Re[2]: [Flashcoders] as 2 email validation class

2006-11-19 Thread R�kos Attila 

I have attached a class which - hopefully - takes care of each
possible issue :)

  Attila___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: Re[2]: [Flashcoders] as 2 email validation class

2006-11-19 Thread Andrei Thomaz 

there is a problem with the behavior described below:

"The above script check for a "@" followed by the last instance of "."..."

This turns e-mails from some countries (like [EMAIL PROTECTED])
invalid. For example, I had to fix the e-mail validation in the code of some
CMS to develop some sites for brazilians, where we can have e-mails like
[EMAIL PROTECTED], [EMAIL PROTECTED] and so on).


[]'s
andrei




On 11/19/06, Rákos Attila <[EMAIL PROTECTED]> wrote:



This is much better, but not perfect yet :) It still lets pass strings
like @., [EMAIL PROTECTED], [EMAIL PROTECTED], foo@@foo.com, etc.

I think that validating carefully everything what comes from the user
is an essential thing, and we have to don't allow "breaking" programs
by wrong inputs. It concerns not only e-mail addresses but any input
data. There are two cases when the user passes wrong input to the
program:

- the user mistyped something or forgot to fill the value at all
  (unintentionally)
- somebody tries to hack the program intentionally

We have to take care of both cases, because we should provide the most
perfect experience for the user (just take your example: somebody
mistypes his/her e-mail address during a registration process and
vainly waits for the confirmation mail) and avoid any vulnerability
which allows malicious users to hack the program (even when we cannot
imagine what harm a wrong input can cause - may be somebody is more
inventive and figures out something).


JB> Another one I've used is this:
JB> --
JB> // vars
JB> var checkStr:String =
JB> "._-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
JB> var isValid:Boolean;
JB> var inputTxt:TextInput;
JB> var valBtn:Button;
JB> var resultTxt:TextArea;
JB>
JB> function clicked() {
JB> resultTxt.text = (validateEmail(inputTxt.text)) ? "email is valid"
:
JB> "email is not valid";
JB> }
JB> valBtn.addEventListener("click", clicked);
JB>
JB> function validateEmail(ti:String):Boolean {
JB> // ti = text input field string
JB> atChrIndex = ti.indexOf("@");
JB> dtChrIndex = ti.lastIndexOf(".");
JB> if(atChrIndex < dtChrIndex){
JB> frstStr = ti.slice(0,atChrIndex);
JB> mdleStr = ti.slice(atChrIndex+1, dtChrIndex);
JB> lastStr = ti.slice(dtChrIndex+1, ti.length);
JB> if(getStrValid(frstStr) && getStrValid(mdleStr) &&
getStrValid(lastStr)){
JB> return true;
JB> } else {
JB> return false;
JB> }
JB> } else {
JB> return false;
JB> }
JB> }
JB>
JB> function getStrValid(ti:String):Boolean {
JB> isValid = true;
JB> for(var i=0;i if(checkStr.indexOf(ti.charAt(i)) == -1) isValid = false;
JB> }
JB> return isValid;
JB> }
JB> --
JB>
JB> The above script check for a "@" followed by the last instance of ".",
JB> and then splits the email string into three separate strings, and then
JB> checks if all the characters in those strings correspond to checkStr.
In
JB> my script, more than one "." character is allowed in the email, cause
JB> I've seen some addresses being something like
JB> "[EMAIL PROTECTED]", which isn't allowed in
JB> Bokelberg's script.
JB>
JB> Email validation is fine, to a certain point. Maybe it's just me, but
I
JB> try and spend the least amount of time on the issue; if a user wants
to
JB> purposefully try and break the email validation (which they would need
JB> to in order to get past a script like the above) then they deserve not
JB> to get signed up for whatever. A good signup routine is not just about
JB> email validation, but about confirmation: if they purposefully put in
an
JB> invalid email (which gets past the above routine), then they can't
JB> confirm. Sucks to be them.
JB>
JB> Of course, the simplest thing if you're doing a lot of string
validation
JB> in your AS2 application is to use a RegExp class.


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re[2]: [Flashcoders] as 2 email validation class

2006-11-19 Thread R�kos Attila 

This is much better, but not perfect yet :) It still lets pass strings
like @., [EMAIL PROTECTED], [EMAIL PROTECTED], foo@@foo.com, etc.

I think that validating carefully everything what comes from the user
is an essential thing, and we have to don't allow "breaking" programs
by wrong inputs. It concerns not only e-mail addresses but any input
data. There are two cases when the user passes wrong input to the
program:

- the user mistyped something or forgot to fill the value at all
  (unintentionally)
- somebody tries to hack the program intentionally

We have to take care of both cases, because we should provide the most
perfect experience for the user (just take your example: somebody
mistypes his/her e-mail address during a registration process and
vainly waits for the confirmation mail) and avoid any vulnerability
which allows malicious users to hack the program (even when we cannot
imagine what harm a wrong input can cause - may be somebody is more
inventive and figures out something).


JB> Another one I've used is this:
JB> --
JB> // vars
JB> var checkStr:String = 
JB> "._-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
JB> var isValid:Boolean;
JB> var inputTxt:TextInput;
JB> var valBtn:Button;
JB> var resultTxt:TextArea;
JB> 
JB> function clicked() {
JB> resultTxt.text = (validateEmail(inputTxt.text)) ? "email is valid" : 
JB> "email is not valid";
JB> }
JB> valBtn.addEventListener("click", clicked);
JB> 
JB> function validateEmail(ti:String):Boolean {
JB> // ti = text input field string
JB> atChrIndex = ti.indexOf("@");
JB> dtChrIndex = ti.lastIndexOf(".");
JB> if(atChrIndex < dtChrIndex){
JB> frstStr = ti.slice(0,atChrIndex);
JB> mdleStr = ti.slice(atChrIndex+1, dtChrIndex);
JB> lastStr = ti.slice(dtChrIndex+1, ti.length);
JB> if(getStrValid(frstStr) && getStrValid(mdleStr) && 
getStrValid(lastStr)){
JB> return true;
JB> } else {
JB> return false;
JB> }
JB> } else {
JB> return false;
JB> }
JB> }
JB> 
JB> function getStrValid(ti:String):Boolean {
JB> isValid = true;
JB> for(var i=0;i if(checkStr.indexOf(ti.charAt(i)) == -1) isValid = false;
JB> }
JB> return isValid;
JB> }
JB> --
JB> 
JB> The above script check for a "@" followed by the last instance of ".", 
JB> and then splits the email string into three separate strings, and then 
JB> checks if all the characters in those strings correspond to checkStr. In 
JB> my script, more than one "." character is allowed in the email, cause 
JB> I've seen some addresses being something like 
JB> "[EMAIL PROTECTED]", which isn't allowed in 
JB> Bokelberg's script.
JB> 
JB> Email validation is fine, to a certain point. Maybe it's just me, but I 
JB> try and spend the least amount of time on the issue; if a user wants to 
JB> purposefully try and break the email validation (which they would need 
JB> to in order to get past a script like the above) then they deserve not 
JB> to get signed up for whatever. A good signup routine is not just about 
JB> email validation, but about confirmation: if they purposefully put in an 
JB> invalid email (which gets past the above routine), then they can't 
JB> confirm. Sucks to be them.
JB> 
JB> Of course, the simplest thing if you're doing a lot of string validation 
JB> in your AS2 application is to use a RegExp class.


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re[2]: [Flashcoders] as 2 email validation class

2006-11-18 Thread R�kos Attila 

Well, this is too simple, there are too many invalid strings which are
considered as valid by this script. I think if you validate the input,
then do it correctly or don't validate at all :) An incomplete
validation makes you feel that your data is valid and secure, however
it can lead to unexpected problems later.

  Attila

JB> I got a much simpler one:
JB> 
JB> Check for invalidity:
JB> 
JB> // ti = text input field
JB> if((ti.text.indexOf("@") == -1) || 
JB> (ti.text.indexOf(".",(ti.text.indexOf("@")+2)) == -1) ) {
JB> // email is invalid
JB> }
JB> 
JB> OR...
JB> 
JB> Check for validity:
JB> 
JB> // ti = text input field
JB> if((ti.text.indexOf("@") != -1) && 
JB> (ti.text.indexOf(".",(ti.text.indexOf("@")+2)) != -1) ) {
JB> // email is valid
JB> }


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com