Jeroen van Zijp 0 Newbie Poster

Hey all,

To make it more user-friendly, I decided I want to add a JS form validation to my contact form. The essence of the JS should be that it calls for a check.php?input= with the entered captcha code appended. Then the PHP script would echo "valid" or "invalid".

For the client-side scripting, this is what I have now:

function validate_captcha() {

	var url = 'check.php?input=';

	function getHTTPObject() {
		try {
			req = new XMLHttpRequest();
		} catch (err1) {
			try
			{
				req = new ActiveXObject("Msxml12.XMLHTTP");
			}
			catch (err2)
			{
				try
				{
					req = new ActiveXObject("Microsoft.XMLHTTP");
				}
				catch (err3)
				{
					req = false;
				}
			}
		}
		return req;
	}

	var http = getHTTPObject();

	function useHttpResponse() {
		if (http.readyState == 4) {
			var response = http.responseText;
			if (response == "invalid")
			{
				document.getElementById("security").setAttribute("class", "notValid");
				valid = false;
			}
		}
	}

	function checkcode(thecode) {
		http.open("GET", url + escape(thecode), true);
		http.onreadystatechange = useHttpResponse;
		http.send(null);
	}

	if (document.contact.security.value=='') {
		document.getElementById("security").setAttribute("class", "notValid");
		valid = false;
	} else if (document.contact.security.value.length > 0) {
		checkcode(document.contact.security.value);
	}

}

The PHP is this:

<?php
	
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); 

	session_start();

	$input = $_GET['input'];
	$input = md5($input);

	if ( $input == $_SESSION['rand'] ) {
		echo 'valid';
	} else {
		echo 'invalid';
	}

?>

The execution of the JS function is done with a onkeyup bind. As far as I can see in Firebug, the JS indeed runs when a key comes up with typing. I can see that the check.php?input=1234 is being called for. But my problem is that no matter if there is a good input or a wrong input in the form field, the response is always 7 bytes. (I assume this is the word "invalid"). But when I manually use check.php, the valid/invalid output does work as wanted.

Is there something I'm missing out on? I'm quite bad at JavaScript, so go a bit easy on me. :)

Thanks!