I've been following a guide to make a secure login page ( given I'm a newbie to PHP, and I'm trying to learn it ); they use javascript as a processor after you've clicked "submit" on the register page, and the login page. However, the function seems to be broken. I've edited it, so that the salt is converted to whirlpool, instead of sha512.
Here's the function ( also, the link to the guide: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL )
Function:
function formhash(form, password) {
// Create a new element input, this will be our hashed password field.
var p = document.createElement("input");
// Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = whirlpool(password.value);
// Make sure the plaintext password doesn't get sent.
password.value = "";
// Finally submit the form.
form.submit();
}
function regformhash(form, uid, email, password, conf) {
// Check each field has a value
if (uid.value == '' ||
email.value == '' ||
password.value == '' ||
conf.value == '') {
alert('You must provide all the requested details. Please try again');
return false;
}
// Check the username
re = /^\w+$/;
if(!re.test(form.username.value)) {
alert("Username must contain only letters, numbers and underscores. Please try again");
form.username.focus();
return false;
}
// Check that the password is sufficiently long (min 6 chars)
// The check is duplicated below, but this is included to give more
// specific guidance to the user
if (password.value.length < 6) {
alert('Passwords must be at least 6 characters long. Please try again');
form.password.focus();
return false;
}
// At least one number, one lowercase and one uppercase letter
// At least six characters
var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}/;
if (!re.test(password.value)) {
alert('Passwords must contain at least one number, one lowercase and one uppercase letter. Please try again');
return false;
}
// Check password and confirmation are the same
if (password.value != conf.value) {
alert('Your password and confirmation do not match. Please try again');
form.password.focus();
return false;
}
// Create a new element input, this will be our hashed password field.
var p = document.createElement("input");
// Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = whirlpool(password.value);
// Make sure the plaintext password doesn't get sent.
password.value = "";
conf.value = "";
// Finally submit the form.
form.submit();
return true;
}
Related
Trying to validate username and password but i get an error even when the username and password are correct. I get a TypeError, what I'm I doing wrong? Is the String method I'm using ?
function validateLogin() {
let passwordInput = document.getElementById('password');
let userName = document.getElementById('userName');
event.preventDefault();
// Set errors to an empty array
let errors = [];
// Conditions for password validation
if(passwordInput.length < 8) {
errors.push('Your password must be at least 8 characters long')
}
if(passwordInput.search(/[a-z]/) < 0) {
errors.push('Your password must cotain at least one lowercase letter')
}
if(passwordInput.search(/[A-Z]/) < 0) {
errors.push('Your password must conatin at least one uppercase letter')
}
if(passwordInput.search(/[0-9]/) < 0) {
errors.push('Password must contain at least one number!')
}
if(passwordInput.search(/[\!\#\#\$\%\^\&\*\(\)\_\+\.\,\;\:\-]/) < 0) {
errors.push("Your password must contain at least one special character.")
}
// Login
if (errors.length > 0) {
document.getElementById("errors").innerHTML = errors.join("<br>")
console.log('Error logging in')
return false;
} else if(errors.length < 0 && userName.value){
console.log('Youre logged in!')
}
};
You are getting TypeError on search because search is a function of String, and you are using it in context of element.
All you need to do is to use the value of the passwordInput and it should be fine.
Instead of using:
let passwordInput = document.getElementById('password');
Which is of type element.
You should use:
let passwordInput = document.getElementById('password').value;
Of type String.
Now you should be able to use passwordInput.search because passwordInput is a String and search is a string function.
i have poor eng, Sorry for that.
i'll do my best for my situation.
i've tried to make SignUpForm using regular expression
The issue is that when i handle if statement using the regular expression
result is true at first, but after that, become false. i guess
below is my code(javascript)
$(document).ready(function () {
var idCheck = /^[a-z]+[a-z0-9]{5,19}$/g; // more than 6 words
var pwCheck = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$/; // more than 8 words including at least one number
var emCheck = /^([\w-]+(?:\.[\w-]+)*)#((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/; // valid email check
var signupConfirm = $('#signupConfirm'),
id = $('#id'),
pw = $('#pw'),
repw = $('#repw'),
email =$('#email');
signupConfirm.click(function () {
if(id.val() === '' || pw.val() === '' || email.val() === ''){
$('#signupForm').html('Fill the all blanks');
return false;
} else {
if (idCheck.test(id.val()) !== true) {
$('#signupForm').html('ID has to be more than 6 words');
id.focus();
return false;
} else if (pwCheck.test(pw.val()) !== true) {
$('#signupForm').html('The passwords has to be more than 8 words including at least one number');
pw.focus();
return false;
} else if (repw !== pw) {
$('#signupForm').html('The passwords are not the same.');
pw.empty();
repw.empty();
pw.focus();
return false;
}
if (emCheck.test(email.val()) !== true) {
$('#signupForm').html('Fill a valid email');
email.focus();
return false;
}
}
})
});
after id fill with 6 words in id input, focus has been moved to the password input because the condition is met.
but after i click register button again, focus move back ID input even though ID input fill with 6 words
i've already change regular expression several times. but still like this.
are there Any tips i can solve this issue?
