Email Validation in Javascript based upon domain look up - javascript

I know this question has been posted many times. But still i would like to inquire a little more. I have used a function
function validateEmail(elementValue){
var emailPattern = /^[a-zA-Z0-9._-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}$/;
return emailPattern.test(elementValue);
}
It works fine. But my problem is that it allows 123#123.com as a valid email. So i want to check the domain also like checkdnsrr() does in php. Can i do it in javascript? I want to check for valid domain also.

It looks like there is no other solution than using AJAX to do this.
You do a request on your server with JS, the server checks the DNS using checkdnsrr(), and it responds with whatever you want, it will allow your JS to handle the validation depending on this.

Why don't you do it in php? That will be much easier than making an ajax call.

On the same code that you have Provided
function validateEmail(elementValue){
var emailPattern = /^[a-zA-Z0-9._-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}$/;
return emailPattern.test(elementValue);
}
Change it in this manner and it will validate 123#123.com Checking that the Domain can not be #123.com
function validateEmail(elementValue){
var emailPattern = /^[a-zA-Z0-9._-]+#[a-zA-Z-]+\.[a-zA-Z]{2,3}$/;
return emailPattern.test(elementValue);
}

Related

Bots are bypasing my script for blocking emails

I currently have a script for blocking non-business email addresses on my website form (Marketo) yet bots are still finding a way to bypass it. Today I got another "gmail" and "hotmail.fr" submission. Whenever I test my form it works but the bots are finding a way to bypass the script. I have also tried the honeypot method but it has not worked. They are also submitting with two-letter names, the past month has been really bad and I am desperate for help, I am not very good in JS so any help would be very much appreciated.
This is my script:
(function (){
// Please include the email domains you would like to block in this list
var invalidDomains = ["#gmail.","#yahoo.","#hotmail.","#live.","#aol.","#outlook.","#icloud.","#zoho.","#hubspot.","#gmx.","#yandex.","#mail.","#email.","#tutanota.","#trashmail.","#lycos.","#tutanota.","#protonmail."];
MktoForms2.whenReady(function (form){
form.onValidate(function(){
var email = form.vals().Email;
if(email){
if(!isEmailGood(email)) {
form.submitable(false);
var emailElem = form.getFormElem().find("#Email");
form.showErrorMessage("Must be Business email.", emailElem);
}else{
form.submitable(true);
}
}
});
});
function isEmailGood(email) {
for(var i=0; i < invalidDomains.length; i++) {
var domain = invalidDomains[i];
if (email.indexOf(domain) != -1) {
return false;
}
}
return true;
}
})();
</script>```
Some bots when they run, they don't even execute the JavaScript on the page. They just take the fields, find the post request the form is submitting, and submit the fields to them with pre-defined values. Thus, ignoring your validation completely.
So now the solution would be checking the post request values on the backend. Some people use the fact that some bots are dumb, and they include a honeypot field in their fields. They mark it hidden with CSS on the frontend, but again, some bots are dumb, and they will fill it out regardless and send it in the post request. Now you can have your sever throw that out right away.

Regex URL validation for angularjs

I'm trying to create validation for URL which will accept the following cases
with HTTP or https or without, with www or without, with subpages or without
http://website.com
https://website.com
http://website.com/
http://www.website.com
website.com
http://website.com/page/id/sdf
I tried the following, but it did not cover all cases above
$scope.urlPattern = '^(([a-z]+[.])?[a-z0-9-]+([.][a-z]{1,4}){1,2}(/.*[?].*)?$'
$scope.urlPattern = '^((https?|ftp)://)?([a-z]+[.])?[a-z0-9-]+([.][a-z]{1,4}){1,2}(/.*[?].*)?$'
I do not have permission to add a comment, So I am editing for my answer only. Below link has all type of URL validation, hope it will help you:
All type URL validation link
If you just want to validate the url, you don't really need to concern the 'www' condition (since it is included in other condition)
Something simple can be done like this:
'^(https?:\/\/)*[a-z0-9-]+(\.[a-z0-9-]+)+(\/[a-z0-9-]+)*\/?$'
JSFiddle:
https://jsfiddle.net/q0d69jq3/2/
var result = url.match(/(http(s)?://.)?(www.)?[-a-zA-Z0-9#:%.+~#=]{2,256}.[a-z]{2,6}\b([-a-zA-Z0-9#:%+.~#?&//=]*)/g);
if (result == null) {
return false;
}
return true;
};

Simple MEAN Stack issue

I have a express route;
router.get('/uni/:queryst', function (req, res) {
var choice = req.params.queryst);}
Where basically I use the queryst value from the URL to use it to query something in my database. On the front end, I need to have an input field where the user types the choice and hits submit and then it translates to something like /uni/valuehere on the browser and sending GET to express where it gets caught by the router I wrote above. I don't know how can I make the input field of HTML turn into a URL of the format /uni/valuehere .
As for testing the code initially I was directly typing the URL manually with the value I intended to verify to check if the data passed. Well, users are not going to type URL's directly to search, they will need a form and that is what I can't get my head around to how to turn the input field into a URL in a format /uni/WhateverTheUserHasTypedInTheFieldShouldAppearHere
Thanks in advance for the help. I am self learning the MEAN stack and have come a long way. I need support of experienced developers as I am currently stuck here.
While sending the request write (in controller):
$http.get('/uni/'+queryst).success(function(response){
// Write code using response
});
While on the server side write:
$http.get('/uni/:queryst',function(req,res){
var choice= req.params.queryst
// Code ....
});

What does this script do? Is it malicious?

so I received an obvious phising email today with this js code in it:
<script type="text/javascript" language="Javascript1.1">
<!-- Begin
var bCancel = false;
function validateRegistrationDetails(form) {
hmrc.portal.clearFieldValidationErrors(form);
if (bCancel) {
return true;
} else {
var registrationDetailsPageMessage = new String("<p>ERROR: This page contains one or more errors. See details below.</p>")
var formValidationResult;
formValidationResult = validateRequired(form) & validateMask(form) & validateIdenticalEmailAddresses(form);
if (!formValidationResult){
var formName=form.name;
var ele=document.getElementById('pageError.registrationDetails');
if(ele){
ele.innerHTML = registrationDetailsPageMessage;
ele.style.display = ''; }
}
return (formValidationResult == 1);
}
}
function registrationDetails_required () {
this.a0 = new Array("selectedServices", "<p>ERROR: Please select at least one online service.</p>", new Function ("varName", " return this[varName];"));
}
function registrationDetails_mask () {
}
function registrationDetails_identicalEmailAddresses () {
}
//End -->
</script>
Is it malicious in anyway, what exactly does it do with the form data. I am not that versed in vanilla javascript. Any explanation would be helpful.
Thanks
In all likelihood, whoever sent you this simply lifted a section of HTML and inline JavaScript from the site they were trying to pretend to be. A few lines in the code such as:
hmrc.portal.clearFieldValidationErrors(form);
suggest that they were trying to be HMRC, with the rest of the code being simple validation of the information being entered; I'm going to guess that the content was taken from the 'Registration' section of that site
So you've already established that it's a phishing email.
Typically phishing emails try to make themselves look legitimate by copying large chunks of code from the original website that they're trying to pretend to be (ie your bank's site or whatever). They'll then alter that code so that it sends the relevant data to the phisher rather than to the bank. They may also add fields that weren't in the original, such as asking for your PIN, etc.
However, the main point here is that the bulk of the original code is generally retained, in order to maintain the look and feel of the original site.
Therefore the chances are that the code you're seeing has actually been copied by the phishers from the original site.
There's nothing explicitly malicious about this code in itself -- it has a lot of badly written code, but it isn't trying to do anything wrong in this code.
Where the problem lies for the phishers here is that Javascript code is blocked by most email clients; ie regardless of its intent, the chances are that that this code won't actually work in your mail client.
But I would guess that the phishers have just taken the original form wholesale from the website and dumped it into an email without bothering to take out any javascript that might have been embedded in it.
So the short answer is: Don't worry about this code in particular, but please do delete the email.
As far as I can see, there's nothing malicious with it, unless some script has been included outside of this script itself.

javascript form checking and encrypted passwords

I have a simple form where users can change their passwords, and I am using an onsubmit event to check the form which generally works fine, except when I try to stop them using a password already in use.
The passwords are stored in a database and are encrypted. What I need to do is compare the encrypted password with the new password, which is not yet encrypted. The encryption I am using is:
<%
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
%>
and I run encrypt(Username,Password) which gives me a output like ¬{±ÝÆÝl
The onsubmit code I am using is
function checkData (){
if (document.signup.password1.value != document.signup.password2.value) {
alert("Your passwords do not match.")
document.signup.password1.focus()
return false
}
if (document.signup.password1.value == "") {
alert("Please enter a password.")
document.signup.password1.focus()
return false
}
}
This all works fine and I am just stuck on the last bit which is the old password check.
I have tried various things like
if (encrypt(document.signup.password1.value,emailaddress) == "value from database"){
alert("The password chosen is already in use.")
document.signup.password1.focus()
return false
}
My main question is: can I call the ASP function encrypt into my javascript checkData? As I am beginning to think this is where the problem is, I am wondering if I am wasting my time and feel that there is no way of doing this. I know I can submit the form to the next page and do the check there but I really wanted to do it this way if I can.
You can not directly invoke ASP (or any other server side language's) functions from JavaScript. That being said, there is a widely used technology called AJAX, which allows you to execute asynchronous JavaScript requests to your server side application. They're called asynchronous, because you do not submit/reload the entire page, but you execute a piece of JavaScript which invokes a server side functionality and returns the result, thus letting you update your page without having to reload it.
In your case, you'd want to implement an AJAX request which asks your if a certain password entered by a user is already in use, and the server will simply return a boolean, which you'd evaluate on the JavaScript side and update your page accordingly.
I'm very certain that there are tons of tutorials and explanations on how to use AJAX requests with ASP (which I am unfamiliar with), and providing such an explanation would certainly be out of what can be provided here. Please consult Google :)

Categories