///// Main Function ///////////////////////////////////////////////////////////////
function validateLogin() {
  var pageIsValid = 1;
  
 // Enforce only characters and numbers in loginname and password

   pageIsValid = validateForAcceptableFormat( "loginName", 3, 12 ) && pageIsValid;
   pageIsValid = validateForAcceptableFormat( "password", 6, 12 ) && pageIsValid;


  ////////////////////////////////////////////////// 
  // Finished with validation, either send 'em forward or send 'em back! 
  if (pageIsValid == 1) { 
  
    document.getElementById("frmLoginID").method = "POST"; 
    document.getElementById("frmLoginID").action = "login2.asp"; 
    document.getElementById("frmLoginID").submit(); 
    return (true); 
  } else { 
    alert( "User Names and Passwords may only contain letters or numbers, or your User Name or Password was left blank." ); 
    return (false); 
  } 
  
  return (false); 
} 





////// Accessory Functions /////////////////////////////////////////////////////// 

function acceptableCharacters( checkStr ) { 

  var checkOK = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; 
  var allValid = true; 

  for (i = 0;  i < checkStr.length;  i++) { 
    ch = checkStr.charAt(i); 
    for (j = 0;  j < checkOK.length;  j++) 
      if (ch == checkOK.charAt(j)) 
        break; 
      if (j == checkOK.length) {
 
      allValid = false; 
      break; 
    } 
  } 

  // Now guard against 2 dashes in a row (SQL comment indicator - used in SQL Insertion Attacks) 
  // Unnecessary here, kept incase a - is ever allowed in checkOK variable
  for (i = 0;  i < checkStr.length-1;  i++) { 

    if ( (checkStr.charAt(i) == "-") && (checkStr.charAt(i+1) == "-") ) { 
	
      allValid = false; 
      break; 
    } 
  } 

  if (!allValid)  { 
    return (false); 
  }else{ 
   return (true); 
  } 

} 

/////////////////////////////////////////////////////////////////////////////////// 

function acceptableLength( checkStr, minLength, maxLength ) { 

 if ( (checkStr.length >= minLength) && (checkStr.length <= maxLength) ) 
 return ( true ); 
 else 
 return ( false ); 
} 

//////////////////////////////////////////////////////////////////////////////////


function validateForAcceptableFormat( itemName, minLength, maxLength) {
 
 if ( (acceptableLength(document.getElementById(itemName+"ID").value, minLength, maxLength ) == false) || 
 (acceptableCharacters(document.getElementById(itemName+"ID").value) == false) ) { 

   return 0; 
 } 
 else { 
   return 1; 
 } 
} 

////////////////////////////////////////////////////////////////////////////////