0

I'm writing a "change password" form but I'm not too good with javascript and I need a bit of help :)

This is my current function:

function changeformhash(form, currentpwd, password, conf) {
    // Check each field has a value
    if (currentpwd.value    == ''   ||
        password.value      == ''   ||
        conf.value          == '') {

        alert('¡Debes proporcionar todos los datos solicitados!');
        form.currentpwd.focus();
        return false;
    }

    // Check that the current password is sufficiently long (min 6 chars)
    // The check is duplicated below, but this is included to give more
    // specific guidance to the user
    if (currentpwd.value.length < 6) {

        alert('Tu contraseña actual debe contener, como mínimo, 6 carácteres. Por favor, intentalo de nuevo.');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

    // At least one number, one lowercase and one uppercase letter
    // At least six characters

    re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}/;
    if (!re.test(currentpwd.value)) {

        alert('Tu contraseña actual debe contener, como mínimo, 1 númnero y 1 letra mayúscula y minúscula. Por favor, intentalo de nuevo.');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

    // Check that the new password does not match with the current password
    // and is sufficiently long (min 6 chars)
    // The check is duplicated below, but this is included to give more
    // specific guidance to the user
    if (password.value == currentpwd.value) {

        alert('¡No puedes usar la misma contraseña!');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

    if (password.value.length < 6) {

        alert('La contraseña debe contener, como mínimo, 6 carácteres. Por favor, intentalo de nuevo.');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

    // At least one number, one lowercase and one uppercase letter
    // At least six characters

    var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}/;
    if (!re.test(password.value)) {

        alert('La contraseña debe contener, como mínimo, 1 númnero y 1 letra mayúscula y minúscula. Por favor, intentalo de nuevo.');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

    // Check password and confirmation are the same
    if (password.value != conf.value) {

        alert('¡Las contraseñas no coinciden!');
        currentpwd.value    = "";
        password.value      = "";
        conf.value          = "";
        form.currentpwd.focus();
        return false;
    }

     // Create a new element input, this will be our hashed current password field.
    var currentp = document.createElement("input");

    // Add the new element to our form.
    form.appendChild(p);
    p.name = "currentp";
    p.type = "hidden";
    p.value = hex_sha512(currentpwd.value);

    // Create a new element input, this will be our hashed password field.
    var p = document.createElement("input");

    // Add the new element to our form.
    form.appendChild(p);
    p.name = "p";
    p.type = "hidden";
    p.value = hex_sha512(password.value);

    // Make sure the plaintext password doesn't get sent.
    currentpwd.value    = "";
    password.value      = "";
    conf.value          = "";

    // Finally submit the form.
    form.submit();
    return true;
}

But first I'd like to ask one question, for the user safety and comfort: If there's no any security problems, can I leave the current password field filled if the checks for the new password fails? I know, from first hand, that writing the passwords over and over again because some typo... can be really annoying :)

I'd also like to, apart from check same password, check for similar password, while checking the new and current password, how can I do that?

Actually if all checks pass, nothing happens, the css hover style freezes:

This is what I'm getting in firefox console: TypeError: Argument 1 of Node.appendChild is not an object.

I'm actually using input type="button" because submit will send even if javascript returns false, so... how can I use input type="submit" and prevent sending if returns false?

Thanks in advance!

Chazy Chaz
  • 1,781
  • 3
  • 29
  • 48
  • For answering your question on checking for similar password, you will have to mention how you're storing older passwords in the database? How is it encrypted and persisted?....For your question on security, I personally feel this should not be a problem as long as its on the same page and you're not transferring the data over an unsecure connection. TO answer the last question, yes you can use the submit button for this task. You will need to create a handler on the submit event and can return false at the end so that the form is not submitted. – Pawan Oct 04 '14 at 09:52
  • Google for your last question or you can refer - http://stackoverflow.com/questions/1357118/event-preventdefault-vs-return-false ...... Also I would personally prefer using jQuery or javascript for all such tasks, but thats just personal choice. – Pawan Oct 04 '14 at 09:53
  • Also, have you considered using – Pawan Oct 04 '14 at 10:02
  • Thanks for the answers, I'll immediately take a look at that, I want to finish this as soon as possible. I already fixed the new element input, embarrasing error :P Hmmm what input type="hidden" does? If automatically activates the input "button" that's what I'm looking for, something like submit (you can press enter instead of clicking). – Chazy Chaz Oct 04 '14 at 13:56
  • The passwords are stored using hex_sha512 and salt. – Chazy Chaz Oct 04 '14 at 14:14

0 Answers0