Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is 42 a valid credit card number? jQuery validator thinks it is

We all know that 42 is the answer to everything, but it's news to me that it is a valid credit card number.

Try entering '42' or '42176' into this jQuery Validation testing page and click OK.

What's going on? I thought this was supposed to be the de-facto validation library. Even Microsoft is using it now, but it thinks '42' and '42176' are valid credit card numbers?! It's not even doing a length check. Surely I'm not responsible for adding a length check too? It's called 'creditcard' validator and not 'luhn' validator.

Edit: hitchhiker humor aside - how would I go about patching the validation plugin to check length. is that easy?

like image 463
Simon_Weaver Avatar asked Dec 08 '09 02:12

Simon_Weaver


People also ask

Are credit card validators real?

It gives a merchant a facility to validate the credit card number before accepting a customer's payment. There is a wide range of algorithms created by several finance companies to validate a credit card. The practical use of these algorithms will allow you to validate whether the credit card is genuine or not.

How can you tell if a credit card number is valid?

Credit Card Number ValidationIf doubling any of the numbers produces a sum greater than nine, subtract nine from the sum to get a single digit. Take the sum of all the digits, and if that sum is divisible by ten, then the card's number is valid.

Is valid validation jQuery?

valid() from the jQuery Validation plugin: $("#form_id"). valid(); Checks whether the selected form is valid or whether all selected elements are valid.

What is a card validator?

Credit Card Validator is a free online tool to validate credit card details including Card Brand, BIN details, Luhn Validation, Country and Issuing Bank. CREDIT CARD VALIDATOR.


3 Answers

This is probably because this validator merely checks that the number supplied satisfies the LUHN-10 algorithm (which 42 satisfies since 4*2 + 2 = 10 which is 0 modulo 10).

A better validator should maybe check for a minimal number of digits.

I'm not sure this corresponds to the very latest code from jQuery, but I found the snippet associated with credit card validation:

    // http://docs.jquery.com/Plugins/Validation/Methods/creditcard
    // based on http://en.wikipedia.org/wiki/Luhn
    creditcard: function(value, element) {
        if ( this.optional(element) )
            return "dependency-mismatch";
        // accept only digits and dashes
        if (/[^0-9-]+/.test(value))
            return false;
        var nCheck = 0,
            nDigit = 0,
            bEven = false;

        value = value.replace(/\D/g, "");

        for (n = value.length - 1; n >= 0; n--) {
            var cDigit = value.charAt(n);
            var nDigit = parseInt(cDigit, 10);
            if (bEven) {
                if ((nDigit *= 2) > 9)
                    nDigit -= 9;
            }
            nCheck += nDigit;
            bEven = !bEven;
        }

        return (nCheck % 10) == 0;
    },

... and as you see this merely check that all characters are digits and that LUHN-10 is satisfied, without any attention to a minial length.

like image 145
mjv Avatar answered Oct 26 '22 22:10

mjv


You can combine the credit card rule with the minimum and maximum length rules to achieve what you want. That may seem like too much effort -- and I might agree -- though it does give you more control if you only want to accept certain card number lengths.

$('form').validate({
    '#ccNum': {
                   creditcard: true,
                   required: true,
                   minlength: 13,
                   maxlength: 19
              }
});
like image 36
tvanfosson Avatar answered Oct 26 '22 23:10

tvanfosson


The length of credit card numbers can vary depending on the issuer (though yes, there's generally a minimum length of ~13 digits). However, since this is client-side validation, the focus is probably more on reducing the chance of a small typo, and less on checking arbitrary data. That should probably be done server-side.

like image 31
Amber Avatar answered Oct 26 '22 22:10

Amber