/** * Validate a list of values, such as `$_GET` or `$_POST` data against * a list of validation rules. If the rules are a string, it will * look for a file and parse it using `parse_ini_file()` for the rules. * The format is as follows: * * [field1] * email = 1 * * [field2] * type = string * regex = "/^[a-z]+$/i" * * [field3] * skip_if_empty = 1 * unique = "table.column" * * Returns an array of failed fields. If the array is empty, everything * passed. */ public function verify_values($values, $validations = array()) { if (is_string($validations) && file_exists($validations)) { $validations = parse_ini_file($validations, true); } $failed = array(); foreach ($validations as $name => $validators) { foreach ($validators as $type => $validator) { if ($type === 'file') { if (!is_uploaded_file($_FILES[$name]['tmp_name'])) { $failed[] = $name; break; } else { continue; } } if ($type === 'filetype') { $extensions = preg_split('/, ?', trim(strtolower($validator))); if ($extensions === false) { $extensions = array($validator); } $extension = strtolower(pathinfo($_FILES[$name]['name'], PATHINFO_EXTENSION)); if (!in_array($extension, $extensions)) { $failed[] = $name; break; } else { continue; } } if ($type === 'skip_if_empty') { if (is_array($values[$name])) { foreach ($values[$name] as $k => $v) { if (empty($v)) { // Unset empty array values so they're not checked against the other rules unset($values[$name][$k]); } } continue; } elseif (empty($values[$name]) && (!isset($_FILES[$name]) || $_FILES[$name]['error'] === 4)) { break; } else { continue; } } if (!isset($values[$name]) || !Form::verify_value($values[$name], $type, $validator)) { $failed[] = $name; break; } } } return $failed; }
if (!$appconf['Custom Handlers']['user/login']) { echo $this->error(404, i18n_get('Not found'), i18n_get('The page you requested could not be found.')); return; } echo $this->run($appconf['Custom Handlers']['user/login'], $data); return; } if (!$this->internal) { $page->title = i18n_get('Members'); } if (isset($_GET['redirect'])) { $_POST['redirect'] = $_GET['redirect']; } if (!isset($_POST['redirect'])) { $_POST['redirect'] = $_SERVER['REQUEST_URI']; if ($_POST['redirect'] == '/user/login') { $_POST['redirect'] = '/user'; } } if (!Form::verify_value($_POST['redirect'], 'header')) { $_POST['redirect'] = '/user'; } if (!User::require_login()) { if (!$this->internal && !empty($_POST['username'])) { echo '<p>' . i18n_get('Incorrect email or password, please try again.') . '</p>'; } $_POST['signup_handler'] = $appconf['Custom Handlers']['user/signup']; echo $tpl->render('user/login', $_POST); } elseif (!$this->internal) { $this->redirect($_POST['redirect']); }
function test_verify_value() { $this->assertTrue(Form::verify_value('1234', 'regex', '/^[0-9]+$/')); $this->assertFalse(Form::verify_value('adsf', 'regex', '/^[0-9]+$/')); $this->assertTrue(Form::verify_value('123', 'type', 'numeric')); $this->assertFalse(Form::verify_value('asdf', 'type', 'numeric')); $this->assertTrue(Form::verify_value('123', 'callback', function ($value) { return true; })); $this->assertFalse(Form::verify_value('123', 'callback', function ($value) { return false; })); $this->assertFalse(Form::verify_value('asdf', 'length', 2)); $this->assertFalse(Form::verify_value('asdf', 'length', '5+')); $this->assertTrue(Form::verify_value('asdf', 'length', '5-')); $this->assertFalse(Form::verify_value('asdf', 'length', '6-8')); $this->assertTrue(Form::verify_value('asdf', 'length', '2-6')); $this->assertTrue(Form::verify_value(5, 'range', '1-10')); $this->assertFalse(Form::verify_value(15, 'range', '1-10')); $this->assertTrue(Form::verify_value('', 'empty')); $this->assertFalse(Form::verify_value('asdf', 'empty')); $this->assertTrue(Form::verify_value('*****@*****.**', 'email')); $this->assertFalse(Form::verify_value('@foo@bar.com', 'email')); $this->assertFalse(Form::verify_value('foo@bar', 'email')); $this->assertTrue(Form::verify_value('*****@*****.**', 'email')); $this->assertTrue(Form::verify_value("asdf", 'header')); $this->assertFalse(Form::verify_value("asdf\nasdf", 'header')); $this->assertTrue(Form::verify_value('2010-01-01', 'date')); $this->assertFalse(Form::verify_value('2010-01-010', 'date')); $this->assertTrue(Form::verify_value('2010-01-01 00:01:01', 'datetime')); $this->assertFalse(Form::verify_value('2010-01-01-00:01:01', 'datetime')); $this->assertTrue(Form::verify_value('00:01:01', 'time')); $this->assertFalse(Form::verify_value('000101', 'time')); $this->assertTrue(Form::verify_value('Template.php', 'exists', 'lib')); $this->assertFalse(Form::verify_value('ASDF.php', 'exists', 'lib')); $this->assertTrue(Form::verify_value('default', 'exists', 'layouts/%s.html')); $this->assertTrue(Form::verify_value('foobar', 'contains', 'foo')); $this->assertFalse(Form::verify_value('foobar', 'contains', 'asdf')); $this->assertTrue(Form::verify_value('asdf', 'equals', 'asdf')); $this->assertFalse(Form::verify_value('foobar', 'equals', 'asdf')); $this->assertTrue(Form::verify_value('asdf', 'unique', 'user.email')); DB::execute('create table test ( email char(48) )'); DB::execute('insert into test (email) values (?)', '*****@*****.**'); $this->assertTrue(Form::verify_value('*****@*****.**', 'unique', 'test.email')); $this->assertFalse(Form::verify_value('*****@*****.**', 'unique', 'test.email')); $this->assertTrue(Form::verify_value(5, 'lt', 10)); $this->assertFalse(Form::verify_value(50, 'lt', 10)); $this->assertTrue(Form::verify_value(10, 'lte', 10)); $this->assertFalse(Form::verify_value(50, 'lte', 10)); $this->assertTrue(Form::verify_value(50, 'gt', 10)); $this->assertFalse(Form::verify_value(5, 'gt', 10)); $this->assertTrue(Form::verify_value(10, 'gte', 10)); $this->assertFalse(Form::verify_value(5, 'gte', 10)); $_POST['test'] = 'foo'; $this->assertTrue(Form::verify_value('foo', 'matches', '$_POST["test"]')); $this->assertFalse(Form::verify_value('bar', 'matches', '$_POST["test"]')); $this->assertFalse(Form::verify_value('foo', 'not matches', '$_POST["test"]')); $this->assertTrue(Form::verify_value('bar', 'not matches', '$_POST["test"]')); $this->assertTrue(Form::verify_value('http://foo.com/bar', 'url')); $this->assertFalse(Form::verify_value('foobar', 'url')); $this->assertFalse(Form::verify_value('http:/fooobar', 'url')); // test array validation $valid_emails = array('*****@*****.**', '*****@*****.**'); $invalid_emails = array('joe.example dot com', 'sue@localhost'); $this->assertTrue(Form::verify_value($valid_emails, 'each email', 1)); $this->assertFalse(Form::verify_value($invalid_emails, 'each email', 1)); $names = array('Joe', 'Sue'); $empty = array('', ''); $this->assertTrue(Form::verify_value($names, 'each not empty', 1)); $this->assertFalse(Form::verify_value($empty, 'each not empty', 1)); }