The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Ned help - Javascript from Php
Discuss Ned help - Javascript from Php in the PHP Development forum on Dev Shed.
Ned help - Javascript from Php PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
January 15th, 2013, 05:08 PM
|
|
Registered User
|
|
Join Date: Jan 2013
Posts: 9
Time spent in forums: 1 h 46 m 40 sec
Reputation Power: 0
|
|
|
Need help - Javascript from Php
Hello all
In my webpage, I have a contact form. When the done button is clicked, it calls a Javascript function that changes the values of the text boxes to reflect the neccesary changes and show warnings.
Code:
var nameStr = safe_string(document.getElementById('cf_name').value);
var emailStr = safe_string(document.getElementById('cf_email').value);
var messageStr = safe_string(document.getElementById('cf_message').value);
if(nameStr == "")
document.getElementById('cf_nameCheck').value = "*Enter your name*";
else
document.getElementById('cf_nameCheck').value = "";
if(emailStr == "" || emailStr.indexOf("@") == -1 || emailStr.indexOf(".") == -1)
document.getElementById('cf_emailCheck').value = "*Enter a valid email*";
else
document.getElementById('cf_emailCheck').value = "";
if(messageStr == "")
document.getElementById('cf_messageCheck').value = "*Enter your message*";
else
document.getElementById('cf_messageCheck').value = "";
document.getElementById('cf_name').value = nameStr;
document.getElementById('cf_email').value = emailStr;
document.getElementById('cf_message').value = messageStr;
if(document.getElementById('cf_nameCheck').value == "")
if(document.getElementById('cf_emailCheck').value == "")
if(document.getElementById('cf_messageCheck').value == "")
open_page('#Email_Sent');
return false;
this is located within a javascript file and shows the user what they did wrong.
safe_string is a function that strips out html from input.
All this is fine, but not when I want to check if the captcha is fine, client side.
In the contact submission, using php, this is the end result of the file.
PHP Code:
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']))
{
$mail_status = mail($mail_to, $subject, $body_message, $headers);
}
it checks if the given captcha is correct.
My problem is, that I cannot find a way to do the Javascript bit, (change the value of the text input) through Php, and cannot figure out how to check the captcha in the javascript.
Either solution fixes my problem, and I have spent a good 3 days researching and am still no closer.
Any help is greatly appreciated.
|
January 15th, 2013, 05:51 PM
|
 |
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
Don't use Javascript to check the CAPTCHA: it'll give bots the opportunity to easily defeat it. It needs to be checked in PHP.
Make the form support getting default values. As in your PHP looks like
PHP Code:
$name = /* value from form, or empty string if not submitted */;
Code:
<input type="name" value="<?php echo htmlentities($name); ?>" />
Then if the CAPTCHA check fails you redisplay the form.
Protip: you should make your PHP support the same verification that the Javascript does, otherwise a malicious user could simply disable Javascript in their browser and fill out the form however they wanted.
|
January 15th, 2013, 07:50 PM
|
|
Registered User
|
|
Join Date: Jan 2013
Posts: 9
Time spent in forums: 1 h 46 m 40 sec
Reputation Power: 0
|
|
Quote: | Originally Posted by requinix
PHP Code:
$name = /* value from form, or empty string if not submitted */;
Code:
<input type="name" value="<?php echo htmlentities($name); ?>" />
|
Does this require the page to be reloaded? Because at the moment, my entire site and all of its 'pages' exist on the index page and a reload defeats the purpose of my design.
Quote: | Originally Posted by requinix
Protip: you should make your PHP support the same verification that the Javascript does, otherwise a malicious user could simply disable Javascript in their browser and fill out the form however they wanted. |
In my Php, I take the values of the relevant text fields and put them into strings. I then strip them the same way I do in the Javascript and check for nulls.
The Php is the part that checks and passes the values onto the email. The Javascript is the part that simply checks and changes text fields and warning labels.
|
January 15th, 2013, 08:25 PM
|
|
Registered User
|
|
Join Date: Jan 2013
Posts: 9
Time spent in forums: 1 h 46 m 40 sec
Reputation Power: 0
|
|
Looking at the current code I have...
Code:
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Change Code ]</a>
This line of code can reload the captcha image, and it does not reload the page.
So is there a way that I can call some sort of Php function that returns a true/false that will allow me to do a
Code:
document.getElementById.value = "*Invalid*"
when this link is clicked?
Code:
<a href ="#!/CheckForm" class="button1" onclick="$(this).closest('form').submit()"onmouseover="" style="cursor: pointer;"><span></span><strong>Send</strong></a>
|
January 15th, 2013, 08:34 PM
|
|
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
|
Yes: AJAX.
You do an AJAX request with the value the user entered to some PHP script which signals (output, return status code, whatever) whether it's correct or not.
|
January 15th, 2013, 08:36 PM
|
|
|
Doing checks and processing on the local browser is a horrible idea. You do not want the value of the captcha within the html document because a bot will have access to the data. If you don't want to reload the frame then use AJAX to request a php page with the form data and then get XML confirmation from the server. Use javascript at that point to change the page.
Quote: | Originally Posted by Squigglyo Looking at the current code I have...
Code:
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Change Code ]</a>
This line of code can reload the captcha image, and it does not reload the page.
So is there a way that I can call some sort of Php function that returns a true/false that will allow me to do a
Code:
document.getElementById.value = "*Invalid*"
when this link is clicked?
Code:
<a href ="#!/CheckForm" class="button1" onclick="$(this).closest('form').submit()"onmouseover="" style="cursor: pointer;"><span></span><strong>Send</strong></a>
|
|
January 15th, 2013, 10:04 PM
|
|
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
Quote: | Originally Posted by portcitysoftwar Doing checks and processing on the local browser is a horrible idea. You do not want the value of the captcha within the html document because a bot will have access to the data. If you don't want to reload the frame then use AJAX to request a php page with the form data and then get XML confirmation from the server. Use javascript at that point to change the page. |
There's nothing wrong with doing validation on the client so long as it's done on the server too. As for CAPTCHA, naturally you wouldn't want to send the correct value to the client in any way, shape, or form... besides the image... but it's fine to send the client's input back to the server as AJAX.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
