/* '** Javascript validation code '* This code is loaded into web pages to carry out validation of user input fields. '* version [1.1] 14-APR-2003 EPG - Allow '/' in address fields '* version [1.2] 14-APR-2003 EPG - Allow '&' in address fields '* version [1.3] 09 OCT 2003 BAJ - Increased MaxLength of EmailAddress from 40 to 70 characters '* version [1.4] 2005-08-17 LAS - Allow '000' to be entered as a credit card security number '* version [1.5] 10/02/2006 16:49 BAJ - Increasing UIV_MAXLENGTH_ADDRESS '* version [1.6] 12/04/2007 12:47 SHS - 07-4438 Desc: Input validation for XSS weakness. The problem was occuring due to "<" ">" going into the data. '* Its require to validate all the hidden and text fields for the brackets. There is already check on the the form fields which checks for all the '* special characters but if data comes from querystring no check was getting performed.The new validateInput function can be called on body onload. '* It will check all the hidden and text field values present on the page for the "<" ">", if found will correct the values. '* version [1.7] 14/04/2008 DB - Put validation in for CC start date to not allow user entering a future start date '* version [1.8] 16/05/2008 Gopi - Country validation is not allowing ambersand(&) in between country names ie..(Bosnia & Herzegovina) '* version [1.9] 24/09/2008 SREE -validation added for the email address field to disallow emails of type 'test.test@test' */ var UIV_MAXLENGTH_NAME = 45 var UIV_MAXLENGTH_EMAILADDRESS = 70 var UIV_MAXLENGTH_LISTEDAS = 255 var UIV_MAXLENGTH_ADDRESS = 128 var UIV_MAXLENGTH_CITY = 40 var UIV_MAXLENGTH_STATE = 255 var UIV_MAXLENGTH_COUNTRY = 255 var UIV_MAXLENGTH_ZIPCODE = 14 var UIV_MAXLENGTH_POSTALCODE = 14 var UIV_MAXLENGTH_CARDNUMBER = 19 var UIV_MAXLENGTH_SECURITYCODE = 19 var UIV_MAXLENGTH_PHONEFAX = 20 var UIV_MAXLENGTH_USEREMAIL = 255 var UIV_MAXLENGTH_PASSWORD = 255 var UIV_MAXLENGTH_FULL_NAME = 34 function CheckUserLogon(sField) /* '* Validates a user login field. The login field must be formatted as an email address. */ { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_USEREMAIL) || (!IsValidUserLogon(sField)))); } function CheckName(sField) /* '* Validates a user name field. The user name must be alphabetic. */ { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_NAME) || (!IsAlpha(sField)))); } function CheckNickName(sField) /* '* Validates a nickname field. The nickname is limited in length to 45. */ { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_NAME) )); } function CheckFullName(sField) /* '* Validates a full name field. The full name must be alpha and must be 34 chars or less. */ { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_FULL_NAME) || (!IsAlpha(sField)))); } function CheckAddress1(sField) /* '* Validates a address line 1 field. */ { var AddressPattern = /[^\xC0-\xFF0-9a-zA-Z\#\,\.\'\(\)\-\/\&\ ]{1,}/ var bRetVal = false; if((!IsNull(sField)) && (!IsFieldValueOverFlow(sField, UIV_MAXLENGTH_ADDRESS))) bRetVal = (!AddressPattern.test(sField)); return bRetVal; } function CheckAddress2(sField) { var AddressPattern = /[^0-9a-zA-Z\#\,\.