JQuery Validation Bug or User error?

Question

Site in question: http://tinyurl.com/23oar6z

You can look at the source for the javascript on the JQuery or the main part here:

// validate signup form on keyup and submit
var validator = $("#Register").validate({
    rules: {
        UserID: {
            required: true,
            minlength: 2,
            remote: {
                url: "form_check_user.php",
                type: "post",
            }
        },
        ....

So it POSTs to form_check_user.php UserID=ValueFromForm

Here is the form_check_user.php code:

<?
    if ($_POST['UserID']) {
            $User = strtolower($_POST['UserID']);
            $htpasswd_array = file("/etc/passwd");
            $pattern = "/^$User:/";

          foreach ($htpasswd_array as $key => $value) {
              if (preg_match($pattern, $value)) {
                  echo "false";
                  exit;
              }
          }
          echo "true";
          exit;
    }
    echo "false";
    exit;
?>

The function works as it should, I try to use a UserID as root or any valid linux user and it detects that its invalid...

The problem comes if you enter "root" in...It says it's invalid...and you still tab to the next form it then shows [object Object] is already in use

Edit: Should probably include this, as the message seems to be part of the problem:

    messages: {
        UserID: {
            required: "Enter a username",
            minlength: jQuery.format("Enter at least {0} characters"),
            remote: jQuery.format("{0} is already in use")
        },

Update: 8/20

I have confirmed this is a bug in the validation plugin after debugging. (Althought I get lost where the error occurs, I know it has nothing to do with my response.)

Answer 1

I'm not getting any error when I enter 'root' or any other username in the username field (on FF 3.6.8). I do get a warning saying The 'charCode' property of a keyup event should not be used. The value is meaningless, though to be fair, I get the same warning while I'm typing up this answer.

You could simplify your code somewhat and eliminate the foreach(). Since file() already reads the contents of the file into an array, you can simply use preg_grep() instead. If it any array rows matches the pattern, they'll be returned, so...

$htpasswd_array = file('/etc/passwd');

$matches = preg_grep("/^{$User}:/", $htpasswd_array);

if (count($matches) == 0) {
   echo "false"; // no matches
} else if (count($matches) == 1) {
   echo "true"; // username in use
} else {
   echo "file_not_found"; // in true TDWTF fashion, in case there's multiple accounts
}

comment followup-followup:

Ok, I got the error now too. And yeah, your edit makes sense. I'm guessing jquery and/or the validator plugin's using the decoded JSON response to fill in that message, which would be a standard Object. Since you're not returning the username in question as part of the response, it's of no use outputting the Object itself, since it'd just contain true or false. Must be some way to reference the contents of the input field and output that instead, since it contains the bad username.

Answer 2

I think I found the bug;

Validation has: message = message.call(this, rule.parameters, element);

This should be:

message = message.call(this, message.parameters, element);

after that fix, everything seems to be OK. I am new to JQuery and debugging javascript, so it may need to be tested more throughly but I think that was the problem.

I have emailed the developer of the plugin this fix (I noticed multiple issues with his bug in his tracker and on the JQuery forums)