Creating URL from form fields in javascript - javascript

So, i'm really new to HTML and javascript, and I want to take values from a form and process them with a script. I have a couple of fields including username, password, and two confirm password fields in HTML. With javascript I want to collect the username, and check if the password field is filled out. If it is, I want to make var ispass equal to 'yespass' or 'nopass'. When I submit the form, I want to go the url http://www.example.com?un=username&pass=yespass (or nopass).
Javascript:
<script language="javascript" type="text/javascript">
function processFormData(){
var user = document.getElementById('username').value;
var pass = document.getElementById('password').value;
var ispass;
if (pass.length > 0){
ispass = "yespass";
}else{
ispass = "nopass";
}
return "http://www.example.com?un=" + user + "&pw=" + ispass;
</script>
HTML:
<form onsubmit="window.location.href=processFormData();">
Please enter your current e-mail address and password below.<br><br>
<input type="text" id="username" placeholder="E-mail Address"><br><br>
<input type="password" id="oldpassword" placeholder="Old Password"><br><br><br>
Please type your new password below:<br><br>
<input type="password" id="newpassword1" placeholder="New Password"><br><br>
<input type="password" id="newpassword2" placeholder="Confirm New Password"><br><br>
<input type="submit" id="gobutton" value="Reset Password"/>
</form>
I cannot figure out a proper way to do this, because this does not seem to be working at all. Any suggestions or recommendations?

You could pull this off with a hidden form field and an onchange event:
<input type="hidden" id="ispass" value="no" onchange="checkPass(this);" />
This input would go in your form. Then on your password field, add an onchange handler:
function checkPass(input) {
document.getElementById("ispass").value = "yes"
};
Also, if you set the method on your form, submitting the form can generate the url based on the form inputs:
<form method='get' action='...' />
Here's a jsfiddle that demonstrates the result.
Also, if you're new to javascript, you may want to look into a library like jQuery to simplify some of your interaction with the page. It's really easy to learn, and there's a great community around it to help with any problems you might run into.
HTH,
Aaron

Related

How to turn off autosaving password popup in each browser using Vuejs

Literally, I want to turn off password saving popup in the browser.
Many answers said that use autoComplete. But I think autoComplete doesnt' work anymore.
I want to know the recent technic for this problem.
Could you recommend some advice for this?
Thank you so much for reading it.
Here's how I do it
On submit:
Save the password from the input field
Clear the password input field
Set the input field to type="text"
handle the form submission using AJAX
This works 100% - but is a little fiddly - though, easy enough
here's how you could handle a bit easier than I described - given you aren't doing any AJAX in your login
<form action="/login" method="post" name="loginform">
<input type="text" name="username" />
<input type="password" name="input_password" />
<input type="hidden" name="password" />
<input type="submit" value="login" />
</form>
document.forms.loginform.addEventListener('submit', function() {
const {
input_password,
password
} = this.elements;
password.value = input_password.value;
input_password.value = '';
input_password.type = 'text';
});
If your login already does some AJAX, then the principal is the same, but you won't need a hidden field
it's not something you can do in your own code, it's a browser behavior, You can only achieve this by changing your browser settings. disable browser password manager
If you want to do it in your code, I think you can try something like, do not give your input element attributes name, id, type common value - do not name them as password, email, etc, to cheat the browser build-in password saving feature.

