public function testCombo() { $this->setExpectedException('fValidationException'); $_GET['email'] = 'This is a test'; try { $v = new fValidation(); $v->addRequiredFields('foo', 'bar'); $v->addEmailFields('email'); $v->validate(); } catch (fValidationException $e) { $this->assertContains('Foo: Please enter a value', $e->getMessage()); $this->assertContains('Bar: Please enter a value', $e->getMessage()); $this->assertContains('Email: Please enter an email address in the form name@example.com', $e->getMessage()); throw $e; } }
<?php $page = 'login'; require 'header.php'; if ($user) { fURL::redirect('/members'); } if (isset($_POST['submit'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('password', 'email'); $validator->addEmailFields('email'); $validator->validate(); $users = fRecordSet::build('User', array('email=' => strtolower($_POST['email']))); if ($users->count() == 0) { throw new fValidationException('Invalid username or password.'); } $rec = $users->getRecords(); $user = $rec[0]; if (!fCryptography::checkPasswordHash($_POST['password'], $user->getPassword())) { throw new fValidationException('Invalid username or password.'); } fSession::set('user', $user->getId()); if (fRequest::get('persistent_login', 'boolean')) { fSession::enablePersistence(); } if (isset($_POST['forward'])) { fURL::redirect('http://' . $_SERVER['SERVER_NAME'] . $_POST['forward']); } else { fURL::redirect('/members');
function build_json_response() { if (!isset($_POST['json'])) { return array('error' => array('message' => "No JSON found")); } $data = json_decode($_POST['json'], true); if (!$data) { return array('error' => array('message' => "JSON could not be decoded")); } $_POST = $data; // fValidation inspects $_POST for field data $validator = new fValidation(); $validator->addRequiredFields('title', 'details', 'venue', 'address', 'organizer', 'email', 'read_comic'); $validator->addEmailFields('email'); $validator->addRegexReplacement('#^(.*?): (.*)$#', '\\2 for <span class="field-name">\\1</span>'); // If id is specified require secret $validator->addConditionalRule(array('id'), NULL, array('secret')); $messages = $validator->validate(TRUE, TRUE); if (!$data['read_comic']) { $messages['read_comic'] = 'You must have read the Ride Leading Comic'; } if ($messages) { return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages)); } $inputDateStrings = get($data['dates'], array()); $validDates = array(); $invalidDates = array(); foreach ($inputDateStrings as $dateString) { $date = DateTime::createFromFormat('Y-m-d', $dateString); if ($date) { $validDates[] = $date; } else { $invalidDates[] = $dateString; } } if ($invalidDates) { $messages['dates'] = "Invalid dates: " . implode(', ', $invalidDates); } if (count($validDates) === 1) { $data['datestype'] = 'O'; $data['datestring'] = date_format($validDates[0], 'l, F j'); } else { // not dealing with 'consecutive' $data['datestype'] = 'S'; $data['datestring'] = 'Scattered days'; } // Converts data to an event, loading the existing one if id is included in data $event = Event::fromArray($data); // Else if ($event->exists() && !$event->secretValid($data['secret'])) { return array('error' => array('message' => 'Invalid secret, use link from email')); } $messages = $event->validate($return_messages = TRUE, $remove_column_names = TRUE); if (isset($_FILES['file'])) { $uploader = new fUpload(); $uploader->setMIMETypes(array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'), 'The file uploaded is not an image'); $uploader->setMaxSize('2MB'); $uploader->setOptional(); $file_message = $uploader->validate('file', TRUE); if ($file_message != null) { $messages['file'] = $file_message; } global $IMAGEDIR; $file = $uploader->