Net 10Unlike just about all of his friends, family, and coworkers, Jack doesn’t have a fancy cell phone. No streaming video, no Bluetooth, and certainly no “apps”. Heck, it doesn’t even have a camera. It’s just a plain old phone with plain old service that can only dial and receive plain old calls. And it’s exactly the type of phone that Jack wants.

Because Jack hardly ever uses his cell phone, the whole monthly bill with annual commitments didn’t make a whole lot of sense, so he went the prepaid route with a company called Net10. Like all wireless providers, Net10 provides online account maintenance and – going along with the “plain old” model – their web app is barebones and a bit clunky at times.

Of course, since Jack only needed to refill his phone minutes a few times a year, it didn’t bother him. But when his old phone broke and he had to transfer the minutes to a new phone, he got a little tired of the “invalid phone number” error continually popping up. So he decided to take a look under the hood and see what sort of JavaScript powered their forms.

Quite a few pages (including the sign in page) had a rather unique implementation of regular expressions. Instead of using a “plain old” regex, the developers decided to use ten to verify the password.

function verifyPASSWORD(strPassword){

  if(strPassword=="") return false;

  if (strPassword.length < 6 || strPassword.length > 15)
  {
    return false;
  }
  else
  {
    if(strPassword.length==6)
    {
      var re = /\w{6,}/;
    }
    else if(strPassword.length==7)
    {
      var re = /\w{7,}/;
    }
    else if(strPassword.length==8)
    {
      var re = /\w{8,}/;
    }
    else if(strPassword.length==9)
    {
      var re = /\w{9,}/;
    }
    else if(strPassword.length==10)
    {
      var re = /\w{10,}/;
    }
    else if(strPassword.length==11)
    {
      var re = /\w{11,}/;
    }
    else if(strPassword.length==12)
    {
      var re = /\w{12,}/;
    }
    else if(strPassword.length==13)
    {
      var re = /\w{13,}/;
    }
    else if(strPassword.length==14)
    {
      var re = /\w{14,}/;
    }
    else
    {
      var re = /\w{15,}/;
    }

    if (!re.test(strPassword))
    {
      return false;
    }

    return true;
  }
}

 

However, when Jack dug in to DataValidate.js, it was apparent that regexs simply weren't up to the task of email validation. So the developers cooked up this.

function verifyEmail(strEmail){

  var strTkn1,strTkn2;
  var nTokenCount = 0;
  var i = 0;
  var nIndex,nLastIndex;

  nIndex = strEmail.indexOf("@");
  nLastIndex = strEmail.lastIndexOf("@");

  if (strEmail.indexOf(" ") != -1){
    return false; //contains whitespace
  }

  //compare the first and last index whether
  //they are in the same position
  if(nIndex== nLastIndex){

    //Tokenise by @ symbol
    strTkn1 = strEmail.split('@');

    //get a count of the first set of Tokens
    nTokenCount = strTkn1.length;

    if((strTkn1[0]=="")||(strTkn1[1]==""))
      return false;

    //looping through the first set of tokens
    for(i=0;i<nTokenCount;i+=1){

      //allow first set of email string to have dots
      //but,second set of email string must contains 
      //at least one dot
      //alert(strTkn1[i] +" : " + strTkn1[i].substr(
      //      strTkn1[i].length-1,strTkn1[i].length) + i);
      if((i!=0) && 
         (strTkn1[i].substring(       //check if the email string
             strTkn1[i].length-1,     //doesn't end with "."
             strTkn1[i].length)!=".")) 
        //Search for the position of "."                                       
        nIndex = strTkn1[i].indexOf("."); 
      else
        nIndex = -1; //ignore if the string is the first subset

      if (nIndex != -1){//if found, count the token

        //Tokenise the sub string again by "."
        strTkn2 = strTkn1[i].split('.');

        nTokenCount +=  strTkn2.length;
        if (nTokenCount >= 4){ // e.g. [email protected]: 4 <==> 
                               // ('mytest','com'= 2) 
                               //  + ('test','mytest.com'=2)
          return true;
        }
      }
    }

    }else{
      return false;
    }//field has more than one '@'

    return false;

}

 

Not surprisingly, scouring through the code didn’t help him transfer his phone. Fortunately, customer service was able to get him squared away. And it still beat having a fancy phone.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!