Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Help with validating a string

    My first time trying to modify a javascript and i'm struggling.
    The code below checks that a field has been filled out, but I'd like it to validate the existence of a particular string within that field. Its to be used as a friendlier version of captcha.

    I've toyed with the X== sections, but this is far too complex for my old brain.
    Could anyone spare me 5 minutes and point me in the right direction please.

    <script>
    function validateForm()
    {
    var x=document.forms["myForm"]["answer"].value;
    if (x==null || x=="")
    {
    alert("Answer must be filled out");
    return false;
    }
    }
    </script>
    </head>


    <body>
    <form name="myForm" action="demo_form.asp" onsubmit="return validateForm()" method="post">
    Answer: <input type="text" name="answer">
    <input type="submit" value="Submit">
    </form>
    Last edited by kingyman; 03-14-2013 at 10:03 AM. Reason: typo

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,907
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Here you are:-

    Code:
    <script type = "text/javascript">
    
    function validateForm() {
    var x = document.forms["myForm"]["answer"].value;  // correct answer is the word "myword"
    if (x.length == 0) {
    alert ("Answer must be filled out");
    return false;
    }
    
    if (/^(myword)$/i.test(x)) {  // i switch makes it case insensitive
    alert ("You have entered the right word");
    }
    else {
    alert ("Sorry - wrong word was entered - please try again");
    document.forms["myForm"]["answer"].value = "";  // clear the field
    document.forms["myForm"]["answer"].focus();  // and refocus on it
    return false;
    }
    
    </script>
    A form field cannot be null.

    These days it obsolete and deprecated to assign a name to a form. Prefer to use an id instead. alerts are also considered obsolete and are used here simply for testing/demonstration purposes. You should use DOM methods to display a message to the user.

    I am assuming that you want the answer to be 'myword' and nothing but - not embedded as in 'hello myword' for example. It would have helped if you had indicated what you meant by "a specific string".

    You should be aware that anyone can bypass your "captcha" simply by disabling Javascript in the browser Naturally spammers do that, or do not use your form at all.
    You must validate on the server as well. JavaScript form validation only provides convenience for users, not security. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, or calculates the cost of purchases, the validation must also be performed server-side, and not just on the client.




    “If liberty means anything at all, it means the right to tell people what they do not want to hear.” - George Orwell, English novelist and journalist, 1903-1950.
    Last edited by Philip M; 03-14-2013 at 10:34 AM. Reason: Noticed typo

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #3
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Unhappy

    Quote Originally Posted by Philip M View Post
    Here you are:-

    Code:
    <script type = "text/javascript">
    
    function validateForm() {
    var x = document.forms["myForm"]["answer"].value;  // correct answer is the word "myword"
    if (x.length == 0) {
    alert ("Answer must be filled out");
    return false;
    }
    
    if (/^(myword)$/i.test(x)) {  // i switch makes it case insensitive
    alert ("You have entered the right word");
    }
    else {
    alert ("Sorry - wrong word was entered - please try again");
    document.forms["myForm"]["answer"].value = "";  // clear the field
    document.forms["myForm"]["answer"].focus();  // and refocus on it
    return false;
    }
    
    </script>
    A form field cannot be null.

    These days it obsolete and deprecated to assign a name to a form. Prefer to use an id instead. alerts are also considered obsolete and are used here simply for testing/demonstration purposes. You should use DOM methods to display a message to the user.

    I am assuming that you want the answer to be 'myword' and nothing but - not embedded as in 'hello myword' for example. It would have helped if you had indicated what you meant by "a specific string".

    You should be aware that anyone can bypass your "captcha" simply by disabling Javascript in the browser Naturally spammers do that, or do not use your form at all.
    You must validate on the server as well. JavaScript form validation only provides convenience for users, not security. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, or calculates the cost of purchases, the validation must also be performed server-side, and not just on the client.




    “If liberty means anything at all, it means the right to tell people what they do not want to hear.” - George Orwell, English novelist and journalist, 1903-1950.

    So now I'm even more confused.
    We have a customer contact form on one of our web sites, where we've been receiving a number of customer contact details, but it's rubbish information.
    We had 300 one day last week, so this can't be a human trying, it had to be a bot. I was hoping my trying to introduce a simple challenge, this would defeat the bot ??
    No one likes Captcha, so I was going to put something along the lines. "please enter the last word of this phrase, in to the box below" and then have the word "below" as the validator.

    Incidentally, the code seems to be throwing me an error on line 21??

  • #4
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    found a missing }

  • #5
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I installed the script, it worked flawlessly on my PC, but bypassed it when uploaded online. So i'm guessing i too have bypassed it without even trying.

    Need to think up a plan B

    Thanks Phillip

  • #6
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,907
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Sorry about the typo - as you say a missing }

    The bot almost certainly does not use your form, but a cached version of it. You must validate on the server.
    Have a look at

    http://www.kirsle.net/doc/submitter.html

    which shows how to use hidden trap fields.
    Last edited by Philip M; 03-14-2013 at 01:03 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #7
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,292
    Thanks
    10
    Thanked 583 Times in 564 Posts
    having js set a hidden field to the date is pretty effective for being non-intrusive. Yes, people's device clocks can be off by a bit, but if you accept anything within 25 hours, bots using an old cached form will almost certainly get rejected.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/5/28) IE7:0.1, IE8:5.3, IE11:8.4, IE9:3.2, IE10:3.2, FF:18.2, CH:46, SF:7.9, NON-MOUSE:32%

  • #8
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Just looking at trying to validate this using the PHP script.

  • #9
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Just a crazy thought.
    If they are using a cached copy of the form, would renaming the PHP file, or changing the email address it sends to, slow them down any. ?
    At the moment, i've changed the extension of the php rendering it useless.

    the hidden traps thing makes interesting reading, although I wouldn't know how to implement this in the PHP file.
    I've put a call on the PHP side of the forum to see if anyone can help me with Philips 'magic word' field
    Last edited by kingyman; 03-15-2013 at 01:45 PM.

  • #10
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,907
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Quote Originally Posted by kingyman View Post
    If they are using a cached copy of the form, would renaming the PHP file, or changing the email address it sends to, slow them down any. ?
    Yes, for an hour or two

    You could try obfuscating the form action and using Javascript to make it readable again.

    Code:
    <script type = "text/javascript">
    
    function OnSubmitForm() {
    var newAction = "psa.mrof_omed"; 
    newAction = newAction.split("").reverse().join("");
    alert (newAction);  // for testing
    document.myform.action = newAction;
    return true;
    }
    </script>
    
    
    <form name="myform" action = "nowhere.php" onsubmit="return OnSubmitForm();">
    <input type = "submit" name = "submitButton" value = "Submit">
    </form>
    But one more time - it is essential that you validate your form's contents on the server.

    But I hope that you are not trying to send your form to an email address using mailto:. That is long obsolete, and extremely unreliable.
    Last edited by Philip M; 03-15-2013 at 02:02 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #11
    New Coder
    Join Date
    Mar 2013
    Posts
    15
    Thanks
    1
    Thanked 0 Times in 0 Posts
    edited as i found my own answer
    Last edited by kingyman; 03-15-2013 at 04:41 PM.

  • #12
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,907
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Quote Originally Posted by kingyman View Post
    edited as i found my own answer
    And that was? You have been given help - so share your solution with others.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •