Test cookies in folder test site?

window.onload can't handle statements directly. It must point to a function (without calling it) thus establishing the handler that will be triggered when the event (window.onload) fires. The handler can be a named function or (more typically) an anonymous function.

Hence you might be looking at something like:

window.onload = function(){
	getC(this.countryname);
	getC(this.firstname);//ERROR 'NOT IMPLIMENTED' THROWN.
	getC(this.lastname);
	getC(this.company);
	getC(this.address);
	getC(this.city);
	getC(this.statename);
	getC(this.postalcode);
	getC(this.phone);
}

However, in this context, this would refer to window , (because window is the object whose event is being handled). Therefore, unless global variables countryname , firstname etc. exist, this.countryname , this.firstname etc. will be falsy (undefined).

It appears that countryname , firstname etc. are form elements, in which case their document nodes need to be properly identified and you need to do this within the window.onload handler.

Hence, try this:

window.onload = function(){
	getC(document.myForm.countryname);
	getC(document.myForm.firstname);
	getC(document.myForm.lastname);
	getC(document.myForm.company);
	getC(document.myForm.address);
	getC(document.myForm.city);
	getC(document.myForm.statename);
	getC(document.myForm.postalcode);
	getC(document.myForm.phone);
}

where "myForm" is the name of your form (not the id).

Regarding cookies, you would do better to use a ready-made javascript cookie utility, eg. here. I have not used this one so I offer it without recommendation but it seems to be quite well documented.

Airshow

Thanks AirShow I'll try it out on my script first. Some people where telling me I had to install ISS server etc. etc. Turns Out I deleted all the ISS console UI and couldn't download it, this computer didn't come with a Windows XP disc so I can't re-install it? Hopefully your suggestion will work or I'm going to need info to reinstall ISS and place the test site in the ISS root folder etc. Will get back tomorrow, I'm busted. Thanks again.

Heinz,

There's nothing in your original question to indicate you need ISS though some other aspect of your application may require it.

Javscript cookies certainly don't need ISS or anything other than a javascript-enabled browser.

Airshow

AirShow thanks, I quessed that if you can write them you can read them and manipulate them etc. I'm amazed at the amount of people that believe they need a server responce to do it.
None the less, javascript may be a loosley typed language but 'syntax' is everything! I should have caught that
getC(document.formcheckout.firstname); Is suposed to retrieve the cookie value and restore the field value. should work on all fields. Haven't done it yet but I'm sure you're right.:)
Will post this to WebDeeloper.Com and SitePoint.
Thanks again AirShow for the Enlightment.

:icon_cool:

AirShow Yes, even the title of the Thread is important. Quick, precise demonstration of the problem in the thread is almost as dificult as learning the language itself. You could say they go hand in glove.
We, the students can only be greatful to the 'Unpaid' Masters or
'Script Gods' for their amazing patience, experience and understanding. Thanks to all.:sweat:

AirShow
I jumped the gun, saveC isn't working. It was before and wrote all the cookies with the onchange of input values that I have applied for each input that I want saved, like this

addEvent(countryname,'change',function(){
saveC(this);
tcountry.innerHTML = countryname.value;},false);

This is the saveC function I'm using

// global variables.
domain = '';//I took the file:Url out because it wasn't working?
path = '/';//I took the path out because it wasn't working?
secure = 0;

// function to save a field.
function saveC(obj) {
var cookie_value = '';
var objType = new String(obj.type);
switch(objType.toLowerCase()) {
case "checkbox" :
if (obj.checked) cookie_value = obj.name + '=[1]'
else cookie_value = obj.name + '=[0]'
break;
case "undefined" :
// a.k.a. radio field.
for (var i = 0; i < obj.length; i++) {
if (obj[i].checked) cookie_value = obj[i].name + '=[' + i + ']'
}
break;
case "select-one" :
cookie_value = obj.name + '=[' + obj.selectedIndex + ']';
break;
case "select-multiple" :
cookie_value = obj.name + '=[';
for (var i = 0; i < obj.options.length; i++) {
if (obj.options[i].selected) cookie_value += '+' + i
}
cookie_value += ']';
break;
default :
// We assume all other fields will have
// a valid obj.name and obj.value
cookie_value = obj.name + '=[' + obj.value + ']';
}
if (cookie_value) {
var expires = new Date();
expires.setYear(expires.getYear() + 1);
document.cookie = cookie_value +
((domain.length > 0) ? ';domain=' + domain : '') +
((path) ? ';path=' + path : '') +
((secure) ? ';secure' : '') +
';expires=' + expires.toGMTString();
}
return 1;
}

This is Current window onload

window.onload = cookies;
function cookies(){
   if(document.cookie.toString())alert(document.cookie);
   else document.cookie='cookie=I am a Cookie';
//always returns 'I am a Cookie' ??? why!!!
}

Heinz,

Try maually deleting the cookie from your cookies directory to make sure you have a clean start now that you have changed things.

Airshow

AirShow
I changed the syntax of all input addevents like this and got it working.

addEvent(countryname,'change',function(){
saveC(this);//I changed this to 
//saveC(this.countryname) and it works
tcountry.innerHTML = countryname.value;},false);

Now I'd like to know if I can saveC on the Login input and compare the value entered in the Login input to the cookie value without retrieveC on the window.load? retrieveC fills in the input but I don't want to fill it in I want to get the cookie value 'login=heinz@hotmail.com' and compare the value of that cookie to the value entered by the client.
Something like this

var login=document.getElementById('login');
var logincookie=document.cookie.login;
addevent(login,change,function(){
//changed this 'if(login.value==logincookie.value)' to
if(login.value.match(logincookie)){
//do stuff
}
else{
//do stuff
}

No worries passwords and financials are all server side aps.
Any hel with syntax grabing the cookie value for comparison would be appreciated.

//changed to if(login.value.match(logincookie))
// took '.value' out and it works!!

Now I'd like to know if I can saveC on the Login input and compare the value entered in the Login input to the cookie value without retrieveC on the window.load? retrieveC fills in the input but I don't want to fill it in I want to get the cookie value 'login=heinz@hotmail.com' and compare the value of that cookie to the value entered by the client.

You can do this but:
a) this is an unusual sort of security device
b) there's only meaningful value in it if you store an irrersibly encrypted version of the Login. Otherwise someone with access to the computer could read username and password in plain language and the intended security is compromised.

For meaningful encryption you will need to use an algorithm such as MD5, for which javascript scripts are available for free download (Google "Javascript MD5").

Once you have your MD5 script installed, you would (in pseudocode):
a) store MD5(original_login) in the cookie
b) perform the check by comparing MD5(this_session_login) === stored_cookie_login .

In order to retreive a cookie value without populating its form field, you really need to separate out the cookie handling from the form handling in your two functions getC and saveC (ie. four functions, two of which call the other two). This will avoid unnecessary duplication of code and allow you to get/set values in the cookie independently of reading/writing the form fields.

Airshow

Airshow

1. would MD5 be linked to the page like the external.js?

   var loginc = getC(login)
   if(login.value.match.MD5(loginc)){//do stuff?}

Something like that or is match not the correct comparison?
**Just got back from an MD5 site that states 'To run the unit tests, you will need Python 2.5 or newer.' is that true? **

Heinz,

That's about right. Certainly keep the MD5 code in a separate file but the comparison will be a straightforward === .

<head>
.....
<script src="md5.js"></script>
<script>
.....
  var loginc = getC(login);
  if( getCookieVal(encrypted_login) === MD5(loginc) ){
    .....
}
.....
</script>
</head>

Airshow

Airshow

MD5 implies posting to the server on input change. Say I have a login input that I want to create a cookie for every time the input value is changed, every time MD5 is applied, is there a server response or just a rehash untill submit?:S

Hi Airshow this is 2010 post that I'm trying to mark as resolved. The issue was linking to MD5.js and storing cookies. If I use 'this_session_logincookie_MD5' the security would still be compromised if the client didn't have their own login before accessing the site. The cookie would not be readable itself until the client entered the site and entered their login email address and password. Then if they matched the info on the server the rest of the inputs in the form would be auto filled! They can change the info if they want which will reset the cookies for the next session? Seems far more logical and secure?
Please let me know so I can mark the post resolved? I'm copying and pasting this message as a reply to the post. Hope all is well with you and yours.

Best regards, Heinz Stapff :(

Heinz,

Ultimately, in a client-server app, any attempt to perform a password check client-side will be (a) insecure and (b) not portable from computer to computer. For these reasons the standard approach is to do the check server-side.

The reason a client-side solution is insecure is that it can be bypassed. The server would have to rely on a assertion from the client saying that login had been achieved; this assertion could easily be spoofed.

Cookies are sometimes used for propagating what is known as a "session token" generated by the server, but not the encrypted password itself. A session token helps keep a login alive from page to page after login has been achieved, but is not involved in the password check itself.

Airshow

Airshow Thanks for the response. OK. so the first two inputs 'login' which is an email address and 'password' are php query database types and the client side javascript security is their format/characters allowed and length?
MD5.js would be run on the password so that even the database record would not be readable but would be run in reverse to match it to the client input but never saved as a cookie? Only the 'login/email' would be readable and saved as a cookie that would launch the database query to match the 'password' input? Is there an example of this process you can direct me to Using PHP or other language with MD5?:-/

so the first two inputs 'login' which is an email address and 'password' are php query database types

Yes.

More formally, they will be HTML input elements inside a form element, as follows:

<form action="..." method="...">
email address: <input type="text" name="login"><br/>
password: <input type="password" name="password"><br/>
<input type="submit" value="Login">
</form>

When the form is submitted, the values entered by the user will be passed to a php script, which will check these values against those held in a database record.

and the client side javascript security is their format/characters allowed and length?

Yes, but format checks are for "validation", not "security". If validation fails, form submission should be suppressed and a warning message should be displayed to the user.

MD5.js would be run on the password so that even the database record would not be readable

Yes.

but would be run in reverse to match it to the client input but never saved as a cookie?

No, MD5 is not reversible. Instead, compare MD5($password) with the stored value, MD5($original_password).

Only the 'login/email' would be readable and saved as a cookie that would launch the database query to match the 'password' input?

Typically, the HTML form will have a checkbox, "Log me in automatically". If checked, the server will send back a cookie to the user, containing the email and password, such that logon is automatic next time the site is visited from the same computer.

Is there an example of this process you can direct me to Using PHP or other language with MD5?:-/

I have not read every word, but this seems to provide a reasonable narrative and sample php code.

Airshow

Airshow thanks again for the excellent response. Will check it out tomorrow and post back.

Airshow actually I will be using 'onchange' event of login input which will be visible. When the input is not blank javascript will ensure that a valid email is entered then search the database members table for id that equals the email address if none exists the password and confirm password will be revealed. If they are a member then only the password will be revealed. The client will have to enter their password every time and it will be MD5 and it's cookie will not be saved. If the password and login match the members table then the rest of the forms inputs will be revealed allowing them to make changes to shipping and payment options.

Thanks for your assistance again and I will mark this post as resolved as soon as I get a working example going. DaniWeb does have excelent examples of PHP Login and register Validation:)