diff options
| author | Jonathan Prykop <jonathan@freeside.biz> | 2015-11-21 01:54:21 -0600 |
|---|---|---|
| committer | Jonathan Prykop <jonathan@freeside.biz> | 2015-12-14 20:21:41 -0600 |
| commit | 32b783795ee3a39752fc72f2c861eac8cdb6d12a (patch) | |
| tree | 9fca89413ee5aceca3ad6b8a547dea3da37a3f4d /httemplate/elements/validate_password.html | |
| parent | a2d1bca6d13c6760f2c7c2de677da4df3f9e5c3e (diff) | |
RT#29354: Password Security in Email
Diffstat (limited to 'httemplate/elements/validate_password.html')
| -rw-r--r-- | httemplate/elements/validate_password.html | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/httemplate/elements/validate_password.html b/httemplate/elements/validate_password.html new file mode 100644 index 000000000..fd2cb6ca0 --- /dev/null +++ b/httemplate/elements/validate_password.html @@ -0,0 +1,58 @@ +<%doc> + +To validate passwords via javascript/xmlhttp: + + <INPUT ID="password_field" TYPE="text"> + <DIV ID="password_field_result"> + <& '/elements/validate_password.html', + fieldid => 'password_field', + svcnum => $svcnum + &> + +The ID of the input field can be anything; the ID of the DIV in which to display results +should be the input id plus '_result'. + +</%doc> + +<& '/elements/xmlhttp.html', + 'url' => $p.'misc/xmlhttp-validate_password.html', + 'subs' => [ 'validate_password' ], + 'method' => 'POST', # important not to put passwords in url +&> +<SCRIPT> +function add_password_validation (fieldid) { + var inputfield = document.getElementById(fieldid); + inputfield.onchange = function () { + var fieldid = this.id+'_result'; + var resultfield = document.getElementById(fieldid); + if (this.value) { + resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>'; + validate_password('fieldid',fieldid,'svcnum','<% $opt{'svcnum'} %>','password',this.value, + function (result) { + result = JSON.parse(result); + var resultfield = document.getElementById(result.fieldid); + if (resultfield) { + if (result.valid) { + resultfield.innerHTML = '<SPAN STYLE="color: green;">Password valid!</SPAN>'; + } else if (result.error) { + resultfield.innerHTML = '<SPAN STYLE="color: red;">'+result.error+'</SPAN>'; + } else { + result.syserror = result.syserror || 'Server error'; + resultfield.innerHTML = '<SPAN STYLE="color: red;">'+result.syserror+'</SPAN>'; + } + } + } + ); + } else { + resultfield.innerHTML = ''; + } + }; +} +add_password_validation('<% $opt{'fieldid'} %>'); +</SCRIPT> + +<%init> +my %opt = @_; +</%init> + + |