I hope someone could help me.
Thank you. Have a great day
Do not use the global flag on your regexes. Your code should be:
var idCheck = /^[a-z]+[a-z0-9]{5,19}$/;
When you match with the /g flag, your regex will save the state between calls, hence all subsequent matches will also include the previous inputs.
use
var idCheck = /^[a-z]+[a-z0-9]{5,19}$/
removing the g flag
and modify the line
else if (repw.val() !== pw.val()) {
For Example:-
google.com
msn.com
other than .com is not allowed how to wrote the regex?
If you only need to ensure that the string ends with ".com" this regex should work :
^.*\.com$
This is what foundation abide library states regex for validating a domain:
/^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$/
just modified it to only accept .com:
/^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+com$/
var site_path=window.location.origin;
var splitted_path=site_path.split(".");
if(splitted_path[splitted_path.length-1]=="com")
{
// DO IF .COM.
}
else
{
// DO IF ANOTHER.
}
Just split them when . comes and check if the current element is equals to .com for every element Your question answer is the below code:
const validateCom = (str) =>{
let total = ""
let errorMessage = ""
let error = false;
if(str != null && str != ""){
let array = str.split(".")
array.forEach((element=>{
if(element === "com"){
total = "Yes, its .com"
// Type your code if its .com here
}else{
total = "No, its not .com"
// Type your code if its not .com here
}
}))
}else{
error = true;
errorMessage = "Please fill the str perimeter"
return errorMessage
}
return total;
}
// Calling Function
console.log(validateCom("demo.com"));
I'm using the following regex for a password field :
/^(?=.*[a-zA-Z])(?=.*\d)(?=.*[!##$%^&*()_+])[A-Za-z\d][A-Za-z\d!##$%^&*()_+]{7,63}$/
I'd like to enhance it to force atleast one number , one alphabet and one special symbol.
I'm using the following JavaScript code to validate the same :
function validatePassword()
{
var password = document.getElementById('password').value;
var userID = document.getElementById('user_ID').value;
var regexPattern = /^(?=.*[a-zA-Z])(?=.*\d)(?=.*[!##$%^&*()_+])[A-Za-z\d][A-Za-z\d!##$%^&*()_+]{7,63}$/ ;
if(regexPattern.test(password))
{
if(userID === password )
{
$('#status').text( 'User id is same as password . Please choose a more secure password');
return false;
}
else if(password === reverse(userID))
{
$('#status').text( 'Password is reverse of user id . Please choose a more secure password');
return false;
}
else
{
return true;
}
}
else
{
return false;
}
}
How do I do it ?
Thanks.
Instead of using regex you can check like this also.
Just replace
if(regexPattern.test(password))
with
if(regexPattern.test(password) && /[a-zA-Z]/.test(password) && /[0-9]/.test(password) && /[\!\#\#\$\%\^\&\*\(\)\_\+]/.test(password) )
Check string if it is valid password, contain alphabet, number and special character ( if you want more add in range ).
I'm trying to get someone to use a specific email domain of #mail.fhsu.edu. Here is my Validation code.
function validateFHSUEmail(inputField, helpText) {
if (inputField.value.length == 0) {
if (helpText != null) {
helpText.innerHTML = "Please Enter a Value";
}
return false;
} else {
var reg = /^[a-z.]+#mail.fhsu.edu$/;
if (!reg.test(inputField)) {
if (helpText != null) {
helpText.innerHTML = "Please Enter FHSU Email";
}
Am I calling it wrong or what because no matter what it returns false.
You're testing the variable "inputField", which apparently is a reference to a DOM element. You want inputField.value in the test.
edit Note the comment wherein it's pointed out that your regex should use \. for the periods in the domain name.
If you want valid email and specific domain try this regex:
/^(([^<>()\[\]\.,;:\s#\"]+(\.[^<>()\[\]\.,;:\s#\"]+)*)|(\".+\"))#domain.com$/