// validate new user function validNewUser(button_holder) { // declare fields and variables var firstName = document.getElementById("firstName"); // required var lastName = document.getElementById("lastName"); // required var email = document.getElementById("email"); // required var phone = document.getElementById("phone"); // optional var company = document.getElementById("company"); // optional var refererSpec = document.getElementById("refererSpec"); // optional var requiredValid = 0; var optionalValid = 0; // check required fields requiredValid = checkField(firstName, requiredValid, true); requiredValid = checkField(lastName, requiredValid, true); requiredValid = checkField(email, requiredValid, true); // check valid mail address if (email.value.length > 0) { var validMail = new RegExp(".+@.+\\.[a-z]+"); if (!email.value.match(validMail)) { email.style.border = "solid 1px blue"; requiredValid += 5; } } // check optional fields optionalValid = checkField(phone, optionalValid, false); optionalValid = checkField(company, optionalValid, false); optionalValid = checkField(refererSpec, optionalValid, false); if (requiredValid == 0) { // required fields ok if (optionalValid == 0) { document.getElementById('submit_holder').style.visibility = "hidden"; return true; } else alert("Fields marked with blue may contain unautorized content\nTry removing sign characters and press submit."); } else { // required fields not ok if (requiredValid > 4) alert("Red fileds: required fields, must be filled.\n\nBlue fields: may contain unautorized content, try removing sign characters like ' -- = < >.\nIt is recommended to enter only letter and number characters.\n\nPlease fix the problems and press submit."); else alert("Fields marked with red are required.\nPlease fill them and press submit."); } return false; } // validate feedback form function validateFeedback(button) { // declare fields and variables var name = document.getElementById("feedbackName"); // required var email = document.getElementById("feedbackEmail"); // required var specifications = document.getElementById("feedbackSpec"); // required var cpu_speed = document.getElementById("feedbackCPUSpeed"); // optional var ram = document.getElementById("feedbackRAM"); // optional var requiredValid = 0; var optionalValid = 0; // check required fields requiredValid = checkField(name, requiredValid, true); requiredValid = checkField(email, requiredValid, true); requiredValid = checkField(specifications, requiredValid, true); // check valid mail address if (email.value.length > 0) { var validMail = new RegExp(".+@.+\\.[a-z]+"); if (email.value.match(validMail)) email.style.border = "solid 1px #666666"; else { email.style.border = "solid 1px blue"; requiredValid += 5; } } // check optional fields optionalValid = checkField(cpu_speed, optionalValid, false); optionalValid = checkField(ram, optionalValid, false); if (requiredValid == 0) { // required fields ok if (optionalValid == 0) { // hide button so no one will click twice button.parentNode.childNodes[0].style.visibility = "hidden"; button.parentNode.childNodes[1].style.visibility = "hidden"; return true; } else { alert("Fields marked with blue may contain unautorized content like ', -- or =\nTry removing sign characters and press submit."); return false; } } else { // required fields not ok if (requiredValid > 4) alert("Red fileds: required fields, must be filled.\n\nBlue fields: may contain unautorized content, try removing sign characters like ' -- = < >.\nIt is recommended to enter only letter and number characters.\n\nPlease fix the problems and press submit."); else alert("Fields marked with red are required.\nPlease fill them and press submit."); return false; } } // check validation of field function checkField(field, valid, required) { if(field.value.length > 0) { if (checkSQLInjectionAndXSS(field.value)) { field.style.border = "solid 1px blue"; valid += 5; } else field.style.border = "solid 1px #666666"; } else if (required) { field.style.border = "solid 1px red"; valid++; } else field.style.border = "solid 1px #666666"; return valid; } // check for sql injection and cross site scripting function checkSQLInjectionAndXSS(str) { str = str.toUpperCase(); var sqlInj = new Array(new RegExp("/(\%27)|(\')|(\-\-)|(\%23)|(#)/ix"), new RegExp("/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i"), new RegExp("/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix"), new RegExp("/((\%27)|(\'))SELECT/ix"), new RegExp("/((\%27)|(\'))INSERT/ix"), new RegExp("/((\%27)|(\'))UPDATE/ix"), new RegExp("/((\%27)|(\'))DROP/ix"), new RegExp("/((\%27)|(\'))DELETE/ix"), new RegExp("/exec+(s|x)p\w+/ix")); var xss = new Array(new RegExp("/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix"), new RegExp("/((\%3C)|<)((\%69)|I|(\%49))((\%6D)|M|(\%4D))((\%67)|G|(\%47))[^\n]+((\%3E)|>)/I"), new RegExp("/((\%3C)|<)[^\n]+((\%3E)|>)/I")); // sql injection for(i=0; i < sqlInj.length; i++) { if (str.match(sqlInj[i])) return true; } // xss for(i=0; i -1) || (str.indexOf("%3C") > -1) || (str.indexOf("<") > -1) || (str.indexOf(">") > -1) || (str.indexOf("%3C%73%63%72%69%70%74%3E") > -1)) return true; else return false; }