I am currently working on a html form. How do I set the minimum length of the password to 8 so that it will reject any password the user inputs that are less than 8. How to do this?
Here is the code:
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td><input type="text" name="email" placeholder="Your Email" required /></td>
</tr>
<tr>
<td><input type="password" name="pass" placeholder="Your Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="btn-login">Sign In</button></td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
</div>
If you are using HTML5 you can use the pattern and required attributes for the input tag:
<input type="password" pattern=".{8,}" required title="8 characters minimum">
<input type="password" pattern=".{8,12}" required title="8 to 12 characters">
Also there is a minlength attribute for input tags but it does not work in some browsers:
<input type="password" minlength="8" required>
You can use the pattern attribute:
<input pattern=".{8,}" type="password" name="pass" placeholder="Your Password" required />
Change your button to :
<button name="btn-login">Sign In</button>
And add this code JavaScript (using jquery) :
$('button[name="btn-login"]').click(function() {
if($('input[name="pass"]').val().length < 8) {
alert('Minimum length = 8');
} else {
$('form').submit();
}
});
Dont forget to add this condition into your PHP code.
You could use minlength and maxlength
As usual, you can use the minlength and maxlength attributes to
establish minimum and maximum acceptable lengths for the password.
This example expands on the previous one by specifying that the user's
PIN must be at least four and no more than eight digits. The size
attribute is used to ensure that the password entry control is eight
characters wide.
Source
But it works on Chrome only at the moment.
Or, as someone already mentioned, you could use pattern.
If your application has character set restrictions or any other
requirement for the actual content of the entered password, you can
use the pattern attribute to establish a regular expression to be used
to automatically ensure that your passwords meet those requirements.
Source
Unfortunately, the minimum length attribute is not supported by the all browsers. Please check this out
Because of this, an alternate method has to used.
I've chosen the using of regex like the below;
<input type="password" name="pass" title="Password must be 8 characters including 1 uppercase letter, 1 lowercase letter and numeric characters" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" >
<input type="Password" name="pd" placeholder="Password" pattern=".{8,16}" title="8 or more Character" size=30 pattern="[!##$%^&*][a-z][A-Z][0-9]" required>
This code worked for me. Try this
Related
i managed to build this form using many sources over internet , and it actually works. But do not know if it is good against any breaks.
<form action="/some/server/some.cgi" method="POST">
<fieldset>
<legend>contact me:</legend>
<input type="hidden" name="recipient"
value="some#some.com">
<input type="hidden" name="subject"
value="message ">
<br>
<br>
<table>
<tr>
<td>
<input type="text" name="name"
placeholder="Your Name please" size="30"
maxlength="30" title="Your name (no numbers)"
pattern="[a-zA-Z]{2,30}" required>
</td>
</tr>
<tr>
<td>
<input type="email" value="email"
name="email" placeholder="Provide valid email please"
pattern="[a-z0-9._%+-]+#[a-z0-9.-]+\.[a-z]{2,3}$"
title="Your VALID email address" size="30"
maxlength="50" required>
</td>
</tr>
<tr>
<td>
<input type="text" name="message"
placeholder="Message" size="30" maxlength="200"
title="Long text is not allowed"
pattern="[a-zA-Z0-9\s]{5,200}" required>
</td>
</tr>
<tr>
<td>
<input type="submit" value="Send"
name="Submit">
</td>
</tr>
</table>
</fieldset>
</form>
i am new to regEx and would like to know any issues that can happen with this form. thanks
There is no One particular answer whether or not the form is secure. It always depends on the attacker's way of thinking .There many creative ways hackers can think of to bypass a particular form.
The main place to work on is Server-Side for security Not the
Client-Side because Client-Side HTML andJavaScript can be manipulated
any how.
Anyways,
You can refer to these links :
code.tutsplus.com/tutorials/secure-your-forms-with-orm-keys--net-4753"
www.youtube.com/watch?v=ATBdUB-aXko"
www.formstack.com/features/security
In the name field you cannot provide space because your regular expression won't allow it.. If you want to allow space please change the below pattern
[a-z A-Z]{2,30}
The regex will reject valid email addresses. Client side data validation provides no protection against someone trying to subvert your application. The "pattern" attribute is (from memory) a fairly recent addition and ignored by Safarai and older browsers.
What are your criteria for "secure".
I want to create a form, where user can enter Email and 4 digit PIN. For PIN input I would like to use <input type="number"> instead of regex, but I don't know how to hide entered digits.
Use the type password and HTML maxlength property:
<input type="password" name="pin" maxlength="4">
http://jsfiddle.net/skxr9o47/
This would require some JavaScript validation to ensure a number was entered.
An alternative way would be to use HTML 5 and take advantage of the number type (As you already have done) or the pattern attribute and validate it inside your form.
<form>
<input type="text" name="pin" pattern="[0-9]{4}" maxlength="4">
<input type="submit" value="Validate">
</form>
http://jsfiddle.net/L6n9b5nr/
However, you would have to use JavaScript or jQuery to use mask the user's input.
Use inputmode numeric and password input
For Android and iOS you can also add inputmode="numeric" to an input type="password". The user will get a keyboard with only numbers (the same keyboard as used for the input type="tel").
Example:
<input name="pincode" type="password" inputmode="numeric" maxlength="4">
Use a style and text input
Another option that doesn't work in every browser, is to hide the digits via the style in an input type="text". Example:
<style>
.pincode {
text-security: disc;
-webkit-text-security: disc;
-moz-text-security: disc;
}
</style>
<input name="pincode" type="text" class="pincode" inputmode="numeric" maxlength="4">
I feel like no one actually fully answered the question, I've combined this code from multiple posts regarding this questions and this is what I use. 4 digit max, hidden input, only numbers and number pad is showing on both android and ios.
<input
type="number"
id="password"
name="password"
pattern="[0-9]{4}"
maxlength="4"
style="-webkit-text-security: disc;"
oninput="javascript: if (this.value.length > this.maxLength) this.value = this.value.slice(0, this.maxLength);"
/>
Note that -webkit-text-security is not supported in Firefox or IE.
if you use the input field with password type, the digit should be shown as bullet points instead of the actual number.
<form action="">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="password">
</form>
I have the following HTML for making sure password length is over 8 characters:
<label>Password <small>required</small>
<input type="password" name="password" id="password" required pattern=".{8,}">
</label>
<small class="error">Your password must be at least 8 characters long.</small>
This works. However, if in a different field I use the pattern [a-zA-Z]+, like this:
<label>Username <small>required</small>
<input type="text" name="username" required pattern="[a-zA-Z0-9]+">
</label>
<small class="error">Username must consist out of letters or numbers only.</small>
It will allow everything. If I change the pattern in the username field to .{8,}, it will only allow inputs that are over 8 characters in length, as expected. Why does the pattern for the username field not work?
The documentation states that this is the correct way to do it:
<label>Your name <small>required</small>
<input type="text" required pattern="[a-zA-Z]+">
</label>
<small class="error">Name is required and must be a string.</small>
The fix is to wrap the pattern in line begin and end characters, like such:
<input type="text" name="username" required pattern="^[a-zA-Z0-9]+$">
Maybe this is a bug in Foundation that needs to be reported on their Github?
Our form software outputs all elements with 'type="text"', but I'd rather take advantage of the new types in HTML5, such as 'email', 'number', etc.
I can add these in at the end but I end up with multiple type attributes, eg:
<input type="text" name="email" type="email">
If there is more than one 'type' attribute present for an element, which is used - the first or last? And is it valid to have more than one? I'd guess not but trying to get round this situation...
No you cannot, that will be an invalid HTML, you can safely use type="email" instead of type="text", because if browser is not HTML5 capable, it will treat any unknown type attribute value as text
And if you state something like this
<input type="text" type="email" />
Browser won't respect type="email"
Test Case
<!DOCTYPE html>
<form>
<input type="text" type="email" />
<input type="submit" value="test" />
</form>
Remove type="text" attribute and browser will respect type="email"
As Most, I am familiar with the readonly attribute for text input, But while reading code from other websites (a nasty habit of mine ) I saw more than one implementation for this attribute:
<input type="text" value="myvalue" class="class anotherclass" readonly >
and
<input type="text" value="myvalue" class="class anotherclass" readonly="readonly" >
and I have even seen
<input type="text" value="myvalue" class="class anotherclass" readonly="true" >
.. And I believe I saw even more, but can not recall the exact syntax now..
So, which one is the correct one that I should use?
HTML5 spec:
http://www.w3.org/TR/html5/forms.html#attr-input-readonly :
The readonly attribute is a boolean attribute
http://www.w3.org/TR/html5/infrastructure.html#boolean-attributes :
The presence of a boolean attribute on an element represents the true value, and the absence of the attribute represents the false value.
If the attribute is present, its value must either be the empty string or a value that is an ASCII case-insensitive match for the attribute's canonical name, with no leading or trailing whitespace.
Conclusion:
The following are valid, equivalent and true:
<input type="text" readonly />
<input type="text" readonly="" />
<input type="text" readonly="readonly" />
<input type="text" readonly="ReAdOnLy" />
The following are invalid:
<input type="text" readonly="0" />
<input type="text" readonly="1" />
<input type="text" readonly="false" />
<input type="text" readonly="true" />
The absence of the attribute is the only valid syntax for false:
<input type="text"/>
Recommendation
If you care about writing valid XHTML, use readonly="readonly", since <input readonly> is invalid and other alternatives are less readable. Else, just use <input readonly> as it is shorter.
From w3:
readonly = "readonly" or "" (empty string) or empty -
Specifies that element represents a control whose value is not meant to be edited.
So basically it's the same.
is should be
<input type="text" value="myvalue" class="class anotherclass" readonly="readonly" />
The best practice is to use simply readonly. That makes it the most semantic and succinct.
Believe it or not,
readonly="false"
returns true;
To detect in JavaScript if an element is read-only, use this syntax:
element.readOnly