public function testCombo()
{
$this->setExpectedException('fValidationException');
$_GET['email'] = 'This is a test';
try {
$v = new fValidation();
$v->addRequiredFields('foo', 'bar');
$v->addEmailFields('email');
$v->validate();
} catch (fValidationException $e) {
$this->assertContains('Foo: Please enter a value', $e->getMessage());
$this->assertContains('Bar: Please enter a value', $e->getMessage());
$this->assertContains('Email: Please enter an email address in the form name@example.com', $e->getMessage());
throw $e;
}
}
<?php
$page = 'login';
require 'header.php';
if ($user) {
fURL::redirect('/members');
}
if (isset($_POST['submit'])) {
try {
fRequest::validateCSRFToken($_POST['token']);
$validator = new fValidation();
$validator->addRequiredFields('password', 'email');
$validator->addEmailFields('email');
$validator->validate();
$users = fRecordSet::build('User', array('email=' => strtolower($_POST['email'])));
if ($users->count() == 0) {
throw new fValidationException('Invalid username or password.');
}
$rec = $users->getRecords();
$user = $rec[0];
if (!fCryptography::checkPasswordHash($_POST['password'], $user->getPassword())) {
throw new fValidationException('Invalid username or password.');
}
fSession::set('user', $user->getId());
if (fRequest::get('persistent_login', 'boolean')) {
fSession::enablePersistence();
}
if (isset($_POST['forward'])) {
fURL::redirect('http://' . $_SERVER['SERVER_NAME'] . $_POST['forward']);
} else {
fURL::redirect('/members');
function build_json_response()
{
if (!isset($_POST['json'])) {
return array('error' => array('message' => "No JSON found"));
}
$data = json_decode($_POST['json'], true);
if (!$data) {
return array('error' => array('message' => "JSON could not be decoded"));
}
$_POST = $data;
// fValidation inspects $_POST for field data
$validator = new fValidation();
$validator->addRequiredFields('title', 'details', 'venue', 'address', 'organizer', 'email', 'read_comic');
$validator->addEmailFields('email');
$validator->addRegexReplacement('#^(.*?): (.*)$#', '\\2 for <span class="field-name">\\1</span>');
// If id is specified require secret
$validator->addConditionalRule(array('id'), NULL, array('secret'));
$messages = $validator->validate(TRUE, TRUE);
if (!$data['read_comic']) {
$messages['read_comic'] = 'You must have read the Ride Leading Comic';
}
if ($messages) {
return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages));
}
$inputDateStrings = get($data['dates'], array());
$validDates = array();
$invalidDates = array();
foreach ($inputDateStrings as $dateString) {
$date = DateTime::createFromFormat('Y-m-d', $dateString);
if ($date) {
$validDates[] = $date;
} else {
$invalidDates[] = $dateString;
}
}
if ($invalidDates) {
$messages['dates'] = "Invalid dates: " . implode(', ', $invalidDates);
}
if (count($validDates) === 1) {
$data['datestype'] = 'O';
$data['datestring'] = date_format($validDates[0], 'l, F j');
} else {
// not dealing with 'consecutive'
$data['datestype'] = 'S';
$data['datestring'] = 'Scattered days';
}
// Converts data to an event, loading the existing one if id is included in data
$event = Event::fromArray($data);
// Else
if ($event->exists() && !$event->secretValid($data['secret'])) {
return array('error' => array('message' => 'Invalid secret, use link from email'));
}
$messages = $event->validate($return_messages = TRUE, $remove_column_names = TRUE);
if (isset($_FILES['file'])) {
$uploader = new fUpload();
$uploader->setMIMETypes(array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'), 'The file uploaded is not an image');
$uploader->setMaxSize('2MB');
$uploader->setOptional();
$file_message = $uploader->validate('file', TRUE);
if ($file_message != null) {
$messages['file'] = $file_message;
}
global $IMAGEDIR;
$file = $uploader->move($IMAGEDIR, 'file');
$event->setImage($file->getName());
}
if ($messages) {
return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages));
}
// if needs secret generate and email
if (!$event->exists()) {
$includeSecret = true;
} else {
$includeSecret = false;
}
// If there are validation errors this starts spewing html, so we validate before
$event->store();
// Create/delete EventTimes to match the list of dates included
EventTime::matchEventTimesToDates($event, $validDates);
// Returns the created object
$details = $event->toDetailArray(true);
if ($includeSecret) {
$details['secret'] = $event->getPassword();
// Wait until after it is stored to ensure it has an id
$event->emailSecret();
}
return $details;
}
$shells = array('/bin/bash', '/bin/sh', '/bin/zsh');
if ($user->isMember()) {
$user_profile = $user->createUsersProfile();
if ($user_profile->getAllowEmail() && $user->getLdapemail() == '') {
$email = $user->getEmail();
} else {
$email = $user->getLdapemail();
}
// Link or unlink a user.
if (array_key_exists('create', $_POST) && array_key_exists('token', $_POST)) {
$ok = false;
try {
fRequest::validateCSRFToken($_POST['token']);
$validator = new fValidation();
$validator->addRequiredFields('ldapuser', 'ldapnthash', 'ldapsshahash', 'ldapshell', 'ldapemail');
$validator->addEmailFields('ldapemail');
$validator->validate();
// Attempt account creation and promotion.
if (!preg_match('/^[a-z][a-z0-9_-]{0,31}$/', $_POST['ldapuser'])) {
throw new fValidationException('<p>The username must only contain a-z, 0-9 _ and -.</p>');
}
$not_allowed_names = array("root" => 1, "daemon" => 1, "bin" => 1, "sys" => 1, "sync" => 1, "games" => 1, "man" => 1, "lp" => 1, "mail" => 1, "news" => 1, "uucp" => 1, "proxy" => 1, "www-data" => 1, "backup" => 1, "list" => 1, "irc" => 1, "gnats" => 1, "nobody" => 1, "libuuid" => 1, "sshd" => 1, "ntp" => 1, "messagebus" => 1, "colord" => 1, "saned" => 1, "openldap" => 1, "avahi" => 1, "mpd" => 1, "radvd" => 1, "quasselcore" => 1, "statd" => 1, "ntop" => 1, "postgres" => 1, "bitlbee" => 1, "smokeping" => 1, "debian-exim" => 1, "snmp" => 1, "asterisk" => 1, "debian-tor" => 1, "privoxy" => 1, "bind" => 1, "dhcpd" => 1, "ircensus" => 1, "cacti" => 1, "mysql" => 1, "hplip" => 1, "haldaemon" => 1, "mosquitto" => 1, "postfix" => 1, "glados" => 1, "boarded" => 1, "board" => 1, "bmeter" => 1, "netometer" => 1, "robonaut" => 1, "postmaster" => 1, "hostmaster" => 1, "webmaster" => 1, "abuse" => 1, "spam" => 1, "billing" => 1, "accounts" => 1, "support" => 1, "techsupport" => 1, "trustees" => 1, "noc" => 1, "security" => 1, "directors" => 1, "contact" => 1, "info" => 1, "property" => 1, "ebay" => 1, "elections" => 1, "accounts" => 1, "membership" => 1, "sysadmin" => 1, "anonymous" => 1, "anon" => 1, "administrator" => 1, "admin" => 1);
if (array_key_exists(strtolower($_POST['ldapuser']), $not_allowed_names)) {
throw new fValidationException('<p>You are not allowed to use ' . htmlspecialchars($_POST['ldapuser']) . ' as a username.</p>');
}
if (!in_array($_POST['ldapshell'], $shells)) {
throw new fValidationException('<p>' . htmlspecialchars($_POST['ldapshell']) . ' is not a valid shell.</p>');
}
if (!preg_match('/^[A-F0-9]{32}$/', $_POST['ldapnthash'])) {
throw new fValidationException('<p>That dosn\'t look like an NT hash</p>');
}
if (isset($_POST['token'])) {
try {
fRequest::validateCSRFToken($_POST['token']);
$identicalNames = fRecordSet::build('Project', array('user_id=' => $user->getId(), 'name=' => array(filter_var($_POST['name'], FILTER_SANITIZE_STRING))), array('name' => 'asc'));
if (!isset($_POST['name']) || $_POST['name'] == '') {
throw new fValidationException('Name field is required.');
}
if (count($identicalNames) > 0 && !$project->getId()) {
throw new fValidationException('You\'ve already made a request with that name. How is this request different to the last time? Our members like to know a project with multiple storage requests is being actively worked on and progress is being made.');
}
if (!isset($_POST['description']) || $_POST['description'] == '') {
throw new fValidationException('Description field is required.');
}
if ($_POST['contact'] && $_POST['contact'] != '') {
$validator = new fValidation();
$validator->addEmailFields('contact');
$validator->validate();
}
if (!isset($_POST['location_id']) || $_POST['location_id'] == '') {
throw new fValidationException('Location select is required.');
}
if (!isset($_POST['location']) || $_POST['location'] == '') {
throw new fValidationException('Location field is required.');
}
if (!isset($_POST['from_date']) || $_POST['from_date'] == '') {
throw new fValidationException('Arrival field is required.');
}
if (!isset($_POST['to_date']) || $_POST['to_date'] == '') {
throw new fValidationException('Removal field is required.');
}
// from > today
