Form Validation

**chrish110** · 08-18-2006, 03:50 AM

This may sound like I don't know what I'm talking about and that is mainly because I don't really know how to describe what I want.

Does anyone know of a script that allows the user to input a code given to them (such as a serial number) into a form and have the form validate the authenticity of said number?

I am trying to create a way to have users gain access to a file on my site but I don't want to use password protection.

I probably sound crazy for asking this though. (If possible, I would also like the form to generate its own codes to validate, rather than me specifying the code.)

Any help would be appreciated,
Thanks
Chris

**mburt** · 08-18-2006, 02:08 PM

The only way I can see this being possible is to store all of the data in an array and then validate it from there.. Other than that is seems almost impossible

**Twey** · 08-18-2006, 03:05 PM

http://www.twey.co.uk/?q=encpass
I'm not sure I understand this bit though:

(If possible, I would also like the form to generate its own codes to validate, rather than me specifying the code.)

To what rules should the generated codes conform?

**mwinter** · 08-18-2006, 07:23 PM

Originally Posted by chrish110

Does anyone know of a script that allows the user to input a code given to them (such as a serial number) into a form and have the form validate the authenticity of said number?

Not off-hand, but it shouldn't be implemented client-side; it's insecure.

It's certainly possible to generate numbers that can be verified algorithmically as that's how license keys work. You might be able to find information about secure algorithms on the Web.

Mike

**chrish110** · 08-19-2006, 05:22 PM

Thanks for helping. I know that it should be server-side because that is way more secure. I will look about secure algorithms. In response to Twey, I don't know if I really want rules, just a sort of jumbled numers (it doesn't need letters). I will look at the script that Twey posted. Thanks again.

**mburt** · 08-19-2006, 05:58 PM

Multiplying the character code makes it almost impossible to reverse. There's a password encrypter on Twey's website (if you don't mind me saying), and DD, which multiplies the character code by itself:

Code:

for (i=0;i<=valueb.value.length;i++) {
valuea *= valueb.value.charCodeAt(i)
}

**Twey** · 08-19-2006, 08:31 PM

There's a password encrypter on Twey's website ... which multiplies the character code by itself

Actually, mine is just a frontend to Paj's MD5 routines.

The reason I used these should be noted: while the simple multiplication algorithm given above is quite difficult to reverse, it lacks two of the necessary features of a hash algorithm:

The size of the number changes roughly in proportion to the string, approximately giving away the string's length; the output of a hash algorithm should have a fixed length.
The number generated changes in proportion to the magnitude in changes in the string; for example, John is almost the same as Johm. A hash algorithm should change completely if the string is not the original, no matter how great the changes.

just a sort of jumbled numers (it doesn't need letters).

Then how will you know if the user has got it right or not? Do you intend to store the generated numbers somewhere for comparison?

**mburt** · 08-19-2006, 09:58 PM

Also, knowing how to reverse a single character using this method isn't foolproof either

Ex:

the letters "abc"

the letter "a" (lower-case) would be 97 * 97, which equals 9409
b would be 98 * 98 = 9604
c would be 99 * 99 = 9801

Then all you have to do is multiply the three numbers:

97 * 98 * 99

Hash = 941094

Thread: Form Validation

Thread Tools

Search Thread

Form Validation

Bookmarks

Bookmarks

Posting Permissions