/**
* Validate a list of values, such as `$_GET` or `$_POST` data against
* a list of validation rules. If the rules are a string, it will
* look for a file and parse it using `parse_ini_file()` for the rules.
* The format is as follows:
*
* [field1]
* email = 1
*
* [field2]
* type = string
* regex = "/^[a-z]+$/i"
*
* [field3]
* skip_if_empty = 1
* unique = "table.column"
*
* Returns an array of failed fields. If the array is empty, everything
* passed.
*/
public function verify_values($values, $validations = array())
{
if (is_string($validations) && file_exists($validations)) {
$validations = parse_ini_file($validations, true);
}
$failed = array();
foreach ($validations as $name => $validators) {
foreach ($validators as $type => $validator) {
if ($type === 'file') {
if (!is_uploaded_file($_FILES[$name]['tmp_name'])) {
$failed[] = $name;
break;
} else {
continue;
}
}
if ($type === 'filetype') {
$extensions = preg_split('/, ?', trim(strtolower($validator)));
if ($extensions === false) {
$extensions = array($validator);
}
$extension = strtolower(pathinfo($_FILES[$name]['name'], PATHINFO_EXTENSION));
if (!in_array($extension, $extensions)) {
$failed[] = $name;
break;
} else {
continue;
}
}
if ($type === 'skip_if_empty') {
if (is_array($values[$name])) {
foreach ($values[$name] as $k => $v) {
if (empty($v)) {
// Unset empty array values so they're not checked against the other rules
unset($values[$name][$k]);
}
}
continue;
} elseif (empty($values[$name]) && (!isset($_FILES[$name]) || $_FILES[$name]['error'] === 4)) {
break;
} else {
continue;
}
}
if (!isset($values[$name]) || !Form::verify_value($values[$name], $type, $validator)) {
$failed[] = $name;
break;
}
}
}
return $failed;
}
if (!$appconf['Custom Handlers']['user/login']) {
echo $this->error(404, i18n_get('Not found'), i18n_get('The page you requested could not be found.'));
return;
}
echo $this->run($appconf['Custom Handlers']['user/login'], $data);
return;
}
if (!$this->internal) {
$page->title = i18n_get('Members');
}
if (isset($_GET['redirect'])) {
$_POST['redirect'] = $_GET['redirect'];
}
if (!isset($_POST['redirect'])) {
$_POST['redirect'] = $_SERVER['REQUEST_URI'];
if ($_POST['redirect'] == '/user/login') {
$_POST['redirect'] = '/user';
}
}
if (!Form::verify_value($_POST['redirect'], 'header')) {
$_POST['redirect'] = '/user';
}
if (!User::require_login()) {
if (!$this->internal && !empty($_POST['username'])) {
echo '<p>' . i18n_get('Incorrect email or password, please try again.') . '</p>';
}
$_POST['signup_handler'] = $appconf['Custom Handlers']['user/signup'];
echo $tpl->render('user/login', $_POST);
} elseif (!$this->internal) {
$this->redirect($_POST['redirect']);
}
function test_verify_value()
{
$this->assertTrue(Form::verify_value('1234', 'regex', '/^[0-9]+$/'));
$this->assertFalse(Form::verify_value('adsf', 'regex', '/^[0-9]+$/'));
$this->assertTrue(Form::verify_value('123', 'type', 'numeric'));
$this->assertFalse(Form::verify_value('asdf', 'type', 'numeric'));
$this->assertTrue(Form::verify_value('123', 'callback', function ($value) {
return true;
}));
$this->assertFalse(Form::verify_value('123', 'callback', function ($value) {
return false;
}));
$this->assertFalse(Form::verify_value('asdf', 'length', 2));
$this->assertFalse(Form::verify_value('asdf', 'length', '5+'));
$this->assertTrue(Form::verify_value('asdf', 'length', '5-'));
$this->assertFalse(Form::verify_value('asdf', 'length', '6-8'));
$this->assertTrue(Form::verify_value('asdf', 'length', '2-6'));
$this->assertTrue(Form::verify_value(5, 'range', '1-10'));
$this->assertFalse(Form::verify_value(15, 'range', '1-10'));
$this->assertTrue(Form::verify_value('', 'empty'));
$this->assertFalse(Form::verify_value('asdf', 'empty'));
$this->assertTrue(Form::verify_value('*****@*****.**', 'email'));
$this->assertFalse(Form::verify_value('@foo@bar.com', 'email'));
$this->assertFalse(Form::verify_value('foo@bar', 'email'));
$this->assertTrue(Form::verify_value('*****@*****.**', 'email'));
$this->assertTrue(Form::verify_value("asdf", 'header'));
$this->assertFalse(Form::verify_value("asdf\nasdf", 'header'));
$this->assertTrue(Form::verify_value('2010-01-01', 'date'));
$this->assertFalse(Form::verify_value('2010-01-010', 'date'));
$this->assertTrue(Form::verify_value('2010-01-01 00:01:01', 'datetime'));
$this->assertFalse(Form::verify_value('2010-01-01-00:01:01', 'datetime'));
$this->assertTrue(Form::verify_value('00:01:01', 'time'));
$this->assertFalse(Form::verify_value('000101', 'time'));
$this->assertTrue(Form::verify_value('Template.php', 'exists', 'lib'));
$this->assertFalse(Form::verify_value('ASDF.php', 'exists', 'lib'));
$this->assertTrue(Form::verify_value('default', 'exists', 'layouts/%s.html'));
$this->assertTrue(Form::verify_value('foobar', 'contains', 'foo'));
$this->assertFalse(Form::verify_value('foobar', 'contains', 'asdf'));
$this->assertTrue(Form::verify_value('asdf', 'equals', 'asdf'));
$this->assertFalse(Form::verify_value('foobar', 'equals', 'asdf'));
$this->assertTrue(Form::verify_value('asdf', 'unique', 'user.email'));
DB::execute('create table test ( email char(48) )');
DB::execute('insert into test (email) values (?)', '*****@*****.**');
$this->assertTrue(Form::verify_value('*****@*****.**', 'unique', 'test.email'));
$this->assertFalse(Form::verify_value('*****@*****.**', 'unique', 'test.email'));
$this->assertTrue(Form::verify_value(5, 'lt', 10));
$this->assertFalse(Form::verify_value(50, 'lt', 10));
$this->assertTrue(Form::verify_value(10, 'lte', 10));
$this->assertFalse(Form::verify_value(50, 'lte', 10));
$this->assertTrue(Form::verify_value(50, 'gt', 10));
$this->assertFalse(Form::verify_value(5, 'gt', 10));
$this->assertTrue(Form::verify_value(10, 'gte', 10));
$this->assertFalse(Form::verify_value(5, 'gte', 10));
$_POST['test'] = 'foo';
$this->assertTrue(Form::verify_value('foo', 'matches', '$_POST["test"]'));
$this->assertFalse(Form::verify_value('bar', 'matches', '$_POST["test"]'));
$this->assertFalse(Form::verify_value('foo', 'not matches', '$_POST["test"]'));
$this->assertTrue(Form::verify_value('bar', 'not matches', '$_POST["test"]'));
$this->assertTrue(Form::verify_value('http://foo.com/bar', 'url'));
$this->assertFalse(Form::verify_value('foobar', 'url'));
$this->assertFalse(Form::verify_value('http:/fooobar', 'url'));
// test array validation
$valid_emails = array('*****@*****.**', '*****@*****.**');
$invalid_emails = array('joe.example dot com', 'sue@localhost');
$this->assertTrue(Form::verify_value($valid_emails, 'each email', 1));
$this->assertFalse(Form::verify_value($invalid_emails, 'each email', 1));
$names = array('Joe', 'Sue');
$empty = array('', '');
$this->assertTrue(Form::verify_value($names, 'each not empty', 1));
$this->assertFalse(Form::verify_value($empty, 'each not empty', 1));
}
