var sqlInjectionPattern = new RegExp("\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))");
var crossSiteScriptingPattern = new RegExp("((\\%3C)|<)(.|\\n)*?((\\%3E)|>)");
var phonePattern = new RegExp("\\([0-9]{3}\\)\\s?[0-9]{3}(-|\\s)?[0-9]{4}(\\s(x\\d+)?){0,1}$|^[0-9]{3}-?[0-9]{3}-?[0-9]{4}(\\s(x\\d+)?){0,1}$");
var emailPattern = new RegExp("[\\w-\\.]+@(?!acme-hack)([\\w-]+\\.)+[\\w-]{2,4}$");
var zipcodePattern = new RegExp("(^\\d{5}$)|(^\\d{5}-\\d{4}$)");

function validateField(fieldNameToValidate, required)
{
	var isValid = true;
	var valueToValidate = document.forms[0][fieldNameToValidate].value;
	var fieldToValidate = document.forms[0][fieldNameToValidate].name;

	// Clear any error text from a previous entry.
	document.getElementById(fieldNameToValidate + "Error").innerHTML = "";

	// Check for string presence.
	if (valueToValidate.length == 0)
	{
		isValid = !required;		// if blank and not reqd, we're done.
		if (!isValid) 
			document.getElementById(fieldNameToValidate + "Error").innerHTML = "Please complete this entry.";

	} else	 if (fieldToValidate.toLowerCase().indexOf("email") > -1) {

		// Check email entry.
	  	if (!valueToValidate.match(emailPattern)) {
			document.getElementById(fieldNameToValidate + "Error").innerHTML = "Please enter an email address.";
			isValid = false;
		}

	} else	 if (fieldToValidate.toLowerCase().indexOf("phone") > -1) {
	
		// Check phone entry.
	  	if (!valueToValidate.match(phonePattern)) {
			document.getElementById(fieldNameToValidate + "Error").innerHTML = "Please enter a phone number (e.g., 8005551212, (800)555-1212 x1234, 800-555-1212 x123).";
			isValid = false;
		}
	} else	 if (fieldToValidate.toLowerCase().indexOf("postalcode") > -1) {
	
		// Check zipcode entry.
	  	if (!valueToValidate.match(zipcodePattern)) {
			document.getElementById(fieldNameToValidate + "Error").innerHTML = "Please enter a valid zipcode (xxxxx or xxxxx-yyyy).";
			isValid = false;
		}
	} else {
		// For all other fields, check for safety.
   		if ( (valueToValidate.match(sqlInjectionPattern)) ||
	   		(valueToValidate.match(crossSiteScriptingPattern)) )
   		{
			document.getElementById(fieldNameToValidate + "Error").innerHTML = "Please remove special characters.";
			isValid = false;
		}
	}
	return isValid;
}

function validateForm(aryRequired)
{
	var fieldIsValid = true;
	var formIsValid = true;
	var iTextElementCount = 0;
	
	// Iterate through all form elements.
	for (i=0; i<document.forms[0].elements.length; i++)
	{
		if (document.forms[0].elements[i].type == "text" || document.forms[0].elements[i].type == "textarea")
		{
			fieldIsValid = validateField(document.forms[0].elements[i].name, aryRequired[iTextElementCount]);
			if (!fieldIsValid)
				formIsValid = false;	// form will not be posted.
			iTextElementCount++;
		}	
	}	
	
	return formIsValid;
}