private static function priv_checkVar($data, $type, $options1, $options2) { switch ($type) { case "url": // returns False if URL invalid, returns $string if Valid $data = filter_var($data, FILTER_SANITIZE_URL); switch ($options1) { case "scheme": $valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED); break; case "host": $valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED); break; case "path": $valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED); break; case "query": $valid = filter_var($data, FILTER_VALIDATE_URL, FILTER_FLAG_QUERY_REQUIRED); break; default: $valid = filter_var($data, FILTER_VALIDATE_URL); break; } if ($valid) { if (isset($options2) && $options2 == 1) { return filter_var($data, FILTER_SANITIZE_ENCODED); } return $data; } return false; break; case "email": // returns False if email is invalid, returns $string if valid global $icmsConfigUser; $icmsStopSpammers = new icms_core_StopSpammer(); $data = filter_var($data, FILTER_SANITIZE_EMAIL); if (filter_var($data, FILTER_VALIDATE_EMAIL)) { if ($options2 == 1 && is_array($icmsConfigUser['bad_emails'])) { foreach ($icmsConfigUser['bad_emails'] as $be) { if (!empty($be) && preg_match('/' . $be . '/i', $data) || $icmsStopSpammers->badEmail($data)) { return false; } } } } else { return false; } if ($options1 == 1) { $data = str_replace('@', ' at ', $data); $data = str_replace('.', ' dot ', $data); } return $data; break; case "ip": // returns False if IP is invalid, returns TRUE if valid switch ($options1) { case "ipv4": return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); break; case "ipv6": return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); break; case "rfc": return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE); break; case "res": return filter_var($data, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE); break; default: return filter_var($data, FILTER_VALIDATE_IP); break; } break; case 'str': // returns $string switch ($options1) { case "noencode": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); break; case "striplow": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); break; case "striphigh": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); break; case "encodelow": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW); break; case "encodehigh": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); break; case "encodeamp": return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP); break; default: return filter_var($data, FILTER_SANITIZE_STRING); break; } break; case "int": // returns $int, returns FALSE if $opt1 & 2 set & $data is not inbetween values of $opt1 & 2 if (isset($options1) && is_int($options1) && (isset($options2) && is_int($options2))) { $option = array('options' => array('min_range' => $options1, 'max_range' => $options2)); return filter_var($data, FILTER_VALIDATE_INT, $option); } else { return filter_var($data, FILTER_VALIDATE_INT); } break; case "special": // returns $string switch ($options1) { case "striplow": return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW); break; case "striphigh": return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH); break; case "encodehigh": return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_ENCODE_HIGH); break; default: return filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS); break; } break; case "html": // returns $string switch ($options1) { case 'input': default: $data = self::stripSlashesGPC($data); return self::filterHTMLinput($data); break; case 'output': return self::filterHTMLdisplay($data); break; case 'print': // do nothing yet break; } break; case "text": // returns $string switch ($options1) { case 'input': default: $data = self::stripSlashesGPC($data); return self::filterTextareaInput($data); break; case 'output': $data = self::stripSlashesGPC($data); return self::filterTextareaDisplay($data); break; case 'print': // do nothing yet break; } break; } }
/** * Validates username, email address and password entries during registration * Username is validated for uniqueness and length * password is validated for length and strictness * email is validated as a proper email address pattern * * @param string $uname User display name entered by the user * @param string $login_name Username entered by the user * @param string $email Email address entered by the user * @param string $pass Password entered by the user * @param string $vpass Password verification entered by the user * @param int $uid user id (only applicable if the user already exists) * @global array $icmsConfigUser user configuration * @return string of errors encountered while validating the user information, will be blank if successful */ public function userCheck($login_name, $uname, $email, $pass, $vpass, $uid = 0) { global $icmsConfigUser; // initializations $member_handler = icms::handler('icms_member'); $thisUser = $uid > 0 ? $thisUser = $member_handler->getUser($uid) : FALSE; $icmsStopSpammers = new icms_core_StopSpammer(); $stop = ''; switch ($icmsConfigUser['uname_test_level']) { case 0: // strict $restriction = '/[^a-zA-Z0-9\\_\\-]/'; break; case 1: // medium $restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\\"]/'; break; case 2: // loose $restriction = '/[\\000-\\040]/'; break; } // check email if (is_object($thisUser) && $thisUser->getVar('email', 'e') != $email && $email !== FALSE || !is_object($thisUser)) { if (!icms_core_DataFilter::checkVar($email, 'email', 0, 1)) { $stop .= _US_INVALIDMAIL . '<br />'; } $count = $this->getCount(icms_buildCriteria(array('email' => addslashes($email)))); if ($count > 0) { $stop .= _US_EMAILTAKEN . '<br />'; } } // check login_name $login_name = icms_core_DataFilter::icms_trim($login_name); if (is_object($thisUser) && $thisUser->getVar('login_name', 'e') != $login_name && $login_name !== FALSE || !is_object($thisUser)) { if (empty($login_name) || preg_match($restriction, $login_name)) { $stop .= _US_INVALIDNICKNAME . '<br />'; } if (strlen($login_name) > $icmsConfigUser['maxuname']) { $stop .= sprintf(_US_NICKNAMETOOLONG, $icmsConfigUser['maxuname']) . '<br />'; } if (strlen($login_name) < $icmsConfigUser['minuname']) { $stop .= sprintf(_US_NICKNAMETOOSHORT, $icmsConfigUser['minuname']) . '<br />'; } foreach ($icmsConfigUser['bad_unames'] as $bu) { if (!empty($bu) && preg_match('/' . $bu . '/i', $login_name)) { $stop .= _US_NAMERESERVED . '<br />'; break; } } if (strrpos($login_name, ' ') > 0) { $stop .= _US_NICKNAMENOSPACES . '<br />'; } $count = $this->getCount(icms_buildCriteria(array('login_name' => addslashes($login_name)))); if ($count > 0) { $stop .= _US_LOGINNAMETAKEN . '<br />'; } } // check uname if (is_object($thisUser) && $thisUser->getVar('uname', 'e') != $uname && $uname !== FALSE || !is_object($thisUser)) { $count = $this->getCount(icms_buildCriteria(array('uname' => addslashes($uname)))); if ($count > 0) { $stop .= _US_NICKNAMETAKEN . '<br />'; } } // check password if ($pass !== FALSE) { if (!isset($pass) || $pass == '' || !isset($vpass) || $vpass == '') { $stop .= _US_ENTERPWD . '<br />'; } if (isset($pass) && $pass != $vpass) { $stop .= _US_PASSNOTSAME . '<br />'; } elseif ($pass != '' && strlen($pass) < $icmsConfigUser['minpass']) { $stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . '<br />'; } if (isset($pass) && isset($login_name) && ($pass == $login_name || $pass == icms_core_DataFilter::utf8_strrev($login_name, TRUE) || strripos($pass, $login_name) === TRUE)) { $stop .= _US_BADPWD . '<br />'; } } // check other things if ($icmsStopSpammers->badIP($_SERVER['REMOTE_ADDR'])) { $stop .= _US_INVALIDIP . '<br />'; } return $stop; }
public function __construct() { parent::__construct(); $this->_deprecated = icms_core_Debug::setDeprecated('imcs_core_StopSpammer', sprintf(_CORE_REMOVE_IN_VERSION, '1.4')); }