protected function isValid()
{
// making sure student information is valid
$valid = true;
print '<br> validating student information ....<br>';
if (isName($this->firstName)) {
print " -- First Name valid.<br>\n";
} else {
return false;
}
if (isName($this->lastName)) {
print " -- Last Name valid.<br>\n";
} else {
return false;
}
if (isEmail($this->email)) {
print " -- Email valid.<br>\n";
} else {
return false;
}
if (isEmail($this->advisorEmail)) {
print " -- Advisor Email valid.<br>\n";
} else {
return false;
}
if (isEmail($this->supervisorEmail) or $this->supervisorEmail == "?") {
print " -- Supervisor Email valid.<br>\n";
} else {
return false;
}
if ($this->year > 1970 and $this->year < 2020) {
print "Number is a year: {$this->year} -- Year valid.<br>\n";
} else {
print "Number is not a year: {$this->year}.<br>\n";
return false;
}
return $valid;
}
public function proccess($data = NULL, $validations = FALSE)
{
if (is_array($validations)) {
foreach ($validations as $field => $validation) {
if ($validation === "required") {
if (!POST($field)) {
$field = $this->rename($field);
return array("error" => getAlert("{$field} is required"));
}
} elseif ($validation === "name?") {
if (!isName(POST($field))) {
return array("error" => getAlert("{$field} is not a valid name"));
}
} elseif ($validation === "email?") {
if (!isEmail(POST($field))) {
return array("error" => getAlert("{$field} is not a valid email"));
}
} elseif ($validation === "injection?") {
if (isInjection(POST($field))) {
return array("error" => getAlert("SQL/HTML injection attempt blocked"));
}
} elseif ($validation === "spam?") {
if (isSPAM(POST($field))) {
return array("error" => getAlert("SPAM prohibited"));
}
} elseif ($validation === "vulgar?") {
if (isVulgar(POST($field))) {
return array("error" => getAlert("Your {$field} is very vulgar"));
}
} elseif ($validation === "ping") {
if (!ping(POST($field))) {
return array("error" => getAlert("Invalid URL"));
}
} elseif (is_string($validation) and substr($validation, 0, 6) === "length") {
$count = (int) substr($validation, 7, 8);
$count = $count > 0 ? $count : 6;
if (strlen(POST($field)) < $count) {
return array("error" => getAlert("{$field} must have at least {$count} characters"));
}
} elseif (isset($field["exists"]) and isset($this->table)) {
if (is_array($validation)) {
if (isset($validation["or"]) and count($validation) > 2) {
unset($validation["or"]);
$fields = array_keys($validation);
for ($i = 0; $i <= count($fields) - 1; $i++) {
$exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]);
if ($exists) {
return array("error" => getAlert("The " . strtolower($fields[$i]) . " already exists"));
}
}
} else {
$field = array_keys($validation);
$exists = $this->Db->findBy($field[0], $validation[$field[0]]);
if ($exists) {
return array("error" => getAlert("The " . strtolower($field[0]) . " already exists"));
}
}
}
}
}
}
if (is_null($data)) {
$data = array();
}
$POST = POST(TRUE);
foreach ($POST as $field => $value) {
if (!in_array($field, $this->ignore)) {
if (!isset($data[$this->rename($field)])) {
$data[$this->rename($field)] = decode(filter($value, "escape"));
}
}
}
return $data;
}
/**
* 登录验证
*/
private function check()
{
$username = ForceStringFrom('username');
$password = ForceStringFrom('password');
$remember = ForceIntFrom('remember');
$key = ForceStringFrom('key');
$code = ForceStringFrom('code');
$decode = authcode($code, 'DECODE', $key);
$cookievalue = ForceCookieFrom(COOKIE_SAFE);
if (!strlen($username) or !strlen($password)) {
$error = '请输入用户名和密码!';
} elseif (!isName($username)) {
$error = '用户名存在非法字符!';
} elseif ($cookievalue != md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode'])) {
$error = '验证码不正确!';
} elseif ($decode != md5(WEBSITE_KEY)) {
$error = '验证码过期, 请重新登录!';
} else {
$password = md5($password);
