") || (e.type == "file") || (e.type == "password")) && !e.optional) {
// first check if the field is empty
if ((e.value == null) || (e.value == "") || isblank(e.value)) {
empty_fields += "\n " + getDisplay(e);
continue;
}
}

//Required Checkbox/radio button
if(((e.type == "radio") || (e.type == "checkbox")) && !e.optional) {
crcheck=false;

//single objects have no length
if(e.myOptions.length) {
for(k=0;k<e.myOptions.length;k++) {
if(e.myOptions[k].checked) {
crcheck=true;
}
}
} else {
if(e.checked) {
crcheck=true; // why? By clicking here you verify that...
}
}

if(!crcheck) {
empty_fields += "\n " + getDisplay(e);
}
}

// String validation
// minLen=x; minimum string length (password length > 6 for example)
// maxLen=y; maximum string length (not necessary with the use of forms)
// compare=oElement; compare the value of the current element with that of another element
if (((e.type == "text") || (e.type == "textarea") || (e.type == "file") || (e.type == "password")) && !isblank(e.value)) {
if(e.value.length < e.minLen){
errors += getDisplay(e);
errors += " must be at least " + e.minLen + " characters in length.\n";
errorsf += getDisplay(e);
errorsf += " doit être au moins " + e.minLen + " caractères en longueur.\n";
}
if(e.value.length > e.maxLen){
errors += getDisplay(e);
errors += " must be less than " + e.maxLen + " characters in length.\n";
errorsf += getDisplay(e);
errorsf += " doit être moins que " + e.maxLen + " caractères en longueur.\n";
}
if(e.compare != null && (e.compare.value != e.value)){
errors += getDisplay(e);
errors += " must match " + getDisplay(e.compare) + ".\n";
errorsf += getDisplay(e);
errorsf += " doit correspondre " + getDisplay(e.compare) + ".\n";
}
if((e.allowChar != null) && (allowedChar(e.allowChar, e.value) == false)) {
errors += getDisplay(e);
errors += " contains invalid characters.\n";
errorsf += getDisplay(e);
errorsf += " contient des charactères invalides.\n";
}

}

// CHECK NUMERIC FORMAT
// provide one of the following:
// min=q; if the value is an ID, and you want it > q to be valid..
// max=r; if the value is an ID, and you want it < r to be valid..
if ((e.type == "text" || e.type == "textarea") && (e.numeric || (e.min != null) || (e.max != null)) && !isblank(e.value)) {
var v = parseFloat(e.value);
var v2 = e.value.replace(/,/, "");

if ((isNaN(v)) || (isNaN(v2)) || ((e.min != null) && (v < e.min)) || ((e.max != null) && (v > e.max))) {
errors += "- The field " + getDisplay(e) + " must be a number";
errorsf += "- Le champ " + getDisplay(e) + " doit être un nombre";

if (e.min != null) {
errors += " that is greater than " + e.min;
errorsf += " c'est plus grand que " + e.min;
}

if (e.max != null && e.min != null) {
errors += " and less than " + e.max;
errorsf += " et moins que " + e.max;
} else if (e.max != null) {
errors += " that is less than " + e.max;
errorsf += " c'est moins que " + e.max;
}

errors += ".\n";
errorsf += ".\n";
}

}


// CHECK EMAIL FORMAT
if (e.emailFormat && ((e.type == "text") || (e.type == "textarea"))) {
if (isblank(e.value) == false) {
var emailError = 0

indAt = e.value.indexOf('@');
indDot = e.value.lastIndexOf('.');

if ( (indAt == -1) || (indDot == -1) || (indDot < indAt) || (indDot < (e.value.length - 5)) || ((indDot - indAt) <= 1) || (indAt == 0) ) {
errors += "- The email address '" + e.value + "' appears to be in an invalid format. Please confirm the email address.\n";
errorsf += "- Le couriel '" + e.value + "' semble être dans un format invalide. Veuillez confirmer l'adresse électronique.\n";
}
}
}

