private static function priv_checkVar($data, $type, $options1, $options2)
{
switch ($type) {
case "url":
// returns False if URL invalid, returns $string if Valid
$data = filter_var($data, FILTER_SANITIZE_URL);
switch ($options1) {
case "scheme":
$valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED);
break;
case "host":
$valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED);
break;
case "path":
$valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED);
break;
case "query":
$valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED);
break;
default:
$valid = filter_var($data, FILTER_VALIDATE_URL);
break;
}
if ($valid) {
if (isset($options2) && $options2 == 1) {
return filter_var($data, FILTER_SANITIZE_ENCODED);
}
return $data;
}
return false;
break;
case "email":
// returns False if email is invalid, returns $string if valid
global $icmsConfigUser;
$icmsStopSpammers = new icms_core_StopSpammer();
$data = filter_var($data, FILTER_SANITIZE_EMAIL);
if (filter_var($data, FILTER_VALIDATE_EMAIL)) {
if ($options2 == 1 && is_array($icmsConfigUser['bad_emails'])) {
foreach ($icmsConfigUser['bad_emails'] as $be) {
if (!empty($be) && preg_match('/' . $be . '/i', $data) || $icmsStopSpammers->badEmail($data)) {
return false;
}
}
}
} else {
return false;
}
if ($options1 == 1) {
$data = str_replace('@', ' at ', $data);
$data = str_replace('.', ' dot ', $data);
}
return $data;
break;
case "ip":
// returns False if IP is invalid, returns TRUE if valid
switch ($options1) {
case "ipv4":
return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
break;
case "ipv6":
return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
break;
case "rfc":
return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE);
break;
case "res":
return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE);
break;
default:
return filter_var($data, FILTER_VALIDATE_IP);
break;
}
break;
case 'str':
// returns $string
switch ($options1) {
case "noencode":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
break;
case "striplow":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
break;
case "striphigh":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
break;
case "encodelow":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
break;
case "encodehigh":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH);
break;
case "encodeamp":
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
break;
default:
return filter_var($data, FILTER_SANITIZE_STRING);
break;
}
break;
case "int":
// returns $int, returns FALSE if $opt1 & 2 set & $data is not inbetween values of $opt1 & 2
if (isset($options1) && is_int($options1) && (isset($options2) && is_int($options2))) {
$option = array('options' => array('min_range' => $options1, 'max_range' => $options2));
return filter_var($data, FILTER_VALIDATE_INT, $option);
} else {
return filter_var($data, FILTER_VALIDATE_INT);
}
break;
case "special":
// returns $string
switch ($options1) {
case "striplow":
return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW);
break;
case "striphigh":
return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH);
break;
case "encodehigh":
return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_ENCODE_HIGH);
break;
default:
return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS);
break;
}
break;
case "html":
// returns $string
switch ($options1) {
case 'input':
default:
$data = self::stripSlashesGPC($data);
return self::filterHTMLinput($data);
break;
case 'output':
return self::filterHTMLdisplay($data);
break;
case 'print':
// do nothing yet
break;
}
break;
case "text":
// returns $string
switch ($options1) {
case 'input':
default:
$data = self::stripSlashesGPC($data);
return self::filterTextareaInput($data);
break;
case 'output':
$data = self::stripSlashesGPC($data);
return self::filterTextareaDisplay($data);
break;
case 'print':
// do nothing yet
break;
}
break;
}
}
/**
* Validates username, email address and password entries during registration
* Username is validated for uniqueness and length
* password is validated for length and strictness
* email is validated as a proper email address pattern
*
* @param string $uname User display name entered by the user
* @param string $login_name Username entered by the user
* @param string $email Email address entered by the user
* @param string $pass Password entered by the user
* @param string $vpass Password verification entered by the user
* @param int $uid user id (only applicable if the user already exists)
* @global array $icmsConfigUser user configuration
* @return string of errors encountered while validating the user information, will be blank if successful
*/
public function userCheck($login_name, $uname, $email, $pass, $vpass, $uid = 0)
{
global $icmsConfigUser;
// initializations
$member_handler = icms::handler('icms_member');
$thisUser = $uid > 0 ? $thisUser = $member_handler->getUser($uid) : FALSE;
$icmsStopSpammers = new icms_core_StopSpammer();
$stop = '';
switch ($icmsConfigUser['uname_test_level']) {
case 0:
// strict
$restriction = '/[^a-zA-Z0-9\\_\\-]/';
break;
case 1:
// medium
$restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\\"]/';
break;
case 2:
// loose
$restriction = '/[\\000-\\040]/';
break;
}
// check email
if (is_object($thisUser) && $thisUser->getVar('email', 'e') != $email && $email !== FALSE || !is_object($thisUser)) {
if (!icms_core_DataFilter::checkVar($email, 'email', 0, 1)) {
$stop .= _US_INVALIDMAIL . '<br />';
}
$count = $this->getCount(icms_buildCriteria(array('email' => addslashes($email))));
if ($count > 0) {
$stop .= _US_EMAILTAKEN . '<br />';
}
}
// check login_name
$login_name = icms_core_DataFilter::icms_trim($login_name);
if (is_object($thisUser) && $thisUser->getVar('login_name', 'e') != $login_name && $login_name !== FALSE || !is_object($thisUser)) {
if (empty($login_name) || preg_match($restriction, $login_name)) {
$stop .= _US_INVALIDNICKNAME . '<br />';
}
if (strlen($login_name) > $icmsConfigUser['maxuname']) {
$stop .= sprintf(_US_NICKNAMETOOLONG, $icmsConfigUser['maxuname']) . '<br />';
}
if (strlen($login_name) < $icmsConfigUser['minuname']) {
$stop .= sprintf(_US_NICKNAMETOOSHORT, $icmsConfigUser['minuname']) . '<br />';
}
foreach ($icmsConfigUser['bad_unames'] as $bu) {
if (!empty($bu) && preg_match('/' . $bu . '/i', $login_name)) {
$stop .= _US_NAMERESERVED . '<br />';
break;
}
}
if (strrpos($login_name, ' ') > 0) {
$stop .= _US_NICKNAMENOSPACES . '<br />';
}
$count = $this->getCount(icms_buildCriteria(array('login_name' => addslashes($login_name))));
if ($count > 0) {
$stop .= _US_LOGINNAMETAKEN . '<br />';
}
}
// check uname
if (is_object($thisUser) && $thisUser->getVar('uname', 'e') != $uname && $uname !== FALSE || !is_object($thisUser)) {
$count = $this->getCount(icms_buildCriteria(array('uname' => addslashes($uname))));
if ($count > 0) {
$stop .= _US_NICKNAMETAKEN . '<br />';
}
}
// check password
if ($pass !== FALSE) {
if (!isset($pass) || $pass == '' || !isset($vpass) || $vpass == '') {
$stop .= _US_ENTERPWD . '<br />';
}
if (isset($pass) && $pass != $vpass) {
$stop .= _US_PASSNOTSAME . '<br />';
} elseif ($pass != '' && strlen($pass) < $icmsConfigUser['minpass']) {
$stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . '<br />';
}
if (isset($pass) && isset($login_name) && ($pass == $login_name || $pass == icms_core_DataFilter::utf8_strrev($login_name, TRUE) || strripos($pass, $login_name) === TRUE)) {
$stop .= _US_BADPWD . '<br />';
}
}
// check other things
if ($icmsStopSpammers->badIP($_SERVER['REMOTE_ADDR'])) {
$stop .= _US_INVALIDIP . '<br />';
}
return $stop;
}
public function __construct()
{
parent::__construct();
$this->_deprecated = icms_core_Debug::setDeprecated('imcs_core_StopSpammer', sprintf(_CORE_REMOVE_IN_VERSION, '1.4'));
}