Check $_POST data with jquery before submitting the form

I have a form that sends the store the First Name of the user in a database. I was checking the information send by the user using regex in php.
To make my project more interactive, I decided to validate the information jQuery before sending it to PHP.
My Project looks like this:
<script type="text/javascript" src="jquery-2.2.3.min.js"></script>
<script src="http://code.jquery.com/ui/1.9.1/jquery-ui.js" type="text/javascript"></script>
<body>
<form >
<div>
<label>First Name</label>
<input name="firstname" type="text">
</div>
<div>
<input type="submit">
</div>
</form>
</body>
</html>
<script>
$(document).ready(function() {
$("form").submit(function (e) {
var firstname = $(this).find('input[name="firstname"]').val();
var regex = /^[A-Za-z0-9 \-']+$/;//Only numbers, Letters, dashes, apostrophes and spaces are accepted
if(regex.test(firstname)){
alert('Valid Name.');
}else{
alert('Invalid Name.');
e.PreventDefault();
}
});
});
</script>
Now I have 2 questions:
Is it really need to check the First Name in PHP again before storing the data in the database ? (To improve security)
How can I submit the form right after the alert('Valid Name.'); ?
Thanks for providing your help.
First of all have in mind that the validation of users input is implementing at the server side of an application only!!! You can not validate input data at client side with JS because it can be passed very easy(either by disabling javascript or by using tools like Curl).
However you can increase user experience like validate an input before submitting the form or inform the user that forgot to fill in an input.
To inform the user about a not fill in input you can just use the new html 5 attribute required like above
Username: <input type="text" name="usrname" required>
the required attribute will not let the user submit the form unless he had filled the associated input.
Also you can use the maxlength attribute to address a use case like "A password must have X max letters.
Password: <input type="password" name="pass" maxlength="8" size="8"><br>
How to validate input at server side
There are many techniques for this and you can find all of them here at Stackoverflow. Ι will refer the top voted post How can I prevent SQL injection in PHP? which answer exactly your question.
Just two bullets that compact the above post that i suggest you read otherwise
Always escape your data
Use mysqli instead of mysql
How can I submit the form right after the alert('Valid Name.'); ?
this is very easy just use this code
<form action="action_page.php" method="post">
<div>
<label>First Name</label>
<input name="firstname" type="text">
</div>
<div>
<input type="submit">
</div>
</form>
the above code will "send" user's input for process at action_page.php using POST method, where you can read using $_POST supergloba table like $firstname = $_POST['fistsname'] etc.
TRY This
<script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.15.0/jquery.validate.js" ></script>
<script type="text/javascript" src="jquery-2.2.3.min.js"></script>
<script src="http://code.jquery.com/ui/1.9.1/jquery-ui.js" type="text/javascript"></script>
<body>
<form >
<div>
<label>First Name</label>
<input name="firstname" id="first_name" type="text">
</div>
<div>
<input type="submit">
</div>
</form>
</body>
</html>
<script>
jQuery.validator.addMethod("firstName",function(value,element,param)
{
if(this.optional(element))
{//This is not a 'required' element and the input is empty
return true;
}
if(/^[A-Za-z0-9 \-']+$/.test(value))
{
return true;
}
return false;
},"Please enter a valid First Name");
$(function()
{
$('#myform').validate(
{
rules:
{
first_name:{ required:true, firstName:true }
}
});
});
</script>
Firstly you should ALWAYS validate server side for form submission, especially if you are passing those value along to a DB - SQL injection, the struggle is real.
As for the form submission flow you can...
return true
... after the valid name alert and the form to submit as it normally would.
Since you already have bound to that submit event, It would be even better for the user if you submitted the form via ajax, and providing feedback if the server validation fails. Thus the user never leaves the page and you are able to handle both client and server validation.
Take a look at ParsleyJS - http://parsleyjs.org/ - w00t!

I am trying to make a nocatsplash page- it uses HTML code to check a password and redirect visitors if a correct password is entered

I currently have a working code that just allows users through once they click a button to accept terms. I would like to integrate a password field and accept button that would only allow someone through if the password is correct.
Here is my current working code with the simple button:
Agree to Connect:
<br>
<br>
<form method="post" id="login" action="http://10.0.0.1:5280/">
<input type="hidden" name="accept_terms" value="yes">
<input type="hidden" name="redirect" value="http://www.anderson1216.com/wifi-success.html">
<input type="hidden" name="mode_login">
<input type="submit" value="Accept Terms of Use and Connect">
</form>
<br>
//agreement text here
<br>
<br>
We thank you for your understanding and cooperation.
<br>
<br>
<form method="post" id="login" action="http://10.0.0.1:5280/">
<input type="hidden" name="accept_terms" value="yes">
<input type="hidden" name="redirect" value="http://www.anderson1216.com/wifi-success.html">
<input type="hidden" name="mode_login">
<input type="submit" value="Accept Terms of Use and Connect">
</form>
this is a simple password form that I found:
<head>
<script type="text/javascript">
function isValid(){
var password = document.getElementById('password').value;
if (password == "password123")
{alert('Correct!')
else
{alert('Wrong Password')}
}
</script>
</head>
<form name="PasswordField" action="">
Password:
<input type="password" id="password" name="password">
<input type="button" value="Log in" onclick="isValid();">
</form>
In order for the code to work, the first statement from the first block of code needs to be included somewhere to tell the router that the person accepted, then I want it to redirect to another website after they click the button. No alert is needed for a correct password, just the incorrect ones. Any suggestions?
I would SERIOUSLY advise not having the password listed in the js!! This is able to be seen by anyone looking at the source code. You need to implement a more secure password system with a hashed and salted password held in a secure database and checked via an AJAX call or PHP.
It looks like you are wanting to put this on a home router, possibly as a landing page? If you can elaborate a bit more I might be able to provide more help.
If you are trying to prevent someone from accessing the site unless they have know a secret password, then this is not the way to go about it. You would want to authenticate the user on the server side, not the client side, because anyone with limited knowledge of JavaScript can spoof authentication on the client side using the developer console.
If, however, you are just wanting to make certain that a human is agreeing to the terms of the agreement by entering in an arbitrary known password, then this method is fine.
I would agree with gavrig above to hash and salt them for safety.
But if i got your question right, here's a fiddle i put together to solve it. I've mixed jquery and javascript intentionally.
Agree to Connect:
<br>
<br>
//agreement text here
<br>
<br>
We thank you for your understanding and cooperation.
<br>
<br>
<form method="post" id="login" action="http://10.0.0.1:5280/">
<input type="password" id="password" name="password">
<input type="hidden" name="accept_terms" value="yes">
<input type="hidden" name="redirect" value="http://www.anderson1216.com/wifi-success.html">
<input type="hidden" name="mode_login">
<input type="submit" value="Accept Terms of Use and Connect">
</form>
$('form').on('submit', function(e){
e.preventDefault();
var password = document.getElementById('password').value;
if (password == "password123")
{
this.submit();
}
else
{
alert('Wrong Password');
}
});
https://jsfiddle.net/tL7qcc5n/2/
NoCatSplash does not support authentication. Any user could simply bypass your authentication by manually posting to http://10.0.0.1:5280/
If you are serious about authentication, you should use another method, such as using a Radius server. This could even be installed on the router itself, given that it has good enough hardware to support it.

