Checkit by hand
-
Just found a nice little snippet of password validation.
Yay for RegEx-ing by character?function checkit(form2) { var min_length = 8; var min_nonalpha = 1; var min_alpha = 2; var max_repeat = 4; var ok = false; if ( x_old == "" ) { alert("Current password is not specified"); } else if ( x_new == "" ) { alert("New password is not specified"); } else if ( x_cfrm == "" ) { alert("'Confirm your new password' field is blank"); } else if ( x_new != x_cfrm ) { alert("New password is not matched"); } else if ( x_new.length < min_length ) { alert("New password is too short"); } else { x_no = 0; x_alpha = 0; x_lower = 0; x_upper = 0; x_space = 0; x_repeat_max = 0; x_repeat = 0; x_good = 0; ch_last = ""; for ( i = 0 ; i < x_new.length ; i++ ) { ch = x_new.charAt(i); if (/[A-Za-z]/.test(ch)) { x_alpha++; } if (/[A-Z]/.test(ch)) { x_upper++; } if (/[a-z]/.test(ch)) { x_lower++; } if (/ /.test(ch)) { x_space++; } else { x_no ++; } if ( ch_last == ch ) { x_repeat ++; } else { if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; } ch_last = ch ; x_repeat = 1 ; } } if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; } //alert ( "[x] "+ x_no + " [al] " + x_alpha + " [repeat] " + x_repeat_max); if ( x_no < min_nonalpha ) { alert ("New password should contain at least one non-alpha-character"); x_good++; } if ( x_alpha < min_alpha ) { alert ("New password should contain at least 2 alpha characters"); x_good++; } if ( x_lower < 1 ) { alert ("New password should contain at least 1 lowercase character"); x_good++; } if ( x_upper < 1 ) { alert ("New password should contain at least 1 uppercase character"); x_good++; } if ( x_space > 0 ) { alert ("New password should not contain any spaces"); x_good++; } if ( x_repeat_max > max_repeat ) { alert ("New password should not contain more than 4 repeated-characters"); x_good++; } //if (( x_no >= min_nonalpha ) && ( x_alpha >= min_alpha ) && ( x_repeat_max < max_repeat )) if (x_good == 0 ) { document.form2.submit(); ok = true; } } return(ok); }
Then I noticed this happening:
if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; } ... if ( x_repeat_max > max_repeat ) { /*blah alert about having repeating characters*/ }
What is going on? Doesn't the first portion handily prevent the second condition from running?
-
Also:
Someone summon a SJW to help with this!
-
Capital appropriation.
-
Capital punishment?
-
Appropriate. Capital!
-
Then I noticed this happening:
if ( x_repeat > x_repeat_max ) { x_repeat_max = x_repeat; } ... if ( x_repeat_max > max_repeat ) { /*blah alert about having repeating characters*/ }
What is going on? Doesn't the first portion handily prevent the second condition from running?
x_repeat is the number of repeated characters at the current position.
x_repeat_max is the highest that x_repeat has been
max_repeat is 4So no, the conditions are correct.
What I'm worried about is why they decided to use named
constantsvariables for all the minimums and then hard-code their values into the strings.And also why they have
x_
before every variable.And also why the variable that counts bad things is called
x_good
.
-
counts bad things is called x_good.
Maybe it's in the spirit of the ERRORLEVEL? If no error (i.e. Zero), it was Good, otherwise it's bad.
-
As long as we're returning an integer to represent the error, it may as well represent a position in memory containing information about what error happened. Maybe give it a method named
Error
that returns a string.
-
[code]
if (/ /.test(ch)) { x_space++; }
else { x_no ++; }
...
if ( x_no < min_nonalpha ) {
alert ("New password should contain at least one non-alpha-character");
x_good++;
}
[/code]Nice bug here: counting the number of non-spaces and thinking it's the number of non-alphabetic characters.
-
-
Draconian stupid password checkers! Why no space? WHYNOSPACE?
This post written with EM-spaces.