Server side validation on web

HCL Domino Domino Forum
1

I’m after the definitive approach for doing server side validation of new unsaved documents on the web.

Perhaps best to give the scenario first. Have a public “User Registration” form where anonymous users enter their details, including a username and password they invent.

The validation has to check that the database doesn’t contain a duplicate of their username.

A client side validation routine is not suitable, as there is no javascript equivalent for @DbLookup (not for both Netscape and IE that is) and having a computed field/computed text to retrieve all existing names on open is not suitable (there is more than 64KB of returned data; security concerns over showing all usernames in page source).

One option considered was to set SaveOptions and handle validation in WebQuerySave. The problem with this is that the form disappears on submit (regardless of whether it fails or passes validation) so you need some means of redisplaying the (unsaved) form contents so that the user may make the necessary corrections.

As I said, the form contains passwords, so use of the query string to achieve this is out.

Despite trawling this forum, I can’t find a definitive rock-solid method of doing this sort of thing. I’m after the simplest and most robust solution.

2

Subject: Server side validation on web

hi !!

u need to execute a agent written in lotusscript… and call it in any buttonclick…through

@command([ToolsRunMacro];”“)”

for running this agent u need to set permissions for the person who signs the agents…in the names.nsf database of the domino directory…

cheers…

–kaushik das

3

Subject: Server side validation on web - found a way

Validation is done “server side” via simple formulas in the WebQuerySave event. You check any fields using whatever formulas are needed. The formula sets a SaveOptions field to “1” where validation is passed, or “0” otherwise. A numeric field “hasError” is set to 1 where errors were found, or 0 otherwise. The formula also builds a text field called for example “errors” that contains a description of any errors found (your formula should build up this field for all errors).

WebQuerySave is triggered by a button with the formula: @Command([FileSave]); @If(hasError; “”; @Command([CloseWindow]))

Where no errors are found, the above formula saves and closes the document, and only then triggers the formula in the $$Return field.

Where errors are found, the form with all of its entered values still present is displayed back to the user. It also contains the updated field values for “hasError” and “errors”, so these may be intercepted OnLoad by javascript, or displayed on the form as computed text.

The beauty of it is that you can use @Formulas with @Dblookups at the time of validation. There are also ways to bypass client-side javascript validation, that can’t bypass this.

4

Subject: Server side validation on web

what you can do is call an agent using XMLHTTP

Send only the user name in XMLData as “UserName=newusername”

var xmlhttp = new ActiveXObject"Microsoft.XMLHTTP");

xmlhttp.Open("POST", "http://yourserver/db/agent?OpenAgent", false);

xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

xmlhttp.send(XMLData);

var responseXML	= xmlhttp.responseXML;

alert(xmlhttp.responseXML.xml);

recieve the data in agent using request_content property

doc.Request_Content(0)

do the processing in the agent and than return XML data in it

XMLStr = “Y/N”

using

Print “Content-type: text/xml” ’ you must write this

Print XMLStr

try this it should work

if not contact me at nitesh.thacker@indussoft.com

5

Subject: RE: Server side validation on web

The application needs to support browsers IE4+ and NN5+, with ActiveX only being available to Microsoft browsers this won’t work in Netscape.

Perhaps Andre Guirard or someone from Lotus can give the best method for doing server side validation on the web.

6

Subject: RE: Server side validation on web

What happens when JavaScript is disabled… Domino addes the following code

If JavaScript is disabled I can’t get validation to work… Any Ideas.

7

Subject: RE: Server side validation on web

You can always provide a non-javascript submit button:

Use code in the onload event to hide that button so that the JS version will work as expected (calling client-side validation, etc.).