Two textfield validation using JavaScript

I am building a registration form. I have two fields where a user can enter his email (one for email, the second is re-enter email). I am trying to validate the two fields to confirm they match. What I have done is that when a user moves to the password field, the onfocus will call the validate function and check if the two fields match. If there is an error, the error will display in another textfield. The problem is that the code is not working!!
Here is the code:
<html>
<head>
<script>
var fieldalias="Email address field"
function verify(element1, element2){
var passed=false
if (element1.value==''){
document.f1.emailerror.value='Fill out the first email field';
element1.focus()
}
else if (element2.value==''){
document.f1.emailerror.value='Fill out the second email field';
element2.focus()
}
else if (element1.value!=element2.value){
document.f1.emailerror.value='The two emails are not matching';
element1.select()
}
else
passed=true
return passed
}
</script>
</head>
<body>
<p>Username: <br/>
<input class="tb10" type="text" name="username" />
</p><br/>
<p>Email: <br/>
<input class="tb10" type="text" name="email1" />
</p>
<p>Re-Enter Email: <br/>
<input class="tb10" type="text" name="email2" />
<input id="emerror" type="text" readonly name="emailerror"/>
</p><br/>
<p>Password: <br/>
<input class="tb10" type="password" name="password1" onfocus="verify(this.email1,this.email2)";/>
</p>
</body>
</html>
There are a few problems. The first is in the way you call your function:
onfocus="verify(this.email1,this.email2)";
this will be the field that that event belongs to, i.e., the one getting focus, so it doesn't have email1 and email2 properties. (Note also you don't need a semicolon outside the quotes.)
Secondly, within your function you say:
document.f1.emailerror
But there is no f1 form in your html.
If you add a form element around your fields, give it the name f1, and update your inline onfocus as follows then it will work:
onfocus="verify(document.f1.email1,document.f1.email2)"
Demo: http://jsfiddle.net/jJ3YT/
Note: I don't really endorse the approach you've taken here - if it were me, I'd put the validation on blur out of both email fields, but only to display the message, not to force focus back into the first field. Then when the form is actually submitted if there is still a problem then maybe I'd force focus back to the problem field. But anyway for what you're trying to do you're almost there...

Change post form

I have simple login form in my website. In given requirements stands, that password mustn't been sent to server, but only MD5 hash. I took simple MD5 function and now, when with onClick on submit button I change hidden text from password to md5(password). This works fine, but user sees, that something with his password is happening. I would like to make it transparent and change this particular part of form dynamically with onPost (or smth like this) callback.
I can't find any tutorials how to deal with manipulating POST table/form in javascript (jquery?) so if anyone could help I would appreciate.
As far as I know input fields that don't have name don't get submitted to the server. So you could have a hidden field and in the onsubmit event of the form copy the value of the password field into the hidden field by applying the MD5 checksum:
<form method="post" action="/login">
<input type="password" id="password" />
<input type="hidden" name="password" id="hiddenpassword" />
<input type="submit" value="Login" />
</form>
and then:
$('form').submit(function() {
var password = $('#password').val();
var md5 = MD5(password);
$('#hiddenpassword').val(md5);
return true;
});

Categories