www.webdeveloper.com
Results 1 to 7 of 7

Thread: Validation in Javascript

  1. #1
    Join Date
    Dec 2013
    Posts
    1

    Exclamation Validation in Javascript

    Hello, i am new for this developer forum ,i have a problem for my program,i am a begginer for website developement ,so i have faced many problems ,my Q.is i have a design a website to login system ...so my problem is form validation
    .plz help me my validation program...to my login system

  2. #2
    Join Date
    May 2006
    Location
    Somewhere behind your screen
    Posts
    1,648
    try searching this forum (top right corner) may be you'll find some useful info
    xxx: Guess Buddhist riddle: "What is the sound of one hand clapping?"
    yyy: facepalm

  3. #3
    Join Date
    Mar 2012
    Posts
    202
    I strongly recommend that you stray away from creating your own login systems if you're only a beginner. There's too much involved. I have over 10 years of experience in web development and I can safely say it's not easy to create a secure login system. You have to worry about databases (like SQL), hashes (and salts), SSL, cookie hijacking, forgotten passwords (and thus SMTP), value escaping (to prevent XSS and SQL or other vulnerabilities), possibly encryption, and finally form validation to make sure everything runs smoothly without ugly error messages. If you can get away with it, I'd recommend you use either Facebook or Google's authentication system. It will probably be much easier on you and on the end users.

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,216
    Ummm, things are a-change-in Gray...

    mysqli and PDO are more secure than the older and soon to be phased out support for the mysql() function.

    So creating a secure login will now be limited to checking the inputs for PHP or code that is designed to break the script itself.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  5. #5
    Join Date
    Mar 2012
    Posts
    202
    Quote Originally Posted by \\.\ View Post
    So creating a secure login will now be limited to checking the inputs for PHP or code that is designed to break the script itself.
    That's what I meant. Beginners don't usually know enough about the technologies that they're using and end up making huge security flaws. Even seasoned programmers seem to make these mistakes. I seen a question pop up the other day where this guy was asking if he should somehow try to protect the contents of his cookie even though it didn't contain any "sensitive" user information. When I found out the single piece of information it contained was the username it made me instantly facepalm. I don't think he even had a clue. Beginners should be experimenting with the technologies and learning little by little, not creating complex applications where security is potentially a big issue. Once a person knows enough about the technologies to create something like a secure custom authentication system then they're no longer considered a beginner. That's my opinion anyways.

  6. #6
    Join Date
    Dec 2013
    Posts
    63
    The topic of this thread is "Validation in Javascript" so...

    You can use e.g. regular expressions for validating user input.

    For example:
    Code:
    var usernameRegExp = /^[a-z0-9._-]{6,40}$/i;
    var usernameValue = ... // value from input control
        if (!usernameRegExp.test(usernameValue)) {
            alert('Bad username!');
    }
    You can google 'regular expressions' to read more, there are a lot of examples of different expressions for any kind of input type (emails, phones, vat numbers etc.)

    But always remember: you must make validation on the server! 'Bad people' can send any kind of data to your server skipping your javascript validation. Javascript validation is good for your user. He knows quickly if he entered bad data (without page reloading). Before storing user input into database you have to validate it in your php script (or other server-side script).

    If you use html5 there is 'required' attribute for input fields and all modern browsers don't allow to submit form if fields with this attribute are empty. There are also new input types (like email) which are supported by modern browsers. They can make some part of validation for you, but it's also only validation in web browser, don't forget about validation on your server.

  7. #7
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,216
    Quote Originally Posted by Gray1989 View Post
    That's what I meant. Beginners don't usually know enough about the technologies that they're using and end up making huge security flaws. Even seasoned programmers seem to make these mistakes. I seen a question pop up the other day where this guy was asking if he should somehow try to protect the contents of his cookie even though it didn't contain any "sensitive" user information. When I found out the single piece of information it contained was the username it made me instantly facepalm. I don't think he even had a clue. Beginners should be experimenting with the technologies and learning little by little, not creating complex applications where security is potentially a big issue. Once a person knows enough about the technologies to create something like a secure custom authentication system then they're no longer considered a beginner. That's my opinion anyways.
    When I explain to people about security of webservers, these people generally have no understanding of the many ways in which a web server can be compromised.

    It is best to view your webserver much like an upmarket department store with nice shiny glitzy windows, glass doors and a doorman who also acts like a security guard.

    whilst some brute forced attempts will go straight for a smash and grab on your windows, others will apply a more sophisticated approach to access by disguising themselves as well healed clients (valid users or a low key approach) and they often fool the door man by looking the part and get access to your department store because they have managed to fool your front door security.

    Beyond the door man, most department stores (servers) have little in the way of security, department stores apply additional security (store security) which interrogates the incoming clients.

    Web servers generally don't apply any kind of security to data leaving the server beyond the login, it is assumed that the user is valid and has been vetted by store security and the door man. You can have data leave by two methods, the front door like hot linking to content on your server or via the back door in wholesale fashion through a hack from poor security.

    Your back door security is up to the store owner to secure with passwords that are strong.

    Hot linking can be thwarted easily if you apply a similar principle to the data request and if the user is logged in to the server (in the store and not window shopping with a brick)

    Hacking attempts can be thwarted by applying a strategy to your login pages that results in a system that is simple yet effective and just because someone is in your store does not mean that their intentions are honorable, even upmarket clients can be devious and underhand.

    Cookies are easily exploitable and the first port of call for a browser hack or malware. The way I get people to visualize this is in a very painful manner by commenting that "You wouldn't put your tackle in a door jar and slam it shut would you?"

    Using JavaScript to control your login and provide security is just doing that. JavaScript provides no security, it can be turned off by the user and thus circumnavigate any security measure implemented. You can use it where you want to limit input data to specific like postal / zip codes or telephone numbers and that a field has an email address or that a field contains only text. This however can be curcumvented as perviously explained. Any security needs to be dealt with on the server.

    Server security is only as good as the programmer and like you state, even seasoned programmers fall flat on their faces sometimes.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles