/**
* @param Order $order
* @param array $data
*
* @throws ValidationException
*/
public function validateData(Order $order, array $data)
{
$result = ValidationResult::create();
$existingID = !empty($data[$this->addresstype . "AddressID"]) ? (int) $data[$this->addresstype . "AddressID"] : 0;
if ($existingID) {
// If existing address selected, check that it exists in $member->AddressBook
if (!Member::currentUserID() || !Member::currentUser()->AddressBook()->byID($existingID)) {
$result->error("Invalid address supplied", $this->addresstype . "AddressID");
throw new ValidationException($result);
}
} else {
// Otherwise, require the normal address fields
$required = parent::getRequiredFields($order);
$addressLabels = singleton('Address')->fieldLabels(false);
foreach ($required as $fieldName) {
if (empty($data[$fieldName])) {
// attempt to get the translated field name
$fieldLabel = isset($addressLabels[$fieldName]) ? $addressLabels[$fieldName] : $fieldName;
$errorMessage = _t('Form.FIELDISREQUIRED', '{name} is required', array('name' => $fieldLabel));
$result->error($errorMessage, $fieldName);
throw new ValidationException($result);
}
}
}
}
public function validateData(Order $order, array $data)
{
if (isset($data['RegisterAnAccount']) && $data['RegisterAnAccount']) {
return parent::validateData($order, $data);
}
return ValidationResult::create();
}
public function validateData(Order $order, array $data)
{
if (Member::currentUserID()) {
return;
}
$result = ValidationResult::create();
if (Checkout::membership_required() || !empty($data['Password'])) {
$member = Member::create($data);
$idfield = Member::config()->unique_identifier_field;
$idval = $data[$idfield];
if (ShopMember::get_by_identifier($idval)) {
// get localized field labels
$fieldLabels = $member->fieldLabels(false);
// if a localized value exists, use this for our error-message
$fieldLabel = isset($fieldLabels[$idfield]) ? $fieldLabels[$idfield] : $idfield;
$result->error(sprintf(_t("Checkout.MEMBEREXISTS", "A member already exists with the %s %s"), $fieldLabel, $idval), $idval);
}
$passwordresult = $this->passwordvalidator->validate($data['Password'], $member);
if (!$passwordresult->valid()) {
$result->error($passwordresult->message(), "Password");
}
}
if (!$result->valid()) {
throw new ValidationException($result);
}
}
/**
* Validate
* @return ValidationResult
**/
protected function validate()
{
$valid = true;
$message = null;
$result = ValidationResult::create($valid, $message);
return $result;
}
/**
* @param String $password
* @param Member $member
* @return ValidationResult
*/
public function validate($password, $member)
{
$valid = ValidationResult::create();
if ($this->minLength) {
if (strlen($password) < $this->minLength) {
$valid->error(sprintf(_t('PasswordValidator.TOOSHORT', 'Password is too short, it must be %s or more characters long'), $this->minLength), 'TOO_SHORT');
}
}
if ($this->minScore) {
$score = 0;
$missedTests = array();
foreach ($this->testNames as $name) {
if (preg_match(self::config()->character_strength_tests[$name], $password)) {
$score++;
} else {
$missedTests[] = _t('PasswordValidator.STRENGTHTEST' . strtoupper($name), $name, 'The user needs to add this to their password for more complexity');
}
}
if ($score < $this->minScore) {
$valid->error(sprintf(_t('PasswordValidator.LOWCHARSTRENGTH', 'Please increase password strength by adding some of the following characters: %s'), implode(', ', $missedTests)), 'LOW_CHARACTER_STRENGTH');
}
}
if ($this->historicalPasswordCount) {
$previousPasswords = MemberPassword::get()->where(array('"MemberPassword"."MemberID"' => $member->ID))->sort('"Created" DESC, "ID" DESC')->limit($this->historicalPasswordCount);
if ($previousPasswords) {
foreach ($previousPasswords as $previousPasswords) {
if ($previousPasswords->checkPassword($password)) {
$valid->error(_t('PasswordValidator.PREVPASSWORD', 'You\'ve already used that password in the past, please choose a new password'), 'PREVIOUS_PASSWORD');
break;
}
}
}
}
return $valid;
}
public function validate()
{
if ($this->pages > 100) {
$result = ValidationResult::create(false, 'Too many pages');
} else {
$result = ValidationResult::create(true);
}
return $result;
}
public function validateData(Order $order, array $data)
{
$result = ValidationResult::create();
//TODO: validate credit card data
if (!Helper::validateLuhn($data['number'])) {
$result->error(_t('OnsitePaymentCheckoutComponent.CREDIT_CARD_INVALID', 'Credit card is invalid'));
throw new ValidationException($result);
}
}
/**
* @return ValidationResult
*/
protected function validate()
{
$result = ValidationResult::create();
$link = trim($this->Link);
if (empty($link)) {
return $result->error('you must set an url for Presentation Link!');
}
if (filter_var($link, FILTER_VALIDATE_URL) === false) {
return $result->error('you must set a valid url for Presentation Link!');
}
return $result;
}
public function validateData(Order $order, array $data)
{
$result = ValidationResult::create();
if (!isset($data['PaymentMethod'])) {
$result->error(_t('PaymentCheckoutComponent.NO_PAYMENT_METHOD', "Payment method not provided"), "PaymentMethod");
throw new ValidationException($result);
}
$methods = GatewayInfo::get_supported_gateways();
if (!isset($methods[$data['PaymentMethod']])) {
$result->error(_t('PaymentCheckoutComponent.UNSUPPORTED_GATEWAY', "Gateway not supported"), "PaymentMethod");
throw new ValidationException($result);
}
}
public function validateData(Order $order, array $data)
{
$result = ValidationResult::create();
if (!isset($data['PaymentMethod'])) {
$result->error(_t('PaymentCheckoutComponent.NoPaymentMethod', "Payment method not provided"), "PaymentMethod");
throw new ValidationException($result);
}
$methods = GatewayInfo::getSupportedGateways();
if (!isset($methods[$data['PaymentMethod']])) {
$result->error(_t('PaymentCheckoutComponent.UnsupportedGateway', "Gateway not supported"), "PaymentMethod");
throw new ValidationException($result);
}
}
protected function validate()
{
$valid = ValidationResult::create();
if (!$valid->valid()) {
return $valid;
}
if (empty($this->Name)) {
return $valid->error('Name is empty!');
}
$res = DB::query("SELECT COUNT(Q.ID) FROM RSVPQuestionTemplate Q\n INNER JOIN `RSVPTemplate` T ON T.ID = Q.RSVPTemplateID\n WHERE Q.Name = '{$this->Name}' AND Q.ID <> {$this->ID} AND Q.RSVPTemplateID = {$this->RSVPTemplateID}")->value();
if (intval($res) > 0) {
return $valid->error('There is already another Question on the rsvp form with that name!');
}
return $valid;
}
protected function validate()
{
$valid = ValidationResult::create();
if (!$valid->valid()) {
return $valid;
}
if (empty($this->Name)) {
return $valid->error('Name is empty!');
}
$res = DB::query("SELECT COUNT(Q.ID) FROM SurveyQuestionTemplate Q\n INNER JOIN `SurveyStepTemplate` S ON S.ID = Q.StepID\n INNER JOIN `SurveyTemplate` T ON T.ID = S.`SurveyTemplateID`\n WHERE Q.Name = '{$this->Name}' AND Q.ID <> {$this->ID};")->value();
if (intval($res) > 0) {
return $valid->error('There is already another Question on the survey with that name!');
}
return $valid;
}
protected function validate()
{
$valid = ValidationResult::create();
if (empty($this->EntityName)) {
return $valid->error('Entity Name is empty!');
}
if (!preg_match('/^[a-z_091A-Z]*$/', $this->EntityName)) {
return $valid->error('Entity Name has an Invalid Format!');
}
$title = $this->EntityName;
$id = $this->ID;
$owner_id = $this->ParentID;
$res = DB::query("SELECT COUNT(ID) FROM EntitySurveyTemplate WHERE EntityName = '{$title}' AND ID <> {$id} AND ParentID = {$owner_id}")->value();
if (intval($res) > 0) {
return $valid->error('There is already another entity survey with that name!');
}
return $valid;
}
/**
* Create member account from data array.
* Data must contain unique identifier.
*
* @throws ValidationException
*
* @param $data - map of member data
*
* @return Member|boolean - new member (not saved to db), or false if there is an error.
*/
public function create($data)
{
$result = ValidationResult::create();
if (!Checkout::member_creation_enabled()) {
$result->error(_t("Checkout.MEMBERSHIPSNOTALLOWED", "Creating new memberships is not allowed"));
throw new ValidationException($result);
}
$idfield = Config::inst()->get('Member', 'unique_identifier_field');
if (!isset($data[$idfield]) || empty($data[$idfield])) {
$result->error(sprintf(_t("Checkout.IDFIELDNOTFOUND", "Required field not found: %s"), $idfield));
throw new ValidationException($result);
}
if (!isset($data['Password']) || empty($data['Password'])) {
$result->error(_t("Checkout.PASSWORDREQUIRED", "A password is required"));
throw new ValidationException($result);
}
$idval = $data[$idfield];
if ($member = ShopMember::get_by_identifier($idval)) {
// get localized field labels
$fieldLabels = $member->fieldLabels(false);
// if a localized value exists, use this for our error-message
$fieldLabel = isset($fieldLabels[$idfield]) ? $fieldLabels[$idfield] : $idfield;
$result->error(sprintf(_t("Checkout.MEMBEREXISTS", "A member already exists with the %s %s"), $fieldLabel, $idval));
throw new ValidationException($result);
}
$member = Member::create(Convert::raw2sql($data));
// 3.2 changed validate to protected which made this fall through the DataExtension and error out
$validation = $member->hasMethod('doValidate') ? $member->doValidate() : $member->validate();
if (!$validation->valid()) {
//TODO need to handle i18n here?
$result->error($validation->message());
}
if (!$result->valid()) {
throw new ValidationException($result);
}
return $member;
}
/**
* Create member account from data array.
* Data must contain unique identifier.
*
* @throws ValidationException
*
* @param $data - map of member data
*
* @return Member|boolean - new member (not saved to db), or false if there is an error.
*/
public function create($data)
{
$result = ValidationResult::create();
if (!Checkout::member_creation_enabled()) {
$result->error(_t("Checkout.MembershipIsNotAllowed", "Creating new memberships is not allowed"));
throw new ValidationException($result);
}
$idfield = Config::inst()->get('Member', 'unique_identifier_field');
if (!isset($data[$idfield]) || empty($data[$idfield])) {
$result->error(_t('Checkout.IdFieldNotFound', 'Required field not found: {IdentifierField}', 'Identifier is the field that holds the unique user-identifier, commonly this is \'Email\'', array('IdentifierField' => $idfield)));
throw new ValidationException($result);
}
if (!isset($data['Password']) || empty($data['Password'])) {
$result->error(_t("Checkout.PasswordRequired", "A password is required"));
throw new ValidationException($result);
}
$idval = $data[$idfield];
if ($member = ShopMember::get_by_identifier($idval)) {
// get localized field labels
$fieldLabels = $member->fieldLabels(false);
// if a localized value exists, use this for our error-message
$fieldLabel = isset($fieldLabels[$idfield]) ? $fieldLabels[$idfield] : $idfield;
$result->error(_t('Checkout.MemberExists', 'A member already exists with the {Field} {Identifier}', '', array('Field' => $fieldLabel, 'Identifier' => $idval)));
throw new ValidationException($result);
}
$member = Member::create(Convert::raw2sql($data));
// 3.2 changed validate to protected which made this fall through the DataExtension and error out
$validation = $member->hasMethod('doValidate') ? $member->doValidate() : $member->validate();
if (!$validation->valid()) {
//TODO need to handle i18n here?
$result->error($validation->message());
}
if (!$result->valid()) {
throw new ValidationException($result);
}
return $member;
}
/**
* Change a members password on the AD. Works with ActiveDirectory compatible services that saves the
* password in the `unicodePwd` attribute.
*
* @todo Use the Zend\Ldap\Attribute::setPassword functionality to create a password in
* an abstract way, so it works on other LDAP directories, not just Active Directory.
*
* Ensure that the LDAP bind:ed user can change passwords and that the connection is secure.
*
* @param Member $member
* @param string $password
* @return ValidationResult
* @throws Exception
*/
public function setPassword(Member $member, $password)
{
$validationResult = ValidationResult::create(true);
if (!$member->GUID) {
SS_Log::log(sprintf('Cannot update Member ID %s, GUID not set', $member->ID), SS_Log::WARN);
$validationResult->error(_t('LDAPAuthenticator.NOUSER', 'Your account hasn\'t been setup properly, please contact an administrator.'));
return $validationResult;
}
$userData = $this->getUserByGUID($member->GUID);
if (empty($userData['distinguishedname'])) {
$validationResult->error(_t('LDAPAuthenticator.NOUSER', 'Your account hasn\'t been setup properly, please contact an administrator.'));
return $validationResult;
}
try {
$this->update($userData['distinguishedname'], array('unicodePwd' => iconv('UTF-8', 'UTF-16LE', sprintf('"%s"', $password))));
} catch (Exception $e) {
// Try to parse the exception to get the error message to display to user, eg:
// Can't change password for Member.ID "13": 0x13 (Constraint violation; 0000052D: Constraint violation - check_password_restrictions: the password does not meet the complexity criteria!): updating: CN=User Name,OU=Users,DC=foo,DC=company,DC=com
$pattern = '/^([^\\s])*\\s([^\\;]*);\\s([^\\:]*):\\s([^\\:]*):\\s([^\\)]*)/i';
if (preg_match($pattern, $e->getMessage(), $matches) && !empty($matches[5])) {
$validationResult->error($matches[5]);
} else {
// Unparsable exception, an administrator should check the logs
$validationResult->error(_t('LDAPAuthenticator.CANTCHANGEPASSWORD', 'We couldn\'t change your password, please contact an administrator.'));
}
}
return $validationResult;
}
/**
* Event handler called before writing to the database.
*/
public function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = Member::config()->unique_identifier_field;
if ($this->{$identifierField}) {
// Note: Same logic as Member_Validator class
$filter = array("\"{$identifierField}\"" => $this->{$identifierField});
if ($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('Member', $filter);
if ($existingRecord) {
throw new ValidationException(ValidationResult::create(false, _t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', 'Values in brackets show "fieldname = value", usually denoting an existing email address', array('id' => $existingRecord->ID, 'name' => $identifierField, 'value' => $this->{$identifierField}))));
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && $this->config()->notify_password_change) {
$e = Member_ChangePasswordEmail::create();
$e->populateTemplate($this);
$e->setTo($this->Email);
$e->send();
}
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if (!$this->ID && $this->Password || $this->isChanged('Password')) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption ? $this->PasswordEncryption : Security::config()->password_encryption_algorithm, $this);
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// If we haven't manually set a password expiry
if (!$this->isChanged('PasswordExpiry')) {
// then set it for us
if (self::config()->password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if (!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
/**
* Validate
*
* @return ValidationResult
**/
protected function validate()
{
$valid = true;
$message = null;
$type = $this->Type;
// Check if empty strings
switch ($type) {
case 'URL':
case 'Email':
case 'Phone':
if ($this->{$type} == '') {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_EMPTY' . strtoupper($type), "You must enter a {$type} for a link type of \"{$this->LinkType}\"");
}
break;
default:
if ($this->TypeHasDbField) {
if ($type && empty($this->{$type})) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_EMPTY', "You must enter a {$type} for a link type of \"{$this->LinkType}\"");
}
} else {
if ($type && empty($this->{$type . 'ID'})) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_OBJECT', "Please select a {value} object to link to", array('value' => $type));
}
}
break;
}
// if its already failed don't bother checking the rest
if ($valid) {
switch ($type) {
case 'URL':
$allowedFirst = array('#', '/');
if (!in_array(substr($this->URL, 0, 1), $allowedFirst) && !filter_var($this->URL, FILTER_VALIDATE_URL)) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_VALIDURL', 'Please enter a valid URL. Be sure to include http:// for an external URL. Or begin your internal url/anchor with a "/" character');
}
break;
case 'Email':
if (!filter_var($this->Email, FILTER_VALIDATE_EMAIL)) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_VALIDEMAIL', 'Please enter a valid Email address');
}
break;
case 'Phone':
if (!preg_match("/^\\+?[0-9]{1,5}[- ]{0,1}[0-9]{3,4}[- ]{0,1}[0-9]{4}\$/", $this->Phone)) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_VALIDPHONE', 'Please enter a valid Phone number');
}
break;
}
}
$result = ValidationResult::create($valid, $message);
$this->extend('updateValidate', $result);
return $result;
}
/**
* Validate the current object.
*
* By default, there is no validation - objects are always valid! However, you can overload this method in your
* DataObject sub-classes to specify custom validation, or use the hook through DataExtension.
*
* Invalid objects won't be able to be written - a warning will be thrown and no write will occur. onBeforeWrite()
* and onAfterWrite() won't get called either.
*
* It is expected that you call validate() in your own application to test that an object is valid before
* attempting a write, and respond appropriately if it isn't.
*
* @see {@link ValidationResult}
* @return ValidationResult
*/
protected function validate()
{
$result = ValidationResult::create();
$this->extend('validate', $result);
return $result;
}
/**
* Validate every component against given data.
*
* @param array $data data to validate
*
* @return boolean validation result
* @throws ValidationException
*/
public function validateData($data)
{
$result = ValidationResult::create();
foreach ($this->getComponents() as $component) {
try {
$component->validateData($this->order, $this->dependantData($component, $data));
} catch (ValidationException $e) {
//transfer messages into a single result
foreach ($e->getResult()->messageList() as $code => $message) {
if (is_numeric($code)) {
$code = null;
}
if ($this->namespaced) {
$code = $component->namespaceFieldName($code);
}
$result->error($message, $code);
}
}
}
$this->order->extend('onValidateDataOnCheckout', $result);
if (!$result->valid()) {
throw new ValidationException($result);
}
return true;
}
/**
* Validate
* @return ValidationResult
**/
protected function validate()
{
$valid = true;
$message = null;
if ($this->Type == 'URL') {
if ($this->URL == '') {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_EMPTYURL', 'You must enter a URL for a link type of "URL"');
} else {
$allowedFirst = array('#', '/');
if (!in_array(substr($this->URL, 0, 1), $allowedFirst) && !filter_var($this->URL, FILTER_VALIDATE_URL)) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_VALIDURL', 'Please enter a valid URL. Be sure to include http:// for an external URL. Or begin your internal url/anchor with a "/" character');
}
}
} elseif ($this->Type == 'Email') {
if ($this->Email == '') {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_EMPTYEMAIL', 'You must enter an Email Address for a link type of "Email"');
} else {
if (!filter_var($this->Email, FILTER_VALIDATE_EMAIL)) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_VALIDEMAIL', 'Please enter a valid Email address');
}
}
} else {
if ($this->Type && empty($this->{$this->Type . 'ID'})) {
$valid = false;
$message = _t('Linkable.VALIDATIONERROR_OBJECT', "Please select a {value} object to link to", array('value' => $this->Type));
}
}
$result = ValidationResult::create($valid, $message);
$this->extend('validate', $result);
return $result;
}