\'\-\/\&\ ]{1,}/ var bRetVal = true; if (!IsNull(sField)) { if(!IsFieldValueOverFlow(sField, UIV_MAXLENGTH_ADDRESS)) bRetVal = (!AddressPattern.test(sField)); else bRetVal = false; } return bRetVal; } function CheckCity(sField) { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_CITY) || (!IsAlpha(sField)))); } function CheckState(sField) { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_STATE) || (!IsAlpha(sField)))); } function CheckCountry(sField) { //start[1.8]-adding '&' in the expression var CountryPattern = /[^0-9a-zA-Z\,\-\&\ ]{1,}/ //End [1.8] var bRetVal = false; if ((!IsNull(sField)) && (!IsFieldValueOverFlow(sField, UIV_MAXLENGTH_COUNTRY))) bRetVal = (!CountryPattern.test(sField)); return bRetVal; //return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_COUNTRY) || (!IsAlpha(sField)))); } function CheckZipCode(sField) { var ZipCodePattern = /[^0-9\-\ ]{1,}/ var bRetVal = false; if ((!IsNull(sField)) && (!IsFieldValueOverFlow(sField, UIV_MAXLENGTH_ZIPCODE))) bRetVal = (!ZipCodePattern.test(sField)); return bRetVal; } function CheckPostalCode(sField) { var ListedAsPattern = /[^\xC0-\xFF0-9a-zA-Z\-\_\ ]{1,}/ var bRetVal = true; if (IsFieldValueOverFlow(sField, UIV_MAXLENGTH_POSTALCODE) || IsNull(sField)) bRetVal = false; else bRetVal = (!ListedAsPattern.test(sField)); return bRetVal; } function CheckPhoneFaxNumber(sField) { var bRetVal = true; var PhoneFaxPattern = /[^0-9]/ var Pattern = /[\.\-\(\)\ ]{1,}/ if (!IsNull(sField)) { while(Pattern.test(sField)) sField = sField.replace(Pattern,""); if(!IsFieldValueOverFlow(sField, UIV_MAXLENGTH_PHONEFAX)) bRetVal = (!PhoneFaxPattern.test(sField)); else bRetVal = false; } return bRetVal; } function CheckListedAs(sField) { var ListedAsPattern = /[^0-9a-zA-Z\-\_\ ]{1,}/ var bRetVal = true; if (IsFieldValueOverFlow(sField, UIV_MAXLENGTH_LISTEDAS) || IsNull(sField)) bRetVal = false; else bRetVal = (!ListedAsPattern.test(sField)); return bRetVal; } function CheckCreditCard(sField) { var CardPattern = /[^0-9\-\ ]{1,}/ var bRetVal = true; sField = sField.replace(/\s/g, "") if (sField != 'null') { if ((IsNull(sField)) || (CardPattern.test(sField)) || (IsFieldValueOverFlow(sField, UIV_MAXLENGTH_CARDNUMBER))) { bRetVal = false; } // LUHN10 check var sum = 0; var mul = 1; var l = sField.length; var i = 0; var digit; var tproduct; for (i = 0; i < l; i++) { digit = sField.substring(l-i-1,l-i); tproduct = parseInt(digit ,10)*mul; if (tproduct >= 10) {sum += (tproduct % 10) + 1;} else {sum += tproduct;} if (mul == 1) {mul++;} else {mul--;} } if ((sum % 10) != 0) {bRetVal = false;} else {bRetVal = true;} } return bRetVal; } function CheckSecurityCode(sField) { var CodePattern = /[^0-9]/ var bRetVal = true; if (sField != 'null') { if ((IsNull(sField)) || (CodePattern.test(sField)) || (IsFieldValueOverFlow(sField, UIV_MAXLENGTH_SECURITYCODE))) { bRetVal = false; } else { // [1.4] 2005-08-17 LAS - code to help allow '000' if(sField.length > 4 || sField.length < 3) { bRetVal = false; } } } return bRetVal; } // [1.7] Start of function CheckStartCCDate(sField) { var nowDate = new Date(); var nowYear = nowDate.getFullYear(); var nowMonth = nowDate.getMonth() + 1; var startMonth; var startYear; var arrDate var bRetVal = true; if (!IsNull(sField)) { // split the array arrDate = sField.split('+'); startMonth = arrDate[0]; startYear = arrDate[1]; if((!isNaN(startMonth) && !isNaN(startYear)) && (!IsNull(startMonth) && !IsNull(startYear))) { if (startYear > nowYear) { bRetVal = false; } else if ((startYear == nowYear) && (startMonth > nowMonth)) { bRetVal = false; } } else if (IsNull(startMonth) && IsNull(startYear)) { } else { bRetVal = false; } } else { bRetVal = false; } return bRetVal; } // [1.7] End of function CheckExpCCDate(sField) { var nowDate = new Date(); var nowYear = nowDate.getFullYear(); var nowMonth = nowDate.getMonth() + 1; var expMonth; var expYear; var arrDate var bRetVal = true; if (!IsNull(sField)){ // split the array arrDate = sField.split('+'); expMonth = eval(arrDate[0]); expYear = eval(arrDate[1]); //alert(sField + '\n\n' + expYear + '<--expY nowY-->' + nowYear + '\n\n' + expMonth + '<--expM nowM-->' + nowMonth); if(!isNaN(expMonth) && !isNaN(expYear)){ if (expYear <= nowYear) { if (expMonth < nowMonth){ bRetVal = false; } } }else{ bRetVal = false; }; }else{ bRetVal = false; } return bRetVal; } function CheckEmail(sEmailID) { var bRetVal = true; bRetVal = (!IsNull(sEmailID)); sEmailID = Trim(sEmailID); if (IsFieldValueOverFlow(sEmailID, UIV_MAXLENGTH_EMAILADDRESS)) bRetVal = false; if (sEmailID.indexOf("@") == -1 || sEmailID.indexOf(".") == -1) { bRetVal = false; } else { var sUser = sEmailID.substring(0, sEmailID.indexOf("@")) var sDomain = sEmailID.substring(sEmailID.indexOf("@")+1, sEmailID.length) var Pattern = /[^\xC0-\xFFa-zA-Z0-9_().\-]/ var Patterndoubledot = /[.]{2,}/ //start[1.9]-adding extra email check var sEmailPattern = /^[a-zA-Z0-9._-]+@([a-zA-Z0-9.-]+\.)+[a-zA-Z0-9.-]{2,4}$/; //End[1.9] if( sDomain.indexOf(".") == 0 || sUser.indexOf(".") == 0) { bRetVal = false; } if (sDomain.lastIndexOf(".") + 1 == sDomain.length) { bRetVal = false; } if (sUser.lastIndexOf(".") + 1 == sUser.length) { bRetVal = false; } //start[1.9]-adding extra email check if (Pattern.test(sUser) || Pattern.test(sDomain) || Patterndoubledot.test(sEmailID) || sEmailPattern.test(sEmailID)==false) { bRetVal = false; } //End[1.9] } return bRetVal; } function CheckPassword(sField) { return (!(IsFieldValueOverFlow(sField, UIV_MAXLENGTH_PASSWORD) || (IsNull(sField)))); } function IsAlpha(sVar) { var bRetVal = false; var Pattern = /[^\xC0-\xFFa-zA-Z'.-]{1,}/ sVar = Trim(sVar); if (!IsNull(sVar)) bRetVal = (!Pattern.test(RemoveWhiteSpaces(sVar))); return bRetVal; } function IsAlphaNumeric(sVar) { var bRetVal = false; var Pattern = /[^0-9a-zA-Z]{1,}/ if (!IsNull(sVar)) bRetVal = (!Pattern.test(Trim(sVar))); return bRetVal; } function FormatText(strText) { var strFirstLetterofName = ''; if(Trim(strText).length >= 1) { strText = Trim(strText); return strText; } else { return ''; } } function FormatTextPANOS(strText) { var strFirstLetterofName = ''; if(Trim(strText).length >= 1) { strTmpText = Trim(strText); var strFirstLetterofName = strTmpText.substring(0, 1).toUpperCase(); var strRestLettersofName = ''; if(strTmpText.length > 1) {var strRestLettersofName = strTmpText.substring(1).toLowerCase()}; return strFirstLetterofName + strRestLettersofName; } else { return ''; } } function RemoveWhiteSpaces(sFieldValue) { var PatternWhiteSpaces = /[ ]{1,}/ while (PatternWhiteSpaces.test(sFieldValue)) { sFieldValue = sFieldValue.replace(PatternWhiteSpaces,""); } return sFieldValue; } function IsFieldValueOverFlow(sFieldValue, intConstMaxLngth) { sFieldValue = Trim(sFieldValue); return (sFieldValue.length > intConstMaxLngth); } function Trim(ssValue) { var sValue = ssValue; while (sValue.charAt(0) == ' ') { sValue = sValue.substring(1, sValue.length); } while (sValue.charAt(sValue.length - 1) == ' ') { sValue = sValue.substring(0, sValue.length - 1); } return sValue; } function IsNull(sText) { sText = Trim(sText); return (!(sText.length)); } // Start [1.6] Desc: New function added to check all the hidden and text fields for the "<" ">". // This can be called on the body onload so that it will throughout the site. function validateInput() { for(var ctrForm=0;ctrForm',''); } } } } // End [1.6]