Skip to content

Instantly share code, notes, and snippets.

@cespare

cespare/wtf.js

Created April 18, 2016 01:07
Show Gist options
  • Save cespare/86019a2942f646d3f611ff020ec1717f to your computer and use it in GitHub Desktop.
Save cespare/86019a2942f646d3f611ff020ec1717f to your computer and use it in GitHub Desktop.
Download ZIP
vanguard's crappy broken password validation javascript
Raw
wtf.js
function PasswordOnLoad()
{
}
//------------------ EscapeClick --------------///
function EscapeClick()
{
if (document.all)
{
event.returnValue = false;
event.cancelBubble = true;
}
// document.getElementById("TablePassStrengthID").style.backgroundColor = "Gray";
// document.getElementById("TDPasswordStrength").innerText = "Not Rated";
}
//------------------ DeletePassContent --------------///
function DeletePassContent()
{
document.getElementById("New_Pwd1").value = "";
document.getElementById("New_Pwd2").value = "";
}
function PasswordValidate()
{
var newPass1 = document.getElementById("New_Pwd1").value;
var newPass2 = document.getElementById("New_Pwd2").value;
var countOfTypes = CountOfTypes();
var bolCheck = true;
if (document.getElementById("WebUserID").length == 0) // if registration page
{
document.getElementById("WebUserID").value = document.getElementById("frmCreateWebUserID.WebUserID").value;
}
//Check OldPassword is complete
if (document.getElementById("Old_Pwd") != null)
{
var oldPass = document.getElementById("Old_Pwd").value;
if ( oldPass.length == 0 )
{
bolCheck = false;
alert("Please enter your old password.");
document.getElementById("Old_Pwd").focus();
EscapeClick();
return false;
}
}
//Check New Password is complete
if (newPass1.length < 8)
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
if (newPass1.length == 0)
gMessageBox += "Enter your new password.\n";
else
gMessageBox += "Passwords need to be a minimum of 8 characters in length.\n";
DeletePassContent();
}
else
//Check New Password Format
if (IsTruePassword())
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
gMessageBox += "\n Passwords need to contain three of the following four\ncharacter types:\n1. Upper Case Alpha\n2. Lower Case Alpha\n3. Numeric\n4. Special Character such as !, @, $, % (See list on web page.) \n\n";
DeletePassContent();
}
else
if ((countOfTypes < 3))
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
gMessageBox += "\n Passwords need to contain three of the following four\ncharacter types:\n1. Upper Case Alpha\n2. Lower Case Alpha\n3. Numeric\n4. Special Character such as !, @, $, % (See list on web page.) \n\n";
DeletePassContent();
}
else
//Check Spaces In New Password
if (IsContainSpace())
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
gMessageBox += "Password cannot contain any spaces.\n";
DeletePassContent();
}
else
//Check New Password: Any sequence of four characters contained in the WebUserID cannot be a part of the passowrd
if (IsSubString("WebUserID"))
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
gMessageBox += "Passwords cannot be similar to or the same as your Web User ID.\n";
DeletePassContent();
}
else
//Check New Password: Any sequence of First and/or Last Name canonot be a part of the password
if (IsSubString("FirstName") || IsSubString("LastName") )
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd1").focus();
gMessageBox += "Passwords cannot contain your first and/or last name.\n";
DeletePassContent();
}
else
//Check New Password Confirm is complete
if (newPass2.length == 0)
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd2").focus();
gMessageBox += "Confirm your Password.\n";
}
else
//New Password must match Confirm New Password
if (newPass1 != newPass2)
{
bolCheck = false;
if (gMessageBox.length == 0)
document.getElementById("New_Pwd2").focus();
gMessageBox += "Enter your new password again.\n";
document.getElementById("New_Pwd2").value = "";
}
}
function IsTruePassword()
{
var strRegExp = RegExp("[\<]|[\>]|[\"]|[\']|[\|]|[\\]|[\/]");
var strPassValue = document.getElementById("New_Pwd1").value;
return strRegExp.test(strPassValue);
}
function IsContainSpace()
{
var strRegExpSpace = RegExp("[ ]");
var strPassValue = document.getElementById("New_Pwd1").value;
return strRegExpSpace.test(strPassValue);
}
function IsSubString(HiddenID)
{
var strTextValue = document.getElementById(HiddenID).value.toLowerCase();
var strPassValue = document.getElementById("New_Pwd1").value.toLowerCase();
if (HiddenID != "WebUserID")
{
if (strTextValue != "")
{
var intPosition = strPassValue.indexOf(strTextValue);
return (intPosition != -1);
}
}
else
{
var intWebUserIDLength = document.getElementById(HiddenID).value.length;
var intSeqLength = 4;
for (var i = 0; i < intWebUserIDLength - intSeqLength + 1; i++)
{
var strSubString = strTextValue.substr(i, intSeqLength);
var intPosition = strPassValue.indexOf(strSubString);
if (intPosition != -1)
return true;
}
}
return false;
}
//--------------------------------- CountOfTypes -----------------------------------------//
function CountOfTypes()
{
var strRegExpForUpperCase = RegExp("[a-z]");
var strRegExpForLowerCase = RegExp("[A-Z]");
var strRegExpForNumeric = RegExp("[0-9]");
var strRegExpForSymbols = RegExp("[\~]|[\!]|[\@,]|[\$]|[\%]|[\\^]|[\&]|[\*]|[\(]|[\)]|[\-]|[\_]|[\=]|[\+]|[\]]|[\}]|[\[]|[\{]|[\;]|[\:]|[\?]|[\.]|[\,]");
var intCount = 0;
var strPassValue = document.getElementById("New_Pwd1").value;
if ( strRegExpForUpperCase.test(strPassValue) )
intCount++;
if ( strRegExpForLowerCase.test(strPassValue) )
intCount++;
if ( strRegExpForNumeric.test(strPassValue) )
intCount++;
if ( strRegExpForSymbols.test(strPassValue) )
intCount++;
return intCount;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment