Esempio n. 1
0
 /**
 	Sanitize the session id and start the session if it wasn't already.
 
 	If anything looks wrong the session is reinitialized. This can happen because:
 		* the session's name sent by the cookie is invalid
 		* the session is deemed invalid by the isSessionInvalid method
 
 	Two parameters change the behavior of this class:
 		* 'check.ip': whether to check for the client's IP on each request
 		* 'check.token': whether to check for the session token on each request
 
 	@param $aParams A list of parameters to configure the session class.
 	@see weeSession::isSessionInvalid
 */
 public function __construct($aParams = array())
 {
     $this->aParams = $aParams;
     if (session_id() == '') {
         safe_session_start();
     }
     if (!empty($_SESSION) && $this->isSessionInvalid()) {
         return $this->clear();
     }
     if (empty($_SESSION)) {
         $this->initSession();
     }
 }
Esempio n. 2
0
 /**
 	Validates the data against the form validators.
 
 	This method first checks if the form key is valid.
 	If it's not, it stops the validation and indicates there is an error.
 
 	If an error is found an exception FormValidationException is triggered.
 	Use this object to retrieve all the error messages and output them.
 	You can also give the array of errors directly to the weeForm::fillErrors
 	method to output all the messages after each widget.
 
 	@param $aData The data to check (usually either $_GET or $_POST).
 	@throw FormValidationException
 */
 public function validate($aData)
 {
     $oException = new FormValidationException(_WT('The validation of the form failed. You can retrieve error messages as a string using toString or an array using toArray.'));
     if ((int) $this->oXML->formkey) {
         if (session_id() == '') {
             safe_session_start();
         }
         if (empty($aData['wee_formkey'])) {
             $oException->addError('', _WT('Missing form key. Please try submitting the form again.'));
         } elseif (empty($_SESSION['session_formkeys'][$aData['wee_formkey']])) {
             $oException->addError('', _WT('Invalid form key. You probably already submitted this form.'));
         } else {
             // If form key was generated more than 6 hours ago, it is considered invalid
             $aTime = explode(' ', $_SESSION['session_formkeys'][$aData['wee_formkey']]);
             if (time() > $aTime[1] + 3600 * 6) {
                 $oException->addError('', _WT('Form key out of date. Please try submitting the form again.'));
             }
         }
         // Form has been submitted, unset the form key
         if (!empty($aData['wee_formkey'])) {
             unset($_SESSION['session_formkeys'][$aData['wee_formkey']]);
         }
     }
     // Select widgets which use validators or are required and validates data
     $aWidgets = $this->oXML->xpath('//widget[@required or validator]');
     if ($aWidgets !== false) {
         foreach ($aWidgets as $oNode) {
             // If we don't have any data we check the required flag
             // If it's not required we skip, otherwise we note an error
             if (!isset($aData[(string) $oNode->name]) || is_string($aData[(string) $oNode->name]) && !strlen($aData[(string) $oNode->name]) || is_array($aData[(string) $oNode->name]) && empty($aData[(string) $oNode->name])) {
                 if (!empty($oNode['required']) && $oNode['type'] != 'fileinput') {
                     if (!empty($oNode['required_error'])) {
                         $oException->addError((string) $oNode->name, _T($oNode['required_error']));
                     } else {
                         $oException->addError((string) $oNode->name, sprintf(_WT('Input is required for the field "%s".'), (string) $oNode->label));
                     }
                 }
                 continue;
             }
             // Then we validate the data with each validators
             foreach ($oNode->validator as $oValidatorNode) {
                 $sClass = (string) $oValidatorNode['type'];
                 class_exists($sClass) && is_subclass_of($sClass, 'weeValidator') or burn('BadXMLException', sprintf(_WT('Validator %s does not exist.'), $oValidatorNode['type']));
                 $aAttributes = (array) $oValidatorNode->attributes();
                 $oValidator = new $sClass($aAttributes['@attributes']);
                 $oValidator->setValue($aData[(string) $oNode->name]);
                 if ($oValidator instanceof weeFormValidator) {
                     $oValidator->setFormData($oNode, $aData);
                 }
                 if ($oValidator->hasError()) {
                     $oException->addError((string) $oNode->name, $oValidator->getError());
                 }
             }
         }
     }
     if ($oException->hasErrors()) {
         throw $oException;
     }
 }