$user = APP::$DB->getOne("SELECT a.aid, a.type FROM " . TABLE_PREFIX . "admin a WHERE a.username = '******' AND a.password = '******' AND a.activated = 1");
if (!$user['aid']) {
$error = '用户不存在或密码错误!';
} else {
//授权成功, 执行相关操作
$userip = GetIP();
$timenow = time();
$sessionid = md5(uniqid($user['aid'] . COOKIE_KEY));
$agent = md5(substr($_SERVER['HTTP_USER_AGENT'], 0, 252) . WEBSITE_KEY);
APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "session (sid, aid, ip, agent, time)\n\t\t\t\t\t\t VALUES ('{$sessionid}', '{$user['aid']}', '{$userip}', '{$agent}', '{$timenow}')");
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET last = '{$timenow}', lastip = '{$userip}', logins = (logins + 1) WHERE aid = '{$user['aid']}'");
$time = Iif($remember, $timenow + 3600 * 24 * 30, 0);
setcookie(COOKIE_ADMIN, $sessionid, $time, '/');
if (!$user['type']) {
Redirect('online');
}
//如果是客服人员直接跳转到客服操作页面
Redirect();
//登录验证成功后跳转到首页
}
}
return $error;
//提交数据有错误或验证用户失败, 返回错误信息在登录中显示
}
public function process($data = null, $validations = false)
{
if (is_array($validations)) {
foreach ($validations as $field => $validation) {
if ($validation === "required") {
if (!POST($field)) {
$field = $this->rename($field);
return array("error" => getAlert(__("{$field} is required")));
}
} elseif ($validation === "name?") {
if (!isName(POST($field))) {
return array("error" => getAlert(__("{$field} is not a valid name")));
}
} elseif ($validation === "email?") {
if (!isEmail(POST($field))) {
return array("error" => getAlert(__("{$field} is not a valid email")));
}
} elseif ($validation === "captcha?") {
if (!POST("captcha_token") or !POST("captcha_type")) {
return array("error" => getAlert(__(POST("captcha_type") === "aritmethic" ? "Please enter your answer again" : "Please type the characters you see in the picture")));
} elseif (POST("captcha_type") === "aritmethic") {
if (SESSION("ZanCaptcha" . POST("captcha_token")) != POST($field)) {
return array("error" => getAlert(__("Your answer was incorrect")));
}
} else {
if (SESSION("ZanCaptcha" . POST("captcha_token")) !== POST($field)) {
return array("error" => getAlert(__("The characters did not match the picture")));
}
}
} elseif ($validation === "injection?") {
if (isInjection(POST($field))) {
return array("error" => getAlert(__("SQL/HTML injection attempt blocked")));
}
} elseif ($validation === "spam?") {
if (isSPAM(POST($field))) {
return array("error" => getAlert(__("SPAM prohibited")));
}
} elseif ($validation === "vulgar?") {
if (isVulgar(POST($field))) {
return array("error" => getAlert(__("Your {$field} is very vulgar")));
}
} elseif ($validation === "ping") {
if (!ping(POST($field))) {
return array("error" => getAlert(__("Invalid URL")));
}
} elseif (is_string($validation) and substr($validation, 0, 6) === "length") {
$count = (int) substr($validation, 7, 8);
$count = $count > 0 ? $count : 6;
if (strlen(POST($field)) < $count) {
return array("error" => getAlert(__("{$field}") . " " . __("must have at least") . " {$count} " . __("characters")));
}
} elseif (isset($field["exists"]) and isset($this->table)) {
if (is_array($validation)) {
if (isset($validation["or"]) and count($validation) > 2) {
unset($validation["or"]);
$fields = array_keys($validation);
for ($i = 0; $i <= count($fields) - 1; $i++) {
$exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]);
if ($exists) {
return array("error" => getAlert(__("The " . strtolower($fields[$i]) . " already exists")));
}
}
} else {
$field = array_keys($validation);
$exists = $this->Db->findBy($field[0], $validation[$field[0]]);
if ($exists) {
return array("error" => getAlert(__("The " . strtolower($field[0]) . " already exists")));
}
}
}
}
}
}
if (is_null($data)) {
$data = array();
}
$POST = POST(true);
foreach ($POST as $field => $value) {
if (!in_array($field, $this->ignore)) {
if (!isset($data[$this->rename($field)])) {
$data[$this->rename($field)] = decode(filter($value, "escape"));
}
}
}
return $data;
}