// CHECK DATE FORMAT
// required format: m[m]|d[d]|yyyy where | is any ascii character
if (e.dateFormat && ((e.type == "text") || (e.type == "textarea"))) {
if (isblank(e.value) == false) {
var maxDays = 31;
var allNumeric = true;
var monthOneChar = false;
var dayOneChar = false;

theMonth = e.value.substring(0,2);
if (isNaN(theMonth)) {
theMonth = e.value.substring(0,1);
monthOneChar = true;
}

if (monthOneChar) {
theDay = e.value.substring(2,4);
if (isNaN(theDay)) {
theDay = e.value.substring(2,3);
dayOneChar = true;
}
} else {
theDay = e.value.substring(3,5);
if (isNaN(theDay)) {
theDay = e.value.substring(3,4);
dayOneChar = true;
}
}

if (monthOneChar && dayOneChar) {
theYear = e.value.substring(4,8);
} else if (monthOneChar || dayOneChar) {
theYear = e.value.substring(5,9);
} else {
theYear = e.value.substring(6,10);
}

if (isNaN(theMonth) || isNaN(theDay) || isNaN(theYear)) {
allNumeric = false;
} else {
if (theMonth == 2) {
if ((theYear % 4) == 0) {
maxDays = 29
} else {
maxDays = 28;
}
} else if ((theMonth == 4) || (theMonth == 6) || (theMonth == 9) || (theMonth == 11)) {
maxDays = 30;
}
}

if (
(allNumeric == false) ||
(e.value.length > 10) ||
(e.value.length < 8) ||
((theMonth < 1) || (theMonth > 12)) ||
((theDay < 1) || (theDay > maxDays)) ||
((theYear < 1900) || (theYear > 9999))
) {
errors += "- The date '" + e.value + "' appears to be in an invalid format. Please re-enter the date as mm/dd/yyyy.\n";
errorsf += "- La date '" + e.value + "' semble être dans un format invalide. Entrez s'il vous plaît dans la date comme mm/jj/aaaa.\n";
}
}
}

//Dropdowns - make sure the item selected is a valid item
//not appropriate for multiple selects
//Dropdowns sometimes include headers
//provide one of the following:
// inList=[true|false]; selectedIndex Must/Must Not be in indexList
// indexList="1,2,3,4,5,..n";
// min=q; if the value is an ID, and you want it > q to be valid..
// max=r; if the value is an ID, and you want it < r to be valid..
if(((e.type == "select") || (e.type == "select-one")) && !e.multiple) {
dropcheck=true;
if(e.selectedIndex == null)e.selectedIndex=0;
if(e.inList == null)e.inList=false;

if(e.indexList){
indexArray = e.indexList.split(",");
for(idx=0;idx<indexArray.length;idx++){
check=indexArray[idx];
if((!e.inList && check==e.selectedIndex)||(e.inList && check!=e.selectedIndex)){
dropcheck=false;
}
}
}

if ((e.min != null) && (e[e.selectedIndex].value < e.min)) dropcheck=false;
if ((e.max != null) && (e[e.selectedIndex].value > e.max)) dropcheck=false;

if(!dropcheck && e[e.selectedIndex].value == "") {
empty_fields += "\n " + getDisplay(e);
} else if (!dropcheck) {
errors += "An inappropriate selection has been made in " + getDisplay(e) + "\n";
errorsf += "Un choix inopportun a été fait dans " + getDisplay(e) + "\n";
}

}

} // end check validated

} // end for

if (!empty_fields && !errors) {
//wait = "Please wait while your entries are updated.\n(This may take up to a minute.)";
//waitf = "Attendez s'il vous plaît tandis que vos entrées sont mises à jour. (Cela peut prendre jusqu'à une minute.)";

//if(english)alert(wait);

//if(!english)alert(waitf);

clickcheck++;
return true;
}

msg = "______________________________________________________\n\n"
msg += "The form was not submitted because of the following error(s).\n";
msg += "Please correct these error(s) and re-submit.\n";
msg += "______________________________________________________\n\n"

msgf = "______________________________________________________\n\n"
msgf += "Le formulaire n'a pas été soumis à cause d'une ou des erreurs suivantes.\n";
msgf += "Corrigez s'il vous plaît cette ou ces erreurs et resoumettre.\n";
msgf += "______________________________________________________\n\n"

if (empty_fields) {
msg += "- The following required field(s) are empty:" + empty_fields + "\n";
msgf += "- Le ou les champs exigés suivant sont vide:" + empty_fields + "\n";
}

msg += "\n" + errors;
msgf += "\n" + errorsf;


if(!english)alert(msgf);

if(english)alert(msg);

errors = "";
errorsf = "";

return false;
}

lostinjavascrpt
07-26-2010, 05:46 PM
Tried Chrome on a PC running XP same error message.
Updated Mac to Snow Leopard from Leopard.
Safari now runs perfectly!
Downloaded Chrome to the Mac running Snow Leopard, same error messages as before.

Old Pedant
07-26-2010, 07:58 PM
Okay, so now show the <form> you are using this with.

*APPARENTLY* you are using something like

<form ...>
<input name="something" type="text" min="3" max="10" />
...

And so when the JS code tries to get those min and max values, it can't, with modern browsers.

The other possibility is that it *can* get min and max, but when it does the comparisons of v (the value of the field, converted to a number) to min and max, it ends up doing *string* comparisons.

I guess we could *try* cleaning up the sloppy code and see what we get.



// provide one of the following:
// min=q; if the value is an ID, and you want it > q to be valid..
// max=r; if the value is an ID, and you want it < r to be valid..
var emin = e.min;
if ( emin != null ) emin = parseFloat(emin);
var emax = e.max;
if ( emax != null ) emax = parseFloat(emax);

if ((e.type == "text" || e.type == "textarea") && (e.numeric || (emin != null) || (emax != null)) && !isblank(e.value)) {
var v = parseFloat(e.value);
var v2 = e.value.replace(/,/, "");

if ((isNaN(v)) || (isNaN(v2)) || ((emin != null) && (v < emin)) || ((emax != null) && (v > emax))) {
errors += "- The field " + getDisplay(e) + " must be a number";
errorsf += "- Le champ " + getDisplay(e) + " doit être un nombre";

if (emin != null) {
errors += " that is greater than " + e.min;
errorsf += " c'est plus grand que " + e.min;
}

if (emax != null && emin != null) {
errors += " and less than " + e.max;
errorsf += " et moins que " + e.max;
} else if (emax != null) {
errors += " that is less than " + e.max;
errorsf += " c'est moins que " + e.max;
}

errors += ".\n";
errorsf += ".\n";
}

}

Notice that I changed all the e.min and e.max to just emin and emax, except where I got their values at the very start. And then, if they aren't null, I convert them to numbers to ensure we are doing numeric comparisons.

If that still doesn't work, we might try this:

var emin = e.min;
if ( emin == null ) emin = e.getAttribute("min");
if ( emin != null ) emin = parseFloat(emin);
var emax = e.max;
if ( emax == null ) emax = e.getAttribute("max");
if ( emax != null ) emax = parseFloat(emax);


If those don't help, let's see the actual <form>, or at least a part of it that pertains to the error messages you are getting.

lostinjavascrpt
07-26-2010, 10:37 PM
Thank-you very much for all the help, I am going to leave it until the morning when I am more awake! I don't want to mess up. The user of the Mac which was updated to Snow Leopard had now done the latest updates and the problem has reappeared - he should have left well alone!

lostinjavascrpt
07-27-2010, 05:22 PM
I tried both of those fixes both gave the same slight improvement!
The login accepts a user name that is numeric only (without your fix it would not accept a number), it does not accept letters either alone or mixed with numbers. Using 1234 as the user name and a correct password set up for that user name works. So it would seem that no matter what you give it, it expects it to be a number. Both forms are in the secure section of the web site.
This problem happens on both forms, one is a simple Login so I will use that as the example.


