protected function isValid() { // making sure student information is valid $valid = true; print '<br> validating student information ....<br>'; if (isName($this->firstName)) { print " -- First Name valid.<br>\n"; } else { return false; } if (isName($this->lastName)) { print " -- Last Name valid.<br>\n"; } else { return false; } if (isEmail($this->email)) { print " -- Email valid.<br>\n"; } else { return false; } if (isEmail($this->advisorEmail)) { print " -- Advisor Email valid.<br>\n"; } else { return false; } if (isEmail($this->supervisorEmail) or $this->supervisorEmail == "?") { print " -- Supervisor Email valid.<br>\n"; } else { return false; } if ($this->year > 1970 and $this->year < 2020) { print "Number is a year: {$this->year} -- Year valid.<br>\n"; } else { print "Number is not a year: {$this->year}.<br>\n"; return false; } return $valid; }
public function proccess($data = NULL, $validations = FALSE) { if (is_array($validations)) { foreach ($validations as $field => $validation) { if ($validation === "required") { if (!POST($field)) { $field = $this->rename($field); return array("error" => getAlert("{$field} is required")); } } elseif ($validation === "name?") { if (!isName(POST($field))) { return array("error" => getAlert("{$field} is not a valid name")); } } elseif ($validation === "email?") { if (!isEmail(POST($field))) { return array("error" => getAlert("{$field} is not a valid email")); } } elseif ($validation === "injection?") { if (isInjection(POST($field))) { return array("error" => getAlert("SQL/HTML injection attempt blocked")); } } elseif ($validation === "spam?") { if (isSPAM(POST($field))) { return array("error" => getAlert("SPAM prohibited")); } } elseif ($validation === "vulgar?") { if (isVulgar(POST($field))) { return array("error" => getAlert("Your {$field} is very vulgar")); } } elseif ($validation === "ping") { if (!ping(POST($field))) { return array("error" => getAlert("Invalid URL")); } } elseif (is_string($validation) and substr($validation, 0, 6) === "length") { $count = (int) substr($validation, 7, 8); $count = $count > 0 ? $count : 6; if (strlen(POST($field)) < $count) { return array("error" => getAlert("{$field} must have at least {$count} characters")); } } elseif (isset($field["exists"]) and isset($this->table)) { if (is_array($validation)) { if (isset($validation["or"]) and count($validation) > 2) { unset($validation["or"]); $fields = array_keys($validation); for ($i = 0; $i <= count($fields) - 1; $i++) { $exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]); if ($exists) { return array("error" => getAlert("The " . strtolower($fields[$i]) . " already exists")); } } } else { $field = array_keys($validation); $exists = $this->Db->findBy($field[0], $validation[$field[0]]); if ($exists) { return array("error" => getAlert("The " . strtolower($field[0]) . " already exists")); } } } } } } if (is_null($data)) { $data = array(); } $POST = POST(TRUE); foreach ($POST as $field => $value) { if (!in_array($field, $this->ignore)) { if (!isset($data[$this->rename($field)])) { $data[$this->rename($field)] = decode(filter($value, "escape")); } } } return $data; }
/** * 登录验证 */ private function check() { $username = ForceStringFrom('username'); $password = ForceStringFrom('password'); $remember = ForceIntFrom('remember'); $key = ForceStringFrom('key'); $code = ForceStringFrom('code'); $decode = authcode($code, 'DECODE', $key); $cookievalue = ForceCookieFrom(COOKIE_SAFE); if (!strlen($username) or !strlen($password)) { $error = '请输入用户名和密码!'; } elseif (!isName($username)) { $error = '用户名存在非法字符!'; } elseif ($cookievalue != md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode'])) { $error = '验证码不正确!'; } elseif ($decode != md5(WEBSITE_KEY)) { $error = '验证码过期, 请重新登录!'; } else { $password = md5($password); $user = APP::$DB->getOne("SELECT a.aid, a.type FROM " . TABLE_PREFIX . "admin a WHERE a.username = '******' AND a.password = '******' AND a.activated = 1"); if (!