Working on a site that must validate a credit card number. One of my collaborators suggested this script. Clearly, before using some rando's credit card validating script, one should take a look-see and make sure it doesn't steal credit card numbers. I've looked at this script pretty hard and do not detect any theft type stuff, but I am put off by quite a bit of pedantry. For instance, line 72:
for (n = k = ref = r[1], ref1 = r[2]; ref <= ref1 ? k <= ref1 : k >= ref1; n = ref <= ref1 ? ++k : --k) {
trie.push(n);
}
What kind of jerk writes a for loop like that? There are also quite a few anonymous functions and other weirdness.
All it appears to do is check if the supplied cardnumber is a luhn number and then checks certain constraints based on a match of the opening sequence of letters.
A couple of questions then:
1) Does anyone have a favorite credit card validation script they use? Please suggest!
2) Does anyone see any evil sneakiness in this script that might facilitate theft of cardholder info?
3) Is anyone else put off by the coding in this script like I am?
4) Are all credit cards really luhn numbers? It would be quite regrettable to exclude a valid card number that is not a luhn number.
5) Does anyone have any comments on the card validation criteria starting at line 121?
Any feedback would be much appreciated.