Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: What is wrong!?

  1. #1
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts

    What is wrong!?

    I get the 'Invalid' confirmation but not the 'Valid' one... WHY?
    It works when I plug in this instead though... if (user.length < 5)

    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Form Validation</title>
    </head>
    
    <body>
    <script type="text/javascript">
    	function checkForm()
    	{
    		var user = document.getElementById('user').value;
    		
    		if (user != "turgeon"){
    			alert("Invalid Username");
    			return false;
    		}
    		else{
    			return true;
    		}
    	}
    	
    	function checkUser() {
    		var user = document.getElementById('user').value;
    		var element = document.getElementById('labelUser');
    		
    		if(user != "turgeon"){
    			element.innerHTML = "Invalid Username";
    			element.style.color = "red";
    		}
    		else{
    			element.innerHTML = "Valid Username";
    			element.style.color = "green";			
    		}
    	
    	}
    
    </script>
    	<form onsubmit="return checkForm();">
    		<input type="text" id="user" onblur="checkUser();" />
    		<label id="labelUser"></label>
    		<input type="submit" value="submit" />
    		
    
    	
    	</form>
    </body>
    
    </html>

  • #2
    Regular Coder
    Join Date
    Aug 2010
    Posts
    966
    Thanks
    19
    Thanked 211 Times in 209 Posts
    Quote Originally Posted by TheApprentice View Post
    I get the 'Invalid' confirmation but not the 'Valid' one... WHY?
    Because it submits when valid, refreshing the page.

  • #3
    Senior Coder
    Join Date
    Dec 2010
    Posts
    2,396
    Thanks
    12
    Thanked 569 Times in 562 Posts
    Sometimes you'll have to strip off unwanted characters like white spaces to make sure that you compare what you want to compare:
    Code:
    function trim(mytext) {
       return mytext.replace(/^\s+|\s+$/,'');
    }
    
    ...
    
    if (trim(whatever) != 'whatelse') {
       ...
    }

  • #4
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts
    O, I now understand. it records the 'enter key' as a character. If you just CLICK on the submit button it works just as expected. Thanks!
    Last edited by TheApprentice; 12-23-2010 at 07:21 PM. Reason: mistake

  • #5
    New Coder
    Join Date
    Aug 2010
    Posts
    39
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Now, here's another challenge...

    I would like to use this program to take in a password from users so to let them access my site or not.

    I am concerned with 2 things:

    1) Users being able to navigate through my site folders to find the file which containes the password. Even if my .js file is aprt from the html code, they can get the path of my file from the html page and then enter it in the browser window to get the source code and hence the password.

    2) Users bypassing the password page through a google search which would allow them to access certain pages of my website directly.

    Any EASY workaround that for a newbie programmer?
    Last edited by TheApprentice; 12-23-2010 at 07:21 PM. Reason: mistake

  • #6
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,910
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Quote Originally Posted by TheApprentice View Post

    1) Users being able to navigate through my site folders to find the file which containes the password. Even if my .js file is aprt from the html code, they can get the path of my file from the html page and then enter it in the browser window to get the source code and hence the password.

    2) Users bypassing the password page through a google search which would allow them to access certain pages of my website directly.

    Any EASY workaround that for a newbie programmer?
    No. Javascript is inherently insecure, and any password is visible to the user with View Source.
    You can obfuscate the password a little, but of course any user familiar with Javascript can very quickly unravel it.

    Code:
    var password = "70617373776f7264"
    var result = "";
    for (var i=0;i<password.length;i=i+2) {result=result+'%'+password.substr(i,2);}
    var pwd = unescape(result);
    alert (pwd); // password
    You can block users from navigating direct to your web pages with a session cookie which is set on the password page. If the cookie does not exist access is denied. You will need to use <noscript> to block those with Javascript disabled.
    Last edited by Philip M; 12-23-2010 at 08:02 PM.

  • #7
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,155
    Thanks
    75
    Thanked 4,338 Times in 4,304 Posts
    Which is another way of saying: "Don't do it." If you want password protection on a site, do it with server-side code. NOT with client-side code.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #8
    Regular Coder
    Join Date
    Aug 2010
    Posts
    966
    Thanks
    19
    Thanked 211 Times in 209 Posts
    Quote Originally Posted by TheApprentice View Post
    O, I now understand. it records the 'enter key' as a character.
    Wrong.
    Change this line ...

    <form onsubmit="return checkForm();">

    to this ...

    <form onsubmit="alert(document.getElementById('user').value.length);return checkForm();">

    type in turgeon and hit enter, you will see that the value is 7 chars long,
    the enter key was not added to the value of the textbox.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •