//The following script is for form validation.  
//Use: Place tags in the html <form> tag to be checked by this script when the form is submitted.  
//this.elementname.optional=true; 		--this form element may be blank.
//this.elementname.min=10;				--this form element must be a number for at least 10.
//this.elementname.max=10;				--this form element must be a number of no more than 10.
//this.elementname.character=3;			--this form element must be at least 3 characters long.
//this.element.chkemail=true;			--check this form element for a valid e-mail address format

//example:
//<form onSubmit="this.elementname.optional=true; this.elementname.min=0; this.elementname.max=999; //this.elementname.character=3; this.elementname.chkemail=true; return verify(this);" method="post" name="frm" action="proc_form.asp"> 
//The above example allows the form element called 'elementname' to be blank, but if it is filled in
//it must be a number that is a minimum of 0, a maximum of 999 and at least 3 characters long.
//The "onSubmit" call must be first in the form tag.

//IMPORTANT NOTE ******************************************************************************
//***Add the following function to the page with the form to prevent an error.  This function call
//appears at the end of the form validation function "verify(f)" and must be included on the page in 
//the header section to avoid an error.
// funtion other() {
// 	 var errors = "";
// 	 return errors;
// }

//************************************************************************************************
//A utility function that returns true if a string contains only 
//whitespace characters.
function isblank(s) {
	for(var i = 0; i < s.length; i++) {
		var c = s.charAt(i);
		if ((c != ' ') && (c != '\n') && (c != '\t')) return false;
	}
	return true;
}

//This is the function that performs form verification. It will be involked 
//from the onSubmit() event handler.
function verify(f) {
	var msg;
	var empty_fields = "";
	var errors = "";

	//// satadru for appscan
	//if(bBuypass == true)
		//return true;
	//// end

	//Loop through the elements of the form, looking for all text and textarea elements
	//that don't have an "optional" property defined.  Then, check for fields that are empty 
	//and make a list of them. 
	for(var i = 0; i < f.length; i++) {
		var e = f.elements[i];
		//Partha for AppScan Phase4 - added type password
		if ( ((e.type == "password") && (e.optional == undefined)) || ( ((e.type == "text") || (e.type == "textarea") || (e.type == "password")) && !e.optional) ) {
			//first check if the field is empty
			//Partha for AppScan Phase4 - added type undefined
			if ( (e.value == undefined) || (e.value == null) || (e.value == "") || isblank(e.value) ) {
				empty_fields += "\n" + e.name;
				continue;
			}
		}
			
		//If any of these elements have a "min" or "max" property
		//defined, then verify that they are numbers and that they are in the right range.
		//Put together error messages for fields that are wrong.
		if ((e.value != "") && (e.numeric || (e.min != null) || (e.max != null))) { 
			var v = parseFloat(e.value);
			if (isNaN(v) || ((e.min != null) && (v < e.min)) || ((e.max != null) && (v > e.max))) {
				errors += "- The field " + e.name + " must be a number";
				if (e.min != null)
					errors += " that is greater than " + e.min;
				if (e.max != null && e.min != null) 
					errors += " and less than " + e.max;
				else if (e.max != null) 
					errors += " that is less than " + e.max;
				errors += ".\n";
			}
		}
		//If any of these elements have a "character" property defined, then verify that they
		//have the correct number of characters.  Put together error messages for fields
		//that are wrong.
		if ((e.value != "") && (e.character != null)) {
			var l = parseFloat(e.value.length);
			if ((e.character != null) && (l < e.character)) {
				errors += "- The field " + e.name + " must be at least " + e.character + " characters.\n";
			}
		}
		//If any of these elements have a "maxlen" property defined, then verify that they
		//have less than the correct number of characters.
		if ((e.value != "") && (e.maxlen != null)) {
			var l = parseFloat(e.value.length);
			if ((e.maxlen != null) && (l > e.maxlen)) {
				errors += "- The field " + e.name + " cannot be greater than " + e.maxlen + " characters.\n";
			}
		}
		//Check that the drop-down boxes all have a choice selected (other than the first choice)
		if ((e.type == "select-one") && !e.optional) {
			if (e.selectedIndex == 0) {
				empty_fields += "\n" + e.name;
			}
		}
		if (e.chkemail) {
			errors += String(validateEmail(e.value));
		}
	}
	//IMPORTANT NOTE ***********************************************************************
	//This function call is to allow you to add customized form checking to a specific page.  
	//Whether or not this function is used, "function other()" must be added to the page
	//with the form to prevent an error.
	errors += String(other());
	