<!---
<fusedoc language="ColdFusion" FUSE="frmLogin" Specification="2.0">
<responsibilities>
Display the login form
</responsibilities>
<properties>
<property name="Version" value="1.0" comments=""/>
<property name="dtLastModified" value="04/02/2002" comments=""/>
<history email="rjc@magma.ca" author="xxxx" type="create" date="04/02/2002" role="Architect"/>
</properties>
<IO>
<out>
<String name="strUsername" format="CFML" Scope="formOrUrl" optional="No"/>
<String name="strPassword" format="CFML" Scope="formOrUrl" optional="No"/>
</out>
</IO>
</fusedoc>
--->
<cf_htmlhead>
<script language="JavaScript1.1" src="<cfoutput>#request.css#</cfoutput>/multiLingFormValidation.js"></script>
<script language="JavaScript1.1">
<!--
function validate(f) {

f.strUsername.alt = "Username";
f.strPassword.alt = "Password";

return verify(f, true, false);
}
//-->
</script>
</cf_htmlhead>
<table width="250" border="0" cellspacing="0" cellpadding="3">
<form action="index.cfm" method="post" onSubmit="return validate(this);" name="frmLogin">
<input type="hidden" name="fuseaction" value="admin.actVerifyUser">
<tr>
<td colspan="2" class="formHeader">Administration Login</td>
</tr>
<tr>
<td class="formFieldName"><font class="formRequiredFields">* </font><label for="strUsername"><u>U</u>sername</label>:</td>
<td class="formField"><input type="text" name="strUsername" id="strUsername" value="" size="20" maxlength="20" accesskey="U" tabindex="1" onFocus="if (this.value && this.value == 'username') { this.value = ''; } this.select();"></td>
</tr>
<tr>
<td class="formFieldName"><font class="formRequiredFields">* </font><label for="strPassword"><u>P</u>assword</label>:</td>
<td class="formField"><input type="password" name="strPassword" id="strPassword" value="" size="20" maxlength="20" accesskey="P" tabindex="2" onFocus="this.select();"></td>
</tr>
<tr>
<td class="formFooter" nowrap><font class="formRequiredFields">* Required fields</font></td>
<td align="right" class="formFooter"><input type="image" src="<cfoutput>#request.adminimages#</cfoutput>/login.gif" border="0" tabindex="3"></td>
</tr>
</table>
</form>
<script language="JavaScript">
<!--
<cfif isDefined('attributes.errorCode')>
<cfif attributes.errorCode EQ 500>
alert("An unexpected has occured please confirm your username and password, and try again.");
<cfelseif attributes.errorCode EQ 404>
alert("The username or password was incorrect. Please try again.");
</cfif>
</cfif>
document.frmLogin.strUsername.focus();
//-->
</script>

Old Pedant
07-27-2010, 06:47 PM
Can you bring that page up in your browser and then click on the VIEW menu and then on the SOURCE or CODE SOURCE menu item? (Not sure what the equivalent is with Safari, but it should be close to that.)

That should show you the HTML that the CF code is generating and maybe it will give us a clue.

As it is, I don't see any place in those form fields (strUsername or strPassword) that would be triggering the "number only" behavior from the validation code. But maybe CF is stuffing something into them that doesn't show here.

Old Pedant
07-27-2010, 06:49 PM
I *THINK* that for some reason the validator code thinks that e.numeric is true.

That is, that the field has

<input name="strUsername" numeric="true" ....


Clearly, that's not in the CF code, but it might be in the generated HTML?? Dunno.

lostinjavascrpt
07-27-2010, 11:49 PM
This is the form code from Safari. This has worked for nearly 7 years, only the latest update caused the problems. I have x'd out a couple of addresses - don't want to advertise! The password is accepted OK it is only the User Name that is being forced to be numeric.


