Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: What is wrong!?

  1. #1
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts

    What is wrong!?

    I get the 'Invalid' confirmation but not the 'Valid' one... WHY?
    It works when I plug in this instead though... if (user.length < 5)

    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Form Validation</title>
    </head>
    
    <body>
    <script type="text/javascript">
    	function checkForm()
    	{
    		var user = document.getElementById('user').value;
    		
    		if (user != "turgeon"){
    			alert("Invalid Username");
    			return false;
    		}
    		else{
    			return true;
    		}
    	}
    	
    	function checkUser() {
    		var user = document.getElementById('user').value;
    		var element = document.getElementById('labelUser');
    		
    		if(user != "turgeon"){
    			element.innerHTML = "Invalid Username";
    			element.style.color = "red";
    		}
    		else{
    			element.innerHTML = "Valid Username";
    			element.style.color = "green";			
    		}
    	
    	}
    
    </script>
    	<form onsubmit="return checkForm();">
    		<input type="text" id="user" onblur="checkUser();" />
    		<label id="labelUser"></label>
    		<input type="submit" value="submit" />
    		
    
    	
    	</form>
    </body>
    
    </html>

  • #2
    Regular Coder
    Join Date
    Aug 2010
    Posts
    945
    Thanks
    19
    Thanked 205 Times in 203 Posts
    Quote Originally Posted by TheApprentice View Post
    I get the 'Invalid' confirmation but not the 'Valid' one... WHY?
    Because it submits when valid, refreshing the page.

  • #3
    Senior Coder
    Join Date
    Dec 2010
    Posts
    2,355
    Thanks
    11
    Thanked 558 Times in 551 Posts
    Sometimes you'll have to strip off unwanted characters like white spaces to make sure that you compare what you want to compare:
    Code:
    function trim(mytext) {
       return mytext.replace(/^\s+|\s+$/,'');
    }
    
    ...
    
    if (trim(whatever) != 'whatelse') {
       ...
    }

  • #4
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts
    O, I now understand. it records the 'enter key' as a character. If you just CLICK on the submit button it works just as expected. Thanks!
    Last edited by TheApprentice; 12-23-2010 at 07:21 PM. Reason: mistake

  • #5
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Now, here's another challenge...

    I would like to use this program to take in a password from users so to let them access my site or not.

    I am concerned with 2 things:

    1) Users being able to navigate through my site folders to find the file which containes the password. Even if my .js file is aprt from the html code, they can get the path of my file from the html page and then enter it in the browser window to get the source code and hence the password.

    2) Users bypassing the password page through a google search which would allow them to access certain pages of my website directly.

    Any EASY workaround that for a newbie programmer?
    Last edited by TheApprentice; 12-23-2010 at 07:21 PM. Reason: mistake

  • #6
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,730
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Quote Originally Posted by TheApprentice View Post

    1) Users being able to navigate through my site folders to find the file which containes the password. Even if my .js file is aprt from the html code, they can get the path of my file from the html page and then enter it in the browser window to get the source code and hence the password.

    2) Users bypassing the password page through a google search which would allow them to access certain pages of my website directly.

    Any EASY workaround that for a newbie programmer?
    No. Javascript is inherently insecure, and any password is visible to the user with View Source.
    You can obfuscate the password a little, but of course any user familiar with Javascript can very quickly unravel it.

    Code:
    var password = "70617373776f7264"
    var result = "";
    for (var i=0;i<password.length;i=i+2) {result=result+'%'+password.substr(i,2);}
    var pwd = unescape(result);
    alert (pwd); // password
    You can block users from navigating direct to your web pages with a session cookie which is set on the password page. If the cookie does not exist access is denied. You will need to use <noscript> to block those with Javascript disabled.
    Last edited by Philip M; 12-23-2010 at 08:02 PM.

  • #7
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Which is another way of saying: "Don't do it." If you want password protection on a site, do it with server-side code. NOT with client-side code.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #8
    Regular Coder
    Join Date
    Aug 2010
    Posts
    945
    Thanks
    19
    Thanked 205 Times in 203 Posts
    Quote Originally Posted by TheApprentice View Post
    O, I now understand. it records the 'enter key' as a character.
    Wrong.
    Change this line ...

    <form onsubmit="return checkForm();">

    to this ...

    <form onsubmit="alert(document.getElementById('user').value.length);return checkForm();">

    type in turgeon and hit enter, you will see that the value is 7 chars long,
    the enter key was not added to the value of the textbox.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •