diff options
| author | Jonathan Prykop <jonathan@freeside.biz> | 2015-11-21 01:54:21 -0600 |
|---|---|---|
| committer | Jonathan Prykop <jonathan@freeside.biz> | 2015-11-21 01:54:21 -0600 |
| commit | 45d0f6c6325fb8ab5fdc478a7dc278872defa479 (patch) | |
| tree | e0dead35eba1d7af126a06463dfa8fe122e53755 /httemplate/elements/validate_password.html | |
| parent | 8248d1c6ba608044c8f66a53daab254f476d5c6d (diff) | |
RT#29354: Password Security in Email
Diffstat (limited to 'httemplate/elements/validate_password.html')
| -rw-r--r-- | httemplate/elements/validate_password.html | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/httemplate/elements/validate_password.html b/httemplate/elements/validate_password.html new file mode 100644 index 000000000..fd2cb6ca0 --- /dev/null +++ b/httemplate/elements/validate_password.html @@ -0,0 +1,58 @@ +<%doc> + +To validate passwords via javascript/xmlhttp: + + <INPUT ID="password_field" TYPE="text"> + <DIV ID="password_field_result"> + <& '/elements/validate_password.html', + fieldid => 'password_field', + svcnum => $svcnum + &> + +The ID of the input field can be anything; the ID of the DIV in which to display results +should be the input id plus '_result'. + +</%doc> + +<& '/elements/xmlhttp.html', + 'url' => $p.'misc/xmlhttp-validate_password.html', + 'subs' => [ 'validate_password' ], + 'method' => 'POST', # important not to put passwords in url +&> +<SCRIPT> +function add_password_validation (fieldid) { + var inputfield = document.getElementById(fieldid); + inputfield.onchange = function () { + var fieldid = this.id+'_result'; + var resultfield = document.getElementById(fieldid); + if (this.value) { + resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>'; + validate_password('fieldid',fieldid,'svcnum','<% $opt{'svcnum'} %>','password',this.value, + function (result) { + result = JSON.parse(result); + var resultfield = document.getElementById(result.fieldid); + if (resultfield) { + if (result.valid) { + resultfield.innerHTML = '<SPAN STYLE="color: green;">Password valid!</SPAN>'; + } else if (result.error) { + resultfield.innerHTML = '<SPAN STYLE="color: red;">'+result.error+'</SPAN>'; + } else { + result.syserror = result.syserror || 'Server error'; + resultfield.innerHTML = '<SPAN STYLE="color: red;">'+result.syserror+'</SPAN>'; + } + } + } + ); + } else { + resultfield.innerHTML = ''; + } + }; +} +add_password_validation('<% $opt{'fieldid'} %>'); +</SCRIPT> + +<%init> +my %opt = @_; +</%init> + + |