0

I have this chunk of code:

<form action="register.php" method="post">
     Email: <input type="text" name="email" /><br />
     Username: <input type="text" name="username" /><br />
     Password: <input type="password" name="p" id="password" /><br />
     <input type="button" value="Register" onclick="formhash(this.form, this.form.password);"   />
 </form>

As you can see, when the button is clicked, a function gets called which encrypts the password. My problem is that I can't check if the user even wrote anything in the password field because the encryption encrypts the password before I can check it. I usually check it like this:

<?php if (empty($_POST['password'])) {
echo "You forgot to fill the password field.";
}

But the password field is filled no matter what, because of the encryption. I need something that can check if the password field is empty before the button where the password gets encrypted is pressed... Any ideas?

owwyess
  • 175
  • 16

2 Answers2

3

One way to confirm that something has been typed is to use the HTML5 required attribute in the password field like this

<input type="password" name="yourname" id="yourid" required />

This always confirms that something has been typed in the password field. May be this helps.

Try out this:

<html>
<head>
<title>Form validation test</title>
<script type="text/javascript">
function validateAndEncrypt()
{
var email = document.getElementById("email");
var name  = document.getElementById("name");
var pass  = document.getElementById("password");
//if you want to validate the password only check the value of password field only
if(email.value== "" || name.value == "" || pass.value== "")
{
    alert("One of the fields is empty the script cannot continue.")
    return false;
}
else
{
    // you can encrypt your password here
    alert("Everyting is fine, now we can proceed further");
    return true;
}
}
//if you want to check the password field before hitting the button
function checkPassword()
{
var pass  = document.getElementById("password");
if(pass.value=="")
{
    alert("The password field is empty");
    return false;
}
return true;
}
</script>
</head>
<body>
<form action="register.php" method="post">
 Email: <input type="text" name="email" id="email" /><br />
 Username: <input type="text" name="username" id="name"/><br />
 Password: <input type="password" name="password" id="password" onblur="return checkPassword();"required /><br />
 <input type="submit" value="Register" onclick="return validateAndEncrypt();"   />
 </form>
 </body>
 </html>
nurakantech
  • 502
  • 4
  • 14
  • Yeah good suggestion, I have thought of that myself as well. Though I have heard rumors that this does not work in the browser Safari and IE 9>. So what happens if someone with Safari uses my registration form, will they then be able to make a password containing 0 characters? Because that shouldn't be possible in any way. :( – owwyess Sep 28 '13 at 18:03
  • yes, you are right. why dont you use some form validation and then call the hashing function. something like validate the form inside a function and then call the hashing function from within the validating function. or you can use server side encryption like md5 or sha2 to encrypt your password. – nurakantech Sep 28 '13 at 18:13
  • Hmm, can I validate the password field before its sent to the server if I make a php function and call it within the
    ?
     – owwyess Sep 28 '13 at 18:43
  • see the answer above, i am sure this will help you. – nurakantech Sep 28 '13 at 20:07
  • That's really great! I am going to try it tomorrow, it's getting late here, I can come with a response tomorrow. – owwyess Sep 29 '13 at 00:32
  • There's still one problem, when it's made in JS, everybody can hack it since its client side. I have tried calling a function that runs ajax with PHP. Maybe that'll fix the problem, I just can't seem to run the PHP before it runs the JS. – owwyess Sep 29 '13 at 11:09
  • Your concept of running ajax with PHP is a better option. But i dont understand for what purpose you want to run PHP before running JS. Obviously, you want to call ajax function after validating the form, don't you? – nurakantech Sep 29 '13 at 13:52
  • Because if I run the JS before the PHP, the password will be encrypted and then I can't make a check if the password field is empty because it gets a large value when encrypted. So I have to check if the password field contains any characters before the encryption. – owwyess Sep 29 '13 at 13:57
  • see the validateAndEncrypt() function. I think you can encrypt the password after validating the form. The function there checks if the input fields contain any character or not. If they contain at least one character, then you can encrypt your data. Look, what you want to do is check if the input field contains any character or not, the above functions work well, it depends on you whether you will call these functions before encryption or after it. – nurakantech Sep 29 '13 at 14:23
0

So, you can't hash your password dynamically, it's just when the total password is entered.

You can use .submit to send your form just when hash is finished

document.forms[form_name].submit()
Donovan Charpin
  • 3,567
  • 22
  • 30
  • Does this let me validate the form before it gets hashed? I mean, if I want to check that the password field is not empty, and it contains less than 30 characters, then it has to be validated before its hashed. Else it will be way longer than 30 characters? – owwyess Sep 28 '13 at 18:00