#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0

    Need help - Javascript from Php


    Hello all

    In my webpage, I have a contact form. When the done button is clicked, it calls a Javascript function that changes the values of the text boxes to reflect the neccesary changes and show warnings.

    Code:
    var nameStr = safe_string(document.getElementById('cf_name').value);
    			var emailStr = safe_string(document.getElementById('cf_email').value);
    			var messageStr = safe_string(document.getElementById('cf_message').value);
    			
    			if(nameStr == "")
    				document.getElementById('cf_nameCheck').value = "*Enter your name*";
    			else
    				document.getElementById('cf_nameCheck').value = "";
    			
    			if(emailStr == "" || emailStr.indexOf("@") == -1 || emailStr.indexOf(".") == -1)
    				document.getElementById('cf_emailCheck').value = "*Enter a valid email*";
    			else
    				document.getElementById('cf_emailCheck').value = "";
    				
    			if(messageStr == "")
    				document.getElementById('cf_messageCheck').value = "*Enter your message*";
    			else
    				document.getElementById('cf_messageCheck').value = "";	
    			
    			
    			document.getElementById('cf_name').value = nameStr;
    			document.getElementById('cf_email').value = emailStr;
    			document.getElementById('cf_message').value = messageStr;
    			
    			
    			
    			if(document.getElementById('cf_nameCheck').value == "")
    				if(document.getElementById('cf_emailCheck').value == "")
    					if(document.getElementById('cf_messageCheck').value == "")
    						open_page('#Email_Sent');
    			
    			return false;
    this is located within a javascript file and shows the user what they did wrong.
    safe_string is a function that strips out html from input.

    All this is fine, but not when I want to check if the captcha is fine, client side.

    In the contact submission, using php, this is the end result of the file.
    PHP Code:
    include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';

    $securimage = new Securimage();
    if (
    $securimage->check($_POST['captcha_code']))
                        {
                            
    $mail_status mail($mail_to$subject$body_message$headers);
                        } 
    it checks if the given captcha is correct.



    My problem is, that I cannot find a way to do the Javascript bit, (change the value of the text input) through Php, and cannot figure out how to check the captcha in the javascript.



    Either solution fixes my problem, and I have spent a good 3 days researching and am still no closer.

    Any help is greatly appreciated.
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,183
    Rep Power
    9398
    Don't use Javascript to check the CAPTCHA: it'll give bots the opportunity to easily defeat it. It needs to be checked in PHP.

    Make the form support getting default values. As in your PHP looks like
    PHP Code:
    $name /* value from form, or empty string if not submitted */
    Code:
    <input type="name" value="<?php echo htmlentities($name); ?>" />
    Then if the CAPTCHA check fails you redisplay the form.

    Protip: you should make your PHP support the same verification that the Javascript does, otherwise a malicious user could simply disable Javascript in their browser and fill out the form however they wanted.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    Originally Posted by requinix

    PHP Code:
    $name /* value from form, or empty string if not submitted */
    Code:
    <input type="name" value="<?php echo htmlentities($name); ?>" />
    Does this require the page to be reloaded? Because at the moment, my entire site and all of its 'pages' exist on the index page and a reload defeats the purpose of my design.

    Originally Posted by requinix

    Protip: you should make your PHP support the same verification that the Javascript does, otherwise a malicious user could simply disable Javascript in their browser and fill out the form however they wanted.
    In my Php, I take the values of the relevant text fields and put them into strings. I then strip them the same way I do in the Javascript and check for nulls.
    The Php is the part that checks and passes the values onto the email. The Javascript is the part that simply checks and changes text fields and warning labels.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    Looking at the current code I have...

    Code:
    <a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Change Code ]</a>
    This line of code can reload the captcha image, and it does not reload the page.


    So is there a way that I can call some sort of Php function that returns a true/false that will allow me to do a
    Code:
    document.getElementById.value = "*Invalid*"
    when this link is clicked?
    Code:
    <a href ="#!/CheckForm" class="button1" onclick="$(this).closest('form').submit()"onmouseover="" style="cursor: pointer;"><span></span><strong>Send</strong></a>
  8. #5
  9. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,183
    Rep Power
    9398
    Yes: AJAX.

    You do an AJAX request with the value the user entered to some PHP script which signals (output, return status code, whatever) whether it's correct or not.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    Doing checks and processing on the local browser is a horrible idea. You do not want the value of the captcha within the html document because a bot will have access to the data. If you don't want to reload the frame then use AJAX to request a php page with the form data and then get XML confirmation from the server. Use javascript at that point to change the page.

    Originally Posted by Squigglyo
    Looking at the current code I have...

    Code:
    <a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Change Code ]</a>
    This line of code can reload the captcha image, and it does not reload the page.


    So is there a way that I can call some sort of Php function that returns a true/false that will allow me to do a
    Code:
    document.getElementById.value = "*Invalid*"
    when this link is clicked?
    Code:
    <a href ="#!/CheckForm" class="button1" onclick="$(this).closest('form').submit()"onmouseover="" style="cursor: pointer;"><span></span><strong>Send</strong></a>
  12. #7
  13. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,183
    Rep Power
    9398
    Originally Posted by portcitysoftwar
    Doing checks and processing on the local browser is a horrible idea. You do not want the value of the captcha within the html document because a bot will have access to the data. If you don't want to reload the frame then use AJAX to request a php page with the form data and then get XML confirmation from the server. Use javascript at that point to change the page.
    There's nothing wrong with doing validation on the client so long as it's done on the server too. As for CAPTCHA, naturally you wouldn't want to send the correct value to the client in any way, shape, or form... besides the image... but it's fine to send the client's input back to the server as AJAX.

IMN logo majestic logo threadwatch logo seochat tools logo