0

i am working on a project, it need email validation when user enter his email address check for availiblity. i wrote the php code in javascript it works fine but my problem is when some one see my page source it is displaying all user email address in javascript code. i want hide this one.

i wrote javascript code in seperate file but validation is not working.

if any one give idea, how hide javascript code in php, guide me please.

thanks

Improve this question

3 Answers 3

Reset to default
7

You should check the availability of addresses through ajax. For example, see this tutorial on username availability checking explains how to do it for usernames; it should not be too difficult to change it for email addresses. What happens in this case is that:

  1. A user tries a certain address
  2. The browser asks the server "Is this available?"
  3. The server answers "Yes" or "No"

This way, the browser never knows the full list of addresses, so no one can harvest them.

By the way, don't rely solely on your JavaScript validation, but be sure to do an availability check in your final PHP registration code too! Malicious users will turn off their JavaScript and reregister over an existing username! The only way to prevent this is on the server (since only you control the server).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i tried ajax, it will display images as per your link. but i want alert message, it will not display the alert messages.
You're almost there then - if you've got images, it takes only a few seconds to change that into alerts. That's something entirely different from ajax - that's DOM manipulation. First get the system working with images, then rewrite it for alerts (that's my advice). By the way, what kind of 'alert' do you want?
Yeah, that's very well doable using that tutorial. Wait a few minutes, I'm trying to build an example using jsfiddle.
Well, here you go. Check jsfiddle.net/zr9Av to see an example of Ajax and an alert. But do consider that alerts are very obtrusive and many web developers like more 'subtle' approaches. Also, be sure to do an availability check in your final PHP registration code too! Malicious users will turn off their JavaScript and reregister over an existing username! The only way to prevent this is on the server (since only you control the server).
6

Any JavaScript can be read by anyone. It's a client side language.

This check will have to be done on the server; you can do it either during form submission, or use AJAX (maybe when the e-mail field looses focus (blur).)

Improve this answer

1 Comment

i tried ajax, it will display images as per your link. but i want alert message, it will not display the alert messages
-1

I know this is very old post but with php or asp you can do this. but it will still be available to advanced geeks. basically you need 3 files 1. functions.js file

function testfunc(){
alert("test to see if it works...");
}

2. null_functions.php

<?php

$datetime=base64_encode(date("YmdHis") * 1.35489);
$cache = getparam("cache");

if ($datetime == $cache) {
$js = file_get_contents("functions.js");
echo $js;
}



//****************************************************************************************************
//                                              functions                                              
//**************************************************************************************************** 


function getparam($name)
{
if (is_string($name))
    {
    if ((bool)get_magic_quotes_gpc())
        {
        set_magic_quotes_runtime(0);
        $param = isset($_POST[$name]) ? stripslashes($_POST[$name]) : false;
        $param = isset($_GET[$name]) ? stripslashes($_GET[$name]) : $param;
        }
      else
        {
        $param = isset($_POST[$name]) ? $_POST[$name] : false;
        $param = isset($_GET[$name]) ? $_GET[$name] : $param;
        }

    return $param;
    }
  else
    {
    return $name;
    }
}
?>

3. index.php

<!DOCTYPE html>
<html>
<head>
<?php
$cache = base64_encode(date("YmdHis") * 1.35489); // multiply by some random number this must be same as on null_functions.php page
?>
<script src="<?php echo "null_functions.php?cache=$cache";?>">
</script>
</head>
<body onload="javascript:testfunc()">
</body>
</html>
Improve this answer

3 Comments

The OP was asking how to hide the email test that is done in js from the user, you question does not answer this. And it would fail for slow connections. In current php versions get_magic_quotes_gpc should not be required, because magic quotes are deprecated and removed with php 7.
Thank you for your update on php7, getparam function is really not required for this solution, one can simply just use $_GET['cache'], this is all just an idea how sent parameter is only active for 1 second and javascript is loaded in browser cache, until next refresh.
I did understand your code, but it still does not answer the question of the OP. You cannot protect code that is executed on the client side from being read. And the 1 second window will at worst be harmful, but it wont introduce any protection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.