help with javascript validation

@jonok73Mar 14.2010

Can someone please help me and tell me why this doesn’t work

[CODE] <?php session_start(); ?> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <?php $didithit = $_SESSION[‘didithit’]; echo $didithit ?>

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ /> <title>Register</title> <script type=”text/javascript”> var didithit = “<?= $didithit ?>”; <!–

function return checkscript()

{

didithit==1) { alert(‘Thank you’); return true; }

else didithit==2) { alert(‘**** you’); return false; }

else { alert(‘****’); return false; } }

//–> </script>

</head>

<body>

<form name=’Register’form action=”controls/register/adduser.php” method=”post” onsubmit=”return checkscript()”> <p>Enter a username and password to register.<br /> <table width=”409″ border=”0″> <tr> <td width=”130″>Username</td> <td width=”8″>:</td> <td width=”249″><input type=”text” name=”username” /></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input type=”password” name=”password” /></td> </tr> <tr> <td>Confirm Password</td> <td>:</td> <td><input type=”password” name=”password2″/></td> </tr> <tr> <td>Email Address</td> <td>:</td> <td><input type=”text” name=”email” /></td> </tr> <tr> <td> </td> <td> </td>

</tr> </table> <br /><br />

<input type=”submit” name=”submit” value=”Register” /> <p> <p><br /> <br />

</form>

</body> </html> [/CODE]

Thanks in advance

to post a comment

JavaScript

38 Comments(s) _↴

@jonok73authorMar 14.2010 — #I actually forgot to mention the actual problem, which is the form submits everytime without fail no matter what the $didithit variable is

@votterMar 15.2010 — #Are you meaning to do this?

[CODE]
 
   function return checkscript()
 
 
   {
 
 
   if (didithit==1)
   {
   alert('Thank you');
   return true;
   }
 
   else
   if (didithit==2)
   {
   alert('**** you');
   return false;
   }
 
 
   else
   {
   alert('****');
   return false;
   }
   }
 
 [/CODE]

@jonok73authorMar 15.2010 — #ermm yea that could actually be my problem lol, ill check it now and let you know

Thanks

@jonok73authorMar 15.2010 — #mmmm its still not displaying the errors for some reason :S

@votterMar 15.2010 — #And try changing this: [CODE] var didithit = "<?= $didithit ?>"; to var didithit = "<?php $didithit ?>"; [/CODE]

@jonok73authorMar 15.2010 — #thanks a lot

@jonok73authorMar 15.2010 — #Another part that may come in handy for doing that is the php file which is creating the session didithit.

[CODE]
 <?php session_start() ?>
 <html>
 <head>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <table width="200" border="1">
 <tr>
 <td><p><a href="javascript:history.go(0)"><img src="refresh_button.png" width="42" height="48" alt="Click here for a new CAPTCHA" /></a></p>
 <p><a href="FlashCap.php"><img src="yes_flash.png" width="49" height="50" alt="Click here for the draggable/flash CAPTCHA" /></a></p></td>
 <td><form method="post" action="">
 (Enter the 3 black symbols in the text box)<br>
 <img src="captcha.php" alt="captcha image"><input type="text" name="captcha" size="3" maxlength="3">
 
 <input type="submit" value="Submit">
 
 </form>
 <?php
 if(isset($_POST["captcha"]))
 if($_SESSION["captcha"]==$_POST["captcha"])
 {
 
 
  echo 'CAPTHCA is valid you are human';
  $_SESSION['didithit']='1';
 
 print("<script language = 'javascript'>window.location = 'register.php';</script>");
 }
 else
 {
 echo 'CAPTHCA is not valid please try again';
 $_SESSION['didithit']='2';
 
 }
 ?></td>
 </tr>
 <tr>
 </tr>
 </table>
 </body>
 </html>
 
 [/CODE]

Thanks again

@jonok73authorMar 15.2010 — #mmm still aint working after changing the var part

@votterMar 15.2010 — #For that php file, do the echo's ever appear when doing the bot check?

and another thing, put a semi colon(? here: <?php session_start(); ?>

@jonok73authorMar 15.2010 — #yea they do once the captcha has been filled out its blank before that, you want me to paste the captcha.php code here so you can test it?

@votterMar 15.2010 — #Sure.

