Checkit by hand


  • Notification Spam Recipient

    Just found a nice little snippet of password validation.
    Yay for RegEx-ing by character?

    function checkit(form2)
                  {
                    var min_length = 8;
                    var min_nonalpha = 1;
                    var min_alpha = 2;
                    var max_repeat = 4;
                    var ok = false;
                    if ( x_old == "" ) { alert("Current password is not specified"); }
                    else if ( x_new == "" ) { alert("New password is not specified"); }
                    else if ( x_cfrm == "" ) { alert("'Confirm your new password' field is blank"); }
                    else if ( x_new != x_cfrm ) { alert("New password is not matched"); }
                    else if ( x_new.length < min_length ) { alert("New password is too short"); }
                    else
                    {
                      x_no = 0;
                      x_alpha = 0;
                      x_lower = 0;
                      x_upper = 0;
                      x_space = 0;
                      x_repeat_max = 0;
                      x_repeat = 0;
                      x_good = 0;
                      ch_last = "";
                      for ( i = 0 ; i < x_new.length ; i++ )
                      {
                        ch = x_new.charAt(i);
                        if (/[A-Za-z]/.test(ch)) { x_alpha++; }
                        if (/[A-Z]/.test(ch)) { x_upper++; }
                        if (/[a-z]/.test(ch)) { x_lower++; }
                        if (/ /.test(ch)) { x_space++; }
                        else { x_no ++; }
                        if ( ch_last == ch ) { x_repeat ++; }
                        else
                        {
                          if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; }
                          ch_last = ch ;
                          x_repeat = 1 ;
                        }
                      }
                      if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; }
                      //alert ( "[x] "+ x_no + " [al] " + x_alpha + " [repeat] " + x_repeat_max);
                      if ( x_no < min_nonalpha ) {
                        alert ("New password should contain at least one non-alpha-character");
                        x_good++;
                      }
                      if ( x_alpha < min_alpha ) {
                        alert ("New password should contain at least 2 alpha characters");
                        x_good++;
                      }
                      if ( x_lower < 1 ) {
                        alert ("New password should contain at least 1 lowercase character");
                        x_good++;
                      }
                      if ( x_upper < 1 ) {
                        alert ("New password should contain at least 1 uppercase character");
                        x_good++;
                      }
                      if ( x_space > 0 ) {
                        alert ("New password should not contain any spaces");
                        x_good++;
                      }
                      if ( x_repeat_max > max_repeat ) {
                        alert ("New password should not contain more than 4 repeated-characters");
                        x_good++;
                      }
                      //if (( x_no >= min_nonalpha ) && ( x_alpha >= min_alpha ) && ( x_repeat_max < max_repeat ))
                      if (x_good == 0 ) {
                        document.form2.submit();
                        ok = true;
                      }
                    }
                    return(ok);
                  }
    

    Then I noticed this happening:

    if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; }
    ...
    if ( x_repeat_max > max_repeat ) { /*blah alert about having repeating characters*/ }
    

    What is going on? Doesn't the first portion handily prevent the second condition from running?


  • Notification Spam Recipient

    Also:

    Someone summon a SJW to help with this!



  • Capital appropriation.



  • Capital punishment?



  • Appropriate. Capital!



  • @Tsaukpaetra said:

    Then I noticed this happening:

    if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; }
    ...
    if ( x_repeat_max > max_repeat ) { /*blah alert about having repeating characters*/ }
    

    What is going on? Doesn't the first portion handily prevent the second condition from running?

    x_repeat is the number of repeated characters at the current position.
    x_repeat_max is the highest that x_repeat has been
    max_repeat is 4

    So no, the conditions are correct.

    What I'm worried about is why they decided to use named constantsvariables for all the minimums and then hard-code their values into the strings.

    And also why they have x_ before every variable.

    And also why the variable that counts bad things is called x_good.


  • Notification Spam Recipient

    @ben_lubar said:

    counts bad things is called x_good.

    Maybe it's in the spirit of the ERRORLEVEL? If no error (i.e. Zero), it was Good, otherwise it's bad.



  • As long as we're returning an integer to represent the error, it may as well represent a position in memory containing information about what error happened. Maybe give it a method named Error that returns a string.



  • [code]
    if (/ /.test(ch)) { x_space++; }
    else { x_no ++; }
    ...
    if ( x_no < min_nonalpha ) {
    alert ("New password should contain at least one non-alpha-character");
    x_good++;
    }
    [/code]

    Nice bug here: counting the number of non-spaces and thinking it's the number of non-alphabetic characters.


  • Discourse touched me in a no-no place

    @Tsaukpaetra said:

    Someone summon a SJW to help with this!

    Cis-majuscule vs trans-minuscule?



  • Draconian stupid password checkers! Why no space? WHYNOSPACE?

    This post written with EM-spaces.


Log in to reply