PDA

View Full Version : Form Validation



chrish110
08-18-2006, 03:50 AM
This may sound like I don't know what I'm talking about and that is mainly because I don't really know how to describe what I want.

Does anyone know of a script that allows the user to input a code given to them (such as a serial number) into a form and have the form validate the authenticity of said number?

I am trying to create a way to have users gain access to a file on my site but I don't want to use password protection.

I probably sound crazy for asking this though. (If possible, I would also like the form to generate its own codes to validate, rather than me specifying the code.)

Any help would be appreciated,
Thanks
Chris

mburt
08-18-2006, 02:08 PM
The only way I can see this being possible is to store all of the data in an array and then validate it from there.. Other than that is seems almost impossible :)

Twey
08-18-2006, 03:05 PM
http://www.twey.co.uk/?q=encpass
I'm not sure I understand this bit though:
(If possible, I would also like the form to generate its own codes to validate, rather than me specifying the code.)To what rules should the generated codes conform?

mwinter
08-18-2006, 07:23 PM
Does anyone know of a script that allows the user to input a code given to them (such as a serial number) into a form and have the form validate the authenticity of said number?

Not off-hand, but it shouldn't be implemented client-side; it's insecure.

It's certainly possible to generate numbers that can be verified algorithmically as that's how license keys work. You might be able to find information about secure algorithms on the Web.

Mike

chrish110
08-19-2006, 05:22 PM
Thanks for helping. I know that it should be server-side because that is way more secure. I will look about secure algorithms. In response to Twey, I don't know if I really want rules, just a sort of jumbled numers (it doesn't need letters). I will look at the script that Twey posted. Thanks again.

mburt
08-19-2006, 05:58 PM
Multiplying the character code makes it almost impossible to reverse. There's a password encrypter on Twey's website (if you don't mind me saying), and DD, which multiplies the character code by itself:


for (i=0;i<=valueb.value.length;i++) {
valuea *= valueb.value.charCodeAt(i)
}

Twey
08-19-2006, 08:31 PM
There's a password encrypter on Twey's website ... which multiplies the character code by itselfActually, mine is just a frontend to Paj's MD5 routines.

The reason I used these should be noted: while the simple multiplication algorithm given above is quite difficult to reverse, it lacks two of the necessary features of a hash algorithm:The size of the number changes roughly in proportion to the string, approximately giving away the string's length; the output of a hash algorithm should have a fixed length. The number generated changes in proportion to the magnitude in changes in the string; for example, John is almost the same as Johm. A hash algorithm should change completely if the string is not the original, no matter how great the changes.
just a sort of jumbled numers (it doesn't need letters).Then how will you know if the user has got it right or not? Do you intend to store the generated numbers somewhere for comparison?

mburt
08-19-2006, 09:58 PM
Also, knowing how to reverse a single character using this method isn't foolproof either

Ex:

the letters "abc"

the letter "a" (lower-case) would be 97 * 97, which equals 9409
b would be 98 * 98 = 9604
c would be 99 * 99 = 9801

Then all you have to do is multiply the three numbers:

97 * 98 * 99

Hash = 941094