$user['aid']) { $error = '用户不存在或密码错误!'; } else { //授权成功, 执行相关操作 $userip = GetIP(); $timenow = time(); $sessionid = md5(uniqid($user['aid'] . COOKIE_KEY)); $agent = md5(substr($_SERVER['HTTP_USER_AGENT'], 0, 252) . WEBSITE_KEY); APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "session (sid, aid, ip, agent, time)\n\t\t\t\t\t\t VALUES ('{$sessionid}', '{$user['aid']}', '{$userip}', '{$agent}', '{$timenow}')"); APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET last = '{$timenow}', lastip = '{$userip}', logins = (logins + 1) WHERE aid = '{$user['aid']}'"); $time = Iif($remember, $timenow + 3600 * 24 * 30, 0); setcookie(COOKIE_ADMIN, $sessionid, $time, '/'); if (!$user['type']) { Redirect('online'); } //如果是客服人员直接跳转到客服操作页面 Redirect(); //登录验证成功后跳转到首页 } } return $error; //提交数据有错误或验证用户失败, 返回错误信息在登录中显示 }
public function process($data = null, $validations = false) { if (is_array($validations)) { foreach ($validations as $field => $validation) { if ($validation === "required") { if (!POST($field)) { $field = $this->rename($field); return array("error" => getAlert(__("{$field} is required"))); } } elseif ($validation === "name?") { if (!isName(POST($field))) { return array("error" => getAlert(__("{$field} is not a valid name"))); } } elseif ($validation === "email?") { if (!isEmail(POST($field))) { return array("error" => getAlert(__("{$field} is not a valid email"))); } } elseif ($validation === "captcha?") { if (!POST("captcha_token") or !POST("captcha_type")) { return array("error" => getAlert(__(POST("captcha_type") === "aritmethic" ? "Please enter your answer again" : "Please type the characters you see in the picture"))); } elseif (POST("captcha_type") === "aritmethic") { if (SESSION("ZanCaptcha" . POST("captcha_token")) != POST($field)) { return array("error" => getAlert(__("Your answer was incorrect"))); } } else { if (SESSION("ZanCaptcha" . POST("captcha_token")) !== POST($field)) { return array("error" => getAlert(__("The characters did not match the picture"))); } } } elseif ($validation === "injection?") { if (isInjection(POST($field))) { return array("error" => getAlert(__("SQL/HTML injection attempt blocked"))); } } elseif ($validation === "spam?") { if (isSPAM(POST($field))) { return array("error" => getAlert(__("SPAM prohibited"))); } } elseif ($validation === "vulgar?") { if (isVulgar(POST($field))) { return array("error" => getAlert(__("Your {$field} is very vulgar"))); } } elseif ($validation === "ping") { if (!ping(POST($field))) { return array("error" => getAlert(__("Invalid URL"))); } } elseif (is_string($validation) and substr($validation, 0, 6) === "length") { $count = (int) substr($validation, 7, 8); $count = $count > 0 ? $count : 6; if (strlen(POST($field)) < $count) { return array("error" => getAlert(__("{$field}") . " " . __("must have at least") . " {$count} " . __("characters"))); } } elseif (isset($field["exists"]) and isset($this->table)) { if (is_array($validation)) { if (isset($validation["or"]) and count($validation) > 2) { unset($validation["or"]); $fields = array_keys($validation); for ($i = 0; $i <= count($fields) - 1; $i++) { $exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]); if ($exists) { return array("error" => getAlert(__("The " . strtolower($fields[$i]) . " already exists"))); } } } else { $field = array_keys($validation); $exists = $this->Db->findBy($field[0], $validation[$field[0]]); if ($exists) { return array("error" => getAlert(__("The " . strtolower($field[0]) . " already exists"))); } } } } } } if (is_null($data)) { $data = array(); } $POST = POST(true); foreach ($POST as $field => $value) { if (!in_array($field, $this->ignore)) { if (!isset($data[$this->rename($field)])) { $data[$this->rename($field)] = decode(filter($value, "escape")); } } } return $data; }