<html>
<head>
<title>WebCart v3.0 - Administration</title>
<link rel="STYLESHEET" type="text/css" href="/secure/includes/admin.css">
<script src="/secure/includes/popUpWins.js" type="text/javascript"></script>

<script language="JavaScript1.1" src="/secure/includes/multiLingFormValidation.js"></script>
<script language="JavaScript1.1">
<!--
function validate(f) {

f.strUsername.alt = "Username";
f.strPassword.alt = "Password";

return verify(f, true, false);
}
//-->
</script>
</head>

<body topmargin=0 leftmargin=0 marginheight=0 marginwidth=0 background="/secure/images/admin/background.gif">
<table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#FFFFFF">
<tr>
<td class="setLeftIndent2">
<a href="http://www.xxxxxxx.ca/index.cfm" target="_blank"><img src="/secure/images/admin/logo.gif" alt="ACDB" vspace="10" border="0"></a>
</td>
</tr>
</table>
<table align="center" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="topBar1">
<td colspan="3"><img src="/secure/images/spacer.gif" width="1" height="3" alt="" border="0"></td>
</tr>
<tr class="topBar2">
<td class="setLeftIndent2"><span class="whiteTextBold">Tuesday, July 27, 2010</span></td>
<td colspan="2"><img src="/secure/images/spacer.gif" alt="" width="1" height="16" border="0"></td>
</tr>
<tr class="topBar3">
<td colspan="3"><img src="/secure/images/spacer.gif" width="1" height="3" alt="" border="0"></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="top" class="leftHandBkgnd" width="200">
<img src="/secure/images/spacer.gif" width="200" height="16" alt="" border="0">
<br>

&nbsp;

</td>
<td class="setMainIndent" width="100%" height="400" valign="top">
<img src="/secure/images/spacer.gif" width="1" height="16" alt="" border="0">
<br>

<table width="250" border="0" cellspacing="0" cellpadding="3">
<form action="index.cfm" method="post" onSubmit="return validate(this);" name="frmLogin">
<input type="hidden" name="fuseaction" value="admin.actVerifyUser">
<tr>
<td colspan="2" class="formHeader">Administration Login</td>
</tr>
<tr>
<td class="formFieldName"><font class="formRequiredFields">* </font><label for="strUsername"><u>U</u>sername</label>:</td>
<td class="formField"><input type="text" name="strUsername" id="strUsername" value="" size="20" maxlength="20" accesskey="U" tabindex="1" onFocus="if (this.value && this.value == 'username') { this.value = ''; } this.select();"></td>
</tr>
<tr>
<td class="formFieldName"><font class="formRequiredFields">* </font><label for="strPassword"><u>P</u>assword</label>:</td>
<td class="formField"><input type="password" name="strPassword" id="strPassword" value="" size="20" maxlength="20" accesskey="P" tabindex="2" onFocus="this.select();"></td>
</tr>
<tr>
<td class="formFooter" nowrap><font class="formRequiredFields">* Required fields</font></td>
<td align="right" class="formFooter"><input type="image" src="/secure/images/admin/login.gif" border="0" tabindex="3"></td>
</tr>
</table>
</form>
<script language="JavaScript">
<!--

alert("The username or password was incorrect. Please try again.");

document.frmLogin.strUsername.focus();
//-->
</script>

<br><br>
</td>
<td width="100%"><img src="/secure/images/spacer.gif" width="1" height="16" alt="" border="0"></td>
</tr>
<tr>
<td width="200" class="leftHandBkgnd"><img src="/secure/images/spacer.gif" width="200" height="16" alt="" border="0"></td>
<td class="setLeftIndent2">Magma webCart v3.0 - <a href="http://xxxxxx.ca/">&copy;2002 Websites@Magma</a><br><br></td>
<td width="100%"><img src="/secure/images/spacer.gif" width="1" height="16" alt="" border="0"></td>
</tr>
</table>
</body>
</html>

Old Pedant
07-28-2010, 12:01 AM
So this form field, right?


<input type="text" name="strUsername" id="strUsername" value="" size="20" maxlength="20"
accesskey="U" tabindex="1" onFocus="if (this.value && this.value == 'username') { this.value = ''; } this.select();">


Here's a funny for you: The reason password works is because of this code:

if ((e.type == "text" || e.type == "textarea")
See that?? It doesn't even *CHECK* for if a password field might need to be numeric! So of course it works.

Do you have any other fields in any pages that use this same validator that *DO* use

numeric="true"
to force numeric validation??

Or some other usage of numeric??? (If so, show me what it is.)

Old Pedant
07-28-2010, 12:18 AM
Oh, what the heck...if we are going to hack it, let's REALLY hack it:


<input type="text" name="strUsername" id="strUsername" value=""
size="20" maxlength="20"
accesskey="U" tabindex="1"
nonumeric="yes"
onfocus="if (this.value && this.value == 'username') { this.value = ''; } this.select();">

and then change that same code section we worked on before to this:


// provide one of the following:
// min=q; if the value is an ID, and you want it > q to be valid..
// max=r; if the value is an ID, and you want it < r to be valid..
var emin = e.min;
if ( emin == null ) emin = e.getAttribute("min");
if ( emin != null ) emin = parseFloat(emin);
var emax = e.max;
if ( emax == null ) emax = e.getAttribute("max");
if ( emax != null ) emax = parseFloat(emax);

enumeric = e.numeric;
if ( enumeric == null ) enumeric = e.getAttribute("numeric");
if ( enumeric != null ) enumeric = true;

enonumeric = e.nonumeric;
if ( enonumeric == null ) enonumeric = e.getAttribute("nonumeric");
if ( enonumeric != null ) enumeric = false;

if ( (e.type == "text" || e.type == "textarea")
&& (enumeric || (emin != null) || (emax != null)) && !isblank(e.value))
{
var v = parseFloat(e.value);
var v2 = e.value.replace(/,/, "");
... etc ...

stuff in red is the added or change code.

lostinjavascrpt
07-28-2010, 05:45 PM
Oh dear! Tried that with the same result, still expects the User Name to be numeric. As far as I can see there are no entries that are specified as numeric only. There are drop down lists for month and year entries, phone number is a set style, no entries seem to be required to have max or min values. However one of my first fix attempts was to comment out the whole of that section, that resulted in a different style of error in a small blue box. Of course I have no idea what I am doing so perhaps I removed too much? I did check the form source code to make sure I was not using an old cached version.

Old Pedant
07-28-2010, 08:17 PM
Are you using this same ".js" file with *OTHER* pages???

If not, let's just fix it to work right with only this page.

If so, clone the file to another ".js" name and then we'll modify the clone and then you'll change this page to use the clone instead of the original.

lostinjavascrpt
07-28-2010, 10:22 PM
As far as I can see this validation file is only used with two pages, the admin login and the customer details entry. I chose to try the simpler of the two to get working first. So yes I can make a clone to work on.

Old Pedant
07-28-2010, 11:02 PM
Okay...back later...might be tomorrow.

Old Pedant
07-30-2010, 01:40 AM
*WHERE* is *THIS* code coming from?????



<script language="JavaScript">
<!--

alert("The username or password was incorrect. Please try again.");

document.frmLogin.strUsername.focus();
//-->
</script>


So long as that is there, you will get that alert message EVERY TIME the page loads!!!

Old Pedant
07-30-2010, 02:01 AM
Okay, changed my mind.

Don't bother cloning that validation code file.

We simply won't use it.

Here's what I came up with for you:


<html>
<head>
<script type="text/javascript">
function validate(form)
{
var ure = /^\w{6,20}$/g;
if ( ! ure.test( form.strUsername.value.replace(/\s/g,"") ) )
{
alert("Your username must be from 6 through 20 characters long,\n"
+ "and may contain only letters, numbers, and underlines.");
return false;
}
var pwd = form.strPassword.value.replace(/^\s+/,"").replace(/\s+$/,"");
if ( ! (/[A-Z]/).test(pwd)
|| ! (/[a-z]/).test(pwd)
|| ! (/\d/).test(pwd)
|| ! (/[^A-Za-z\d]/).test(pwd)
|| pwd.length < 6 )
{
alert("Your password must include at least one upper case letter,\n"
+ " one lower case letter, one digit, one special character,\n"
+ " and be no less than 6 characters long." );
return false;
}
return true;
}
</script>
</head>

Rest of page untouched.

You can see what the alert()s tell you. We can make the conditions more restrictive or less restrictive, as you choose.

lostinjavascrpt
07-30-2010, 05:33 PM
Thank-you, that worked great. I had to fiddle with the allowable characters as they originally did not include special characters. There are calls to the old validation routine to actually change anything in the Admin section, but I did all the changes needed to comply with the new User and Password definitions on another machine running an earlier version of Safari and now at least the newer machine can log in and download information just not change anything. Now I need to get a fuller version working for the customer information (which hopefully will also work in the Admin update area too), as I need to have optional blank fields (like 2nd line of address) and special formats like phone and Email. Thank-you very much for spending so much time helping me out I am very grateful.

rettgoings
07-31-2010, 09:56 PM
Thanks again Old pendent. I was just browsing and you helped me once again. You are very good at explaining errors in code in laymans terms

lostinjavascrpt
08-08-2010, 08:16 PM
Actually the first small change to get the login form working did not really work on my first attempt as I put the script in the wrong place and it was not entered at all! I have got that corrected now.
So all this peaked my interest, and I have waded through javascript tutorials which means I am now totally confused!

The following code gave the error messages repeated for each field name "The field (many different text field names here) must be a number that is greater than and less than." Note that there are no numbers for the e.max and e.min in the error message. I changed the error message to output e.numeric instead of e.min and the result was "The field (many different text field names here) must be a number that is greater than undefined and less than." So I removed e.numeric || from the if statement but the error message was unchanged. I then replaced the (e.min != null) || (e.max != null)) with (e.min != "") || (e.max != ""))

Now everything works in the new Safari version but the previous versions of Safari give error messages "The field (many different text field names here) must be a number."

So it would appear that the new version regards e.min and e.max as text fields while the old version thinks they are numbers? As far as I can see they are never defined at all. So now I need to change this complicated if statement to account for either case which is beyond me! I tried deleting this whole section but that gave more errors - perhaps I deleted too much as I got lost in the { and }.



if ((e.type == "text" || e.type == "textarea") && (e.numeric || (e.min != null) || (e.max != null)) && !isblank(e.value)) {
var v = parseFloat(e.value);
var v2 = e.value.replace(/,/, "");

if ((isNaN(v)) || (isNaN(v2)) || ((e.min != null) && (v < e.min)) || ((e.max != null) && (v > e.max))) {
errors += "- The field " + getDisplay(e) + " must be a number";
errorsf += "- Le champ " + getDisplay(e) + " doit être un nombre";

if (e.min != null) {
errors += " that is greater than " + e.min;
errorsf += " c'est plus grand que " + e.min;
}

if (e.max != null && e.min != null) {
errors += " and less than " + e.max;
errorsf += " et moins que " + e.max;
} else if (e.max != null) {
errors += " that is less than " + e.max;
errorsf += " c'est moins que " + e.max;
}

errors += ".\n";
errorsf += ".\n";
}

}

Philip M
08-08-2010, 09:13 PM
alert("Your password must include at least one upper case letter,\n"
+ " one lower case letter, one digit, one special character,\n"
+ " and be no less than 6 characters long." );


In fact a password with these restrictons is less secure than one which is simply x characters in length, as the number of possible permutations to be cracked by brute force is considerably lower. That assumes that the hacker knows the password policy - which obviously he will if they are included in client-side JavaScript code.

The length of the password is by far the most important factor in security as opposed to the number of possible characters (alpha or alphanumeric or special characters). A 10-character password is very much more than twice as strong as a 5-character password.

So the most secure password is simply 8 (minimum, but preferably 10 or 12) characters without any specified restrictions on upper/lower case, numbers etc.


See also http://www.codingforums.com/showthread.php?t=198400 Post #2

lostinjavascrpt
08-09-2010, 12:01 AM
Thank-you I have changed the alert messages to be a bit vague but anyone looking at the javascript will be able to see the tests.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum