/******************************* * Title: Data Validation & Filtering Functions * Author: VFD * Date: 07-Jul-2007 * Project: RepHunter * Purpose: Provide validation routines for error checking * and filtering routines for error prevention and guards * against SQL injection and other attacks * * Adapted from text_proc written by DJ *******************************/ function ValidNotEmpty(value) { if (value != undefined && value.length > 0) { return true; } return false; } function ValidString(value, min, max) { // if string length is less than the minimum if (min != undefined && typeof min == 'number' && value.length < min) { return false; } // or string length is greater than the maximum if (max != undefined && typeof max == 'number' && value.length > max) { return false; } return true; } function ValidNumber(value, min, max) { // if it's not numeric if (isNaN(value)) { return false; } // or less than the minimum value if (min != undefined && typeof min == 'number' && value < min) { return false; } // or greater than the maximum value if (max != undefined && typeof max == 'number' && value > max) { return false; } return true; } function ValidEmailFormat(email) { if (typeof email != 'string') { return false; } // things not allowed in an email address if (email.match(/(@.*@)|(\.\.)|(@\.)|(^\.)/)) { return false; } // how an email address should be formatted if (!email.match(/^[^()<>@,;: "\[\]\\]+\@(\[?)[a-z0-9\-\.]+\.([a-z]{2,4}|[0-9]{1,3})(\]?)/i)) { return false; } return true; } function ValidEmailHost(strEmail) { var ignoreWarnings = false; var request = { url: 'valid-email-host.php', content: { email: strEmail }, handleAs: 'text', sync: true, load: function(response, io) { if (response != 'valid') { ignoreWarnings = confirm("Our server cannot verify the validity of this email address.\nNot all valid email addresses can be verified by our server.\nA functioning email account is required to make use of services from RepHunter, Inc.\nPlease verify that the address you provided can receive mail.\n\nClick Cancel to check the address you provided for typos.\nClick OK if you wish to ignore this message and continue your registration."); } else { ignoreWarnings = true; } }, error: function(response, io) { console.dir(type,errObg); } }; dojo.xhrPost(request); return ignoreWarnings; } function ValidURL(url) { if (typeof url != 'string') { return false; } if (!url.match(/^((ht|f)tp:\/\/)?((([a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*(\.[a-zA-Z]{2,4}))|(([0-9]{1,3}\.){3}([0-9]{1,3})))((\/|\?)[a-zA-Z0-9~#%&'_\+=:\?\.-]*)*)/i)) { return false; } return true; } function ValidReEntry(form, valueField, checkField) { if (valueField == undefined || checkField == undefined) { return false; } var valueEntry = form.elements[valueField].value; var checkEntry = form.elements[checkField].value; if (valueEntry == undefined || checkEntry == undefined) { return false; } if (!(valueEntry.length > 0 && checkEntry.length > 0)) { return false; } if (valueEntry != checkEntry) { return false; } return true; } function ValidPasswordSafety(form, password) { if (typeof password != 'string') { return false; } var companyname = form.elements['companyname'].value; var fname = form.elements['fname'].value; var lname = form.elements['lname'].value; var email = form.elements['email1'].value; var unsafe = new Array( 'pass', 'password', 'secret', 'test', 'lock', 'locked', 'secure', 'safe', companyname.toLowerCase(), fname.toLowerCase(), lname.toLowerCase(), email.toLowerCase() ); // on the list of unsafe passwords if (ValidEnum(password.toLowerCase(), unsafe)) { return false; } // made of all the same character if (/^(.)(\1)*$/.test(password)) { return false; } // contains proper mixture of char types, at least one of each type if (!( /[A-Z]/.test(password) && /[a-z]/.test(password) && /[0-9]/.test(password) )) { return false; } return true; }