@jonok73authorMar 15.2010 — #

[CODE]
 <?php
 session_start();
 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
 header("Cache-Control: no-store, no-cache, must-revalidate"); 
 header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache"); 
 
 function _generateRandom($length=6)
 {
 $_rand_src = array(
 array(48,57) //digits
 , array(97,122) //lowercase chars
 //		, array(65,90) //uppercase chars
 );
 srand ((double) microtime() * 1000000);
 $random_string = "";
 for($i=0;$i<$length;$i++){
 $i1=rand(0,sizeof($_rand_src)-1);
 $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1]));
 }
 return $random_string;
 }
 
 $im = @imagecreatefromjpeg("captcha.jpg"); 
 $rand = _generateRandom(3);
 $_SESSION['captcha'] = $rand;
 ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0));
 $rand = _generateRandom(3);
 ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0));
 Header ('Content-type: image/jpeg');
 imagejpeg($im,NULL,100);
 ImageDestroy($im);
 ?>[/CODE]

There ya go, I uploaded the image that you need here
[CODE]http://yfrog.com/12captchaaej[/CODE] you will have to rename that to captcha

Thanks

@votterMar 15.2010 — #hmm, I just now thought of this, must have missed it reading over the first post. The form action points to controls/register/adduser.php. Is that the actual file name, or is that going to a different file?

@jonok73authorMar 15.2010 — #thats a different file where it submits the values from the register form to a database

@votterMar 15.2010 — #Well, I'll update this post as I find problems:

put a ; after you echo the $didithit or just get rid of that completely.

change the <?= to <?php if you haven't already

change the function return checkscript() to just checkscript()

var didithit = "<?php echo $didithit; ?>"; ///// Is how that should be as far as I know

And then we come to the actual problem with this process. Once you enter the captcha right and it redirects you to the register page, the session $_SESSION['ditithit'] is equal to 1. Thus even if you submit the form without entering any data, it will still be processed because it sees this session is 1, because you previously passed the botcheck and stored it as 1, thus it get's processed.

Does that make sense to you?

@jonok73authorMar 15.2010 — #Yea I understand, is there another way I could do this? Do you think you could fix this for me please?

Thanks again

@votterMar 15.2010 — #Yes, I'll fix it for you tomorrow.

@jonok73authorMar 15.2010 — #Your the best, thanks man

@votterMar 15.2010 — #Instead of using javascript to validate it, I'm going to use PHP, because users can turn off javascript.

So here goes:

You can remove the onsubmit="checkscript()" part, and that function.

Then on the add user file that this will submit to, you can do something like:

[CODE]
 <?php
 
 session_start();
 
 $didithit = $_SESSION['didithit'];
 
 $UserName = $_POST['username'];
 $UserName = mysql_real_escape_string($UserName);
 $PassWord = $_POST['password'];
 $PassWord = mysql_real_escape_string($PassWord);
 $ConfirmPass = $_POST['password2'];
 $ConfirmPass = mysql_real_escape_string($ConfirmPass);
 $Email = $_POST['email'];
 $Email = mysql_real_escape_string($Email);
 
 
 if (isset($_POST['submit'])) {
 
 if ($didithit == 1) {
 if (empty($UserName) or empty($PassWord) or empty($ConfirmPass) or empty($Email)) {
 echo 'Please fill out all fields';
 }
 else if ($PassWord != $ConfirmPass) {
 echo 'Your Passwords do not match';
 } else {
 // insert user into database here
 }
 } 
 }
 ?>
 [/CODE]

And you could also add in a check to make sure they are using the right format for an email address. You can google for by typing in something like: php email check. If you need help with this, feel free to post again if you can't get it to work if you try it. Hope that helps.

@jonok73authorMar 15.2010 — #Thanks again man youve been a great help. Ill try it later tonight.

Thanks again

@votterMar 15.2010 — #No problem. ?

@jonok73authorMar 16.2010 — #hey man just a quick ques, ive implemented that code you gave me but I keep getting a syntax error with it and I havn't got a clue whats wrong with it. any chance you can take a look?

Thanks

[CODE]
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>Register</title>
 </head>
 
 <body>
 <?php
 
 session_start();
 
 $didithit = $_SESSION['didithit'];
 
 $UserName = $_POST['username'];
 $UserName = mysql_real_escape_string($UserName);
 $PassWord = $_POST['password'];
 $PassWord = mysql_real_escape_string($PassWord);
 $ConfirmPass = $_POST['password2'];
 $ConfirmPass = mysql_real_escape_string($ConfirmPass);
 $Email = $_POST['email'];
 $Email = mysql_real_escape_string($Email);
 
 
 if (isset($_POST['submit'])) {
 
 if ($didithit == 1) {
 if (empty($UserName) or empty($PassWord) or empty($ConfirmPass) or empty($Email)) {
 echo 'Please fill out all fields';
 }
 else if ($PassWord != $ConfirmPass) {
 echo 'Your Passwords do not match';
 } else {
 // insert user into database here
 $con = mysql_connect("localhost","","");
 if (!con)
 {
 die('Could not connect: ' . mysql_error());
 }
 mysql_select_db("crptfox_foxcms", $con);
 
 $sql="INSERT INTO users (username, password, email)
 VALUES
 ('$_POST[username]','$_POST[password]','$_POST[email]')";
 
 if (!mysql_query($sql,$con))
 {
 die('Error: ' . mysql_error());
 }
 echo "User Added.";
 
 mysql_close($con)
 }
 ?>
 
 </body>
 </html>
 
 
 
 [/CODE]

@votterMar 16.2010 — #('$_POST[username]','$_POST[password]','$_POST[email]')";

Try changing that to:

('$UserName','$PassWord','$Email')";

Also, you might not want to post your mysql connect password and user, just a tip. hehe.

Also, if you get an error again, please post the error. Thanks. ?

@jonok73authorMar 16.2010 — #cheers

mmmm still getting an error :S

Parse error: syntax error, unexpected '}' adduser.php on line 53

@votterMar 16.2010 — #

[CODE]
 mysql_close($con);
 }
 }
 }
 [/CODE]

Is how that last part should be.

@jonok73authorMar 16.2010 — #mmmmm still an error lol heres the updated code

[CODE]
 <?php
 session_start();
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>Register</title>
 </head>
 
 <body>
 <?php
 $didithit = $_SESSION['didithit'];
 
 $UserName = $_POST['username'];
 $UserName = mysql_real_escape_string($UserName);
 $PassWord = $_POST['password'];
 $PassWord = mysql_real_escape_string($PassWord);
 $ConfirmPass = $_POST['password2'];
 $ConfirmPass = mysql_real_escape_string($ConfirmPass);
 $Email = $_POST['email'];
 $Email = mysql_real_escape_string($Email);
 
 
 if (isset($_POST['submit'])) {
 
 if ($didithit == 1) {
 if (empty($UserName) or empty($PassWord) or empty($ConfirmPass) or empty($Email)) {
 echo 'Please fill out all fields';
 }
 else if ($PassWord != $ConfirmPass) {
 echo 'Your Passwords do not match';
 } else {
 // insert user into database here
 $con = mysql_connect("localhost","","");
 if (!con)
 {
 die('Could not connect: ' . mysql_error());
 }
 mysql_select_db("", $con);
 
 $sql="INSERT INTO users (username, password, email)
 VALUES
 ('$UserName','$PassWord','$Email')";
 
 if (!mysql_query($sql,$con))
 {
 die('Error: ' . mysql_error());
 }
 echo "User Added.";
 
 mysql_close($con)
 }
 }
 }
 ?>
 
 </body>
 </html>
 
 
 
 [/CODE]

Thanks man

@votterMar 16.2010 — #What's the error this time? lol

@jonok73authorMar 16.2010 — #Parse error: syntax error, unexpected '}' adduser.php on line 53

?

@votterMar 16.2010 — #you forgot a ; after closing the db connection. ?

@jonok73authorMar 16.2010 — #whey they we are its working now, thanks soo much for all the help

@votterMar 16.2010 — #Your welcome. Glad I could help. ?

@jonok73authorMar 16.2010 — #Hey man sorry to be a pain again

Ive encountered another error now using this script

[CODE]
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '*****'@'localhost' (using password: *****) in /home/*****/public_html/adduser.php on line 16
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established inadduser.php on line 16
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'j*****'@'localhost' (using password: *****) in adduser.php on line 18
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in adduser.php on line 18
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '*****'@'localhost' (using password: *****) in adduser.php on line 20
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in adduser.php on line 20
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '*****'@'localhost' (using password: *****) in adduser.php on line 22
 
 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established inadduser.php on line 22
 Please fill out all fields 
 
 [/CODE]

Any reason why its doing this?

Cheers

@votterMar 16.2010 — #Most likely your db connect user/pass ect is not correct. Did you make sure to put that info in?

@jonok73authorMar 16.2010 — #yea mmmm i checked it twice as well :S

@jonok73authorMar 16.2010 — #wierd if i get rid of the "function.mysql-real-escape-string" the errors dont happen anymore.

@votterMar 16.2010 — #You must have a database connection before using the mysql_real_escape_string. That's probably your problem.

@jonok73authorMar 16.2010 — #Hah got it, all working now thanks again

@votterMar 16.2010 — #lol, anytime.

Also in #JavaScript _↴

Javascript arrays image banner Noob trying to get a contact form to work

Success!

Help @jonok73 spread the word by sharing this article on Twitter...

Tweet This

help with javascript validation

38 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

help with javascript validation

38 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

38 Comments(s) _↴

Also in #JavaScript _↴