public function isValid($value)
 {
     $validation = !parent::isValid($value);
     if ($validation) {
         return true;
     } else {
         $this->_error(self::Are_Equal);
         return false;
     }
 }
Ejemplo n.º 2
0
 public function testValidatingTokenArray()
 {
     $validator = new Zend_Validate_Identical(array('token' => 123));
     $this->assertTrue($validator->isValid(123));
     $this->assertFalse($validator->isValid(array('token' => 123)));
 }
Ejemplo n.º 3
0
         $errors['username'] = '******' . $_POST['username'] . ' already exists' . '</p>';
     }
 }
 // Validate password
 //
 $length->setMin(8);
 $val = new Zend_Validate();
 $val->addValidator($length);
 $val->addValidator(new Zend_Validate_Alnum());
 if (!$val->isValid($_POST['password'])) {
     $errors['password'] = '******' . 'Password must be 8-15 characters' . '</p>';
 }
 // Confirm passwords
 //
 $val = new Zend_Validate_Identical($_POST['password']);
 if (!$val->isValid($_POST['conf_password'])) {
     $errors['conf_password'] = '******' . 'Passwords don\'t match' . '</p>';
 }
 // Validate email
 //
 $val = new Zend_Validate_EmailAddress();
 if (!$val->isValid($_POST['email'])) {
     $errors['email'] = '<p class="add_user_error">' . 'Invalid email address' . '</p>';
 }
 // If all data validated, then add new user
 //
 if (!$errors) {
     $data = array('first_name' => $_POST['first_name'], 'surname' => $_POST['surname'], 'username' => $_POST['username'], 'email' => $_POST['email'], 'password' => sha1($_POST['password']));
     $dbWrite->insert('users', $data);
     header('Location: login.php');
 }
Ejemplo n.º 4
0
 public function testValidatingNonStrictToken()
 {
     $validator = new Zend_Validate_Identical(array('token' => 123, 'strict' => false));
     $this->assertTrue($validator->isValid('123'));
     $validator->setStrict(true);
     $this->assertFalse($validator->isValid(array('token' => '123')));
 }
Ejemplo n.º 5
0
 /**
  * Defined by Zend_Validate_Interface
  *
  * Returns true if and only if a token has been set and the provided value
  * matches that token.
  *
  * @param  mixed $value
  * @param  mixed $context
  *
  * @return boolean
  */
 public function isValid($value, $context = null)
 {
     if (null !== $this->_field && isset($context[$this->getField()])) {
         $this->setToken($context[$this->getField()]);
     }
     return parent::isValid($value, $context);
 }
 /**
  * Validates the input string against a list of valid recipients.
  *
  * @param string $input The input to be validated as a recipient.
  *
  * @return bool True if input string is a valid recipient, otherwise
  *              False.
  */
 public function isValid($input)
 {
     $auditor = ESAPI::getAuditor('App_Validate_Recipient');
     if (!is_string($input)) {
         $auditor->warning(Auditor::SECURITY, false, 'isValid expects a string!');
         $this->_error(self::INVALID);
         return false;
     }
     if ($this->_recipients instanceof Zend_Config !== true) {
         $this->_error(self::INVALID_RECIPIENT);
         $auditor->warning(Auditor::SECURITY, false, 'isValid requires an array of recipients!');
         return false;
     }
     $encoder = ESAPI::getEncoder();
     // canonicalise the input string.
     $canonical = null;
     try {
         $canonical = $encoder->canonicalize($input, true);
     } catch (Exception $e) {
         // Process the input no further.
         $this->_error(self::INVALID_RECIPIENT);
         $auditor->warning(Auditor::SECURITY, false, 'isValid rejected a string in which double or mixed encoding was detected.', $e);
         return false;
     }
     // Convert input to lower case
     $charEnc = mb_detect_encoding($canonical);
     $canonicalLower = mb_strtolower($canonical, $charEnc);
     // Get a whitespace removal filter
     $whitespace = new Zend_Filter_PregReplace(array('match' => '/ /', 'replace' => ''));
     // for each of our valid recipients use an identical validator
     // to determine whether $canonical matches.
     $validator = new Zend_Validate_Identical();
     foreach ($this->_recipients as $_ => $cfg) {
         foreach ($cfg as $key => $validRecipient) {
             if ($key !== 'display') {
                 continue;
             }
             $charEnc = mb_detect_encoding($validRecipient . '');
             $validRecipientL = mb_strtolower($validRecipient, $charEnc);
             $validRecipientS = $whitespace->filter($validRecipientL);
             $validator->setToken($validRecipientL);
             if ($validator->isValid($canonicalLower)) {
                 return true;
             }
             $validator->setToken($validRecipientS);
             if ($validator->isValid($canonicalLower)) {
                 return true;
             }
         }
     }
     // if that fails, the form has been tampered with or a dummy option has
     // been selected - check for the latter of these now:
     foreach ($this->_dummyRecipients as $dummy => $value) {
         $charEnc = mb_detect_encoding($dummy . '');
         $dummyL = mb_strtolower($dummy, $charEnc);
         $dummyS = $whitespace->filter($dummyL);
         $validator->setToken($dummyL);
         if ($validator->isValid($canonicalLower)) {
             $this->_error(self::DUMMY_RECIPIENT);
             return false;
         }
         $validator->setToken($dummyS);
         if ($validator->isValid($canonicalLower)) {
             $this->_error(self::DUMMY_RECIPIENT);
             return false;
         }
     }
     $auditor->warning(Auditor::SECURITY, false, "isValid. Input [{$canonicalLower}] is not a valid recipient.");
     $this->_error(self::INVALID_RECIPIENT);
     return false;
 }
 /**
  * Validates the POST half of a double submit cookie against the COOKIE half
  * and both against string length and character set constraints.
  *
  * @param string $value The POST half of a double submit cookie from, for
  *                      example a hidden HTML form field.
  *
  * @return null
  */
 public function isValid($value)
 {
     $auditor = ESAPI::getAuditor('App_Validate_Token');
     $canonicalPostToken = ESAPI::getEncoder()->canonicalize($value, false);
     $this->_setValue($canonicalPostToken);
     $isValid = false;
     $v_len = new Zend_Validate_StringLength($this->_expectedLen, $this->_expectedLen);
     if ($v_len->isValid($canonicalPostToken) !== true) {
         $this->_error(self::POST_BAD_LENGTH);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_LENGTH]);
         return false;
     }
     $v_regex = new Custom_Validate_Charset($this->_expectedCharset);
     if ($v_regex->isValid($canonicalPostToken) !== true) {
         $this->_error(self::POST_BAD_CHARSET);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_CHARSET]);
         return false;
     }
     $controller = Zend_Controller_Front::getInstance();
     $req = $controller->getRequest();
     $cookieVal = $req->getCookie($this->_cookieName);
     $canonicalCookie = ESAPI::getEncoder()->canonicalize($cookieVal, false);
     if ($canonicalCookie === null) {
         $this->_error(self::MISSING_COOKIE);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::MISSING_COOKIE]);
         return false;
     }
     if ($v_len->isValid($canonicalCookie) !== true) {
         $this->_error(self::COOKIE_BAD_LENGTH);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_LENGTH]);
         return false;
     }
     if ($v_regex->isValid($canonicalCookie) !== true) {
         $this->_error(self::COOKIE_BAD_CHARSET);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_CHARSET]);
         return false;
     }
     $v_identical = new Zend_Validate_Identical($this->_value);
     if ($v_identical->isValid($canonicalCookie) !== true) {
         $this->_error(self::TOKENS_DIFFER);
         $auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::TOKENS_DIFFER]);
         return false;
     }
     return true;
 }
Ejemplo n.º 8
0
 /**
  * Validates the password
  *
  * @return boolean
  */
 protected function _validatePassword()
 {
     $validator = new Sanmax_Validate_PasswordStrength();
     $validator->setRequireDigit(false)->setRequireLowercase(false)->setRequireUppercase(false);
     $msg = Sanmax_MessageStack::getInstance('SxCms_User');
     if (!$validator->isValid($this->_user->getPassword())) {
         $msg->addMessage('password', $validator->getMessages());
         return false;
     }
     $validator = new Zend_Validate_Identical($this->_user->getPassword());
     if (!$validator->isValid($this->_passwordRepeat)) {
         $msg->addMessage('password_repeat', $validator->getMessages(), 'password');
     }
     return false == ($msg->getMessages('password') && $msg->getMessages('password_repeat'));
 }