	//If there were any errors, display the messages and return false to prevent
	//the form from being submitted.
	//Otherwise return true.
	if (!empty_fields && !errors) return true;
	msg  = "_____________________________________________________________\n\n";
	msg += "The form was not submitted because of the following error(s).\n";
	msg += "Please correct these error(s) and re-submit.\n";
	msg += "_____________________________________________________________\n\n";
	
	if (empty_fields) {
		msg += "- The following required field(s) are empty:" + empty_fields + "\n";
		if (errors) 
			msg += "\n";
	}
	msg += errors;
	alert(msg);
	return false;
}

function validateEmail(emailAdd) {
	var emailStr = emailAdd;
	var errors = "";
	//alert(emailStr);
		/* Tells the function whether or not to verify that the address ends in a two-letter country or well-known
	TLD.  1 means check it, 0 means don't. */
	var checkTLD=1;
	
	// List of known TLDs
	var knownDomsPat=/^(com|net|org|edu|int|mil|gov|arpa|biz|aero|name|coop|info|pro|museum|COM|NET|ORG|EDU|INT|MIL|GOV|ARPA|BIZ|AERO|NAME|COOP|INFO|PRO|MUSEUM)$/;
	
	/* Check if the address fits the user@domain format & separate the username
	from the domain. */
	var emailPat=/^(.+)@(.+)$/;
	
	// Don't allow these special characters in the address: ( ) < > @ , ; : \ " . [ ]
	//var specialChars="\\(\\)><@,;:\\\\\\\"\\.\\[\\]";
	var specialChars="\\(\\)><@,;:\\\\\\\"\\[\\]";
	
	//Range of characters not allowed in a username or domainname.
	var validChars="\[^\\s" + specialChars + "\]";
	
	//If the "user" is a quoted string allow all character.  E.g. "jiminy cricket"@disney.com
	var quotedUser="(\"[^\"]*\")";
	
	//Applies to domains that are IP addresses rather than symbolic names.
	var ipDomainPat=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/;
	
	//Represents an atom (a series of non-special characters.)
	var atom=validChars + '+';
	
	//One word in the typical username.
	var word="(" + atom + "|" + quotedUser + ")";
	
	// Describes the structure of the user
	var userPat=new RegExp("^" + word + "(\\." + word + ")*$");
	
	//Describes the structure of a normal symbolic domain
	var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$");
	
	//Break up user@domain into different pieces that are easy to analyze.
	var matchArray=emailStr.match(emailPat);
	if (emailStr=="") {
		return errors;
	}
	if (matchArray==null) {
		//Address doesn't even fit the general mould of a valid e-mail address.
		errors += "- There is a problem with your e-mail address:\n   E-mail address seems incorrect (check @ and .'s)\n";
		return errors;
	}
	var user=matchArray[1];
	var domain=matchArray[2];
	// Checking that only basic ASCII characters are in the strings (33-126) (1-32 and 127 are nonvisible).
	for (i=0; i<user.length; i++) {
		if (33<user.charCodeAt(i)>126) {
			errors += "- There is a problem with your e-mail address:\n   The user name contains invalid characters.\n";
			return errors;
	   }
	}
	for (i=0; i<domain.length; i++) {
		if (33<domain.charCodeAt(i)>126) {
			errors += "- There is a problem with your e-mail address:\n   The domain name contains invalid characters.\n";
			return errors;
	   }
	}
	
	// See if "user" is valid 
	if (user.match(userPat)==null) {
		// user is not valid
		errors += "- There is a problem with your e-mail address:\n   The user name doesn't seem to be valid.\n";
		return errors;
	}
	
	//if the address is an IP address it is valid.
	var IPArray=domain.match(ipDomainPat);
	if (IPArray!=null) {
		// this is an IP address
		for (var i=1;i<=4;i++) {
			if (IPArray[i]>255) {
				errors += "- There is a problem with your e-mail address:\n   Destination IP address is invalid!\n";
				return errors;
	  		}
		}
		//return true;
	}
	
	// Domain is symbolic name.  Check if it's valid.
	var atomPat=new RegExp("^" + atom + "$");
	var domArr=domain.split(".");
	var len=domArr.length;
	for (i=0;i<len;i++) {
		if (domArr[i].search(atomPat)==-1) {
			errors += "- There is a problem with your e-mail address:\n   The domain name does not seem to be valid.\n";
			return errors;
	   }
	}
	
	/*Make sure that it ends in a known top-level domain (like com, edu, gov) or a two-letter word,
	representing country (uk, nl), and that there's a hostname preceding 
	the domain or country. */
	if (checkTLD && domArr[domArr.length-1].length!=2 && domArr[domArr.length-1].search(knownDomsPat)==-1) {
		errors += "- There is a problem with your e-mail address:\n   The address must end in a well-known domain or two letter " + "country.\n";
		return errors;
	}
	
	// Make sure there's a host name preceding the domain.
	if (len<2) {
		errors += "- There is a problem with your e-mail address:\n   This address is missing a hostname!\n";
		return errors;
	}
	return errors;
}