CS-090.3 Assignment 6

Using JavaScript to validate the user’s email address is a usability enhancement for the user: if the email address is wrong, they get immediate feedback with the error field highlighted and the keyboard focus placed in the correct field automatically. But it does not guarantee that the action script (loginOrRegister.xhtml) will actually receive a valid email address from the user: a malicious user could easily send a forged request as part of a cross-site scripting (XSS) attack on your site.

You have to validate all form data on the server side, whether it is validated on the client side or not, and that is what you are to do for the email address for this assignment.

For testing purposes, you need to be able to submit both valid and invalid email addresses to the server. Rather than just turn off JavaScript validation as I suggesed in class on April 10, you are to add a checkbox to the form to control whether the email address is to be validated (by JavaScript) or not. Have your submit listener check the value of this checkbox (which should have an initial value of checked) and have it allow the form to submit if this checkbox is unchecked OR the email address passes your regular expression test. (That is, it calls preventDefault() only if the checkbox is checked AND the email address is not valid.)

Once you have the JavaScript side of the project working, augment the code on the server side so that instead of simply displaying what the user typed, the code uses a PHP preg regular expression to see whether the email is valid or not. The web page must then display one of two messages telling whether the user supplied a valid QC email address or not. Whichever message it displays, the message should include the email string that was submitted.

Note that there is a trim() function available for you to use to get rid of whitespace on the ends of a string, which will make your regular expression a bit simpler.

Remember, the way to approach this assignment is to use the PHP manual available at www.php.net/manual/en/ to look up the aspects of the PHP language and Perl-compatible regular expressions that you need to use.

When you have tested your web pages, send me an email message to me saying your assignment is ready; I will get a copy from your account on the server and check it out. Send your email to:

Be sure the Subject Line of your email says CS-90.3 Assignment 6, just like that, to be sure your message does not get trapped by my spam filters.

Be sure to sign your email so I can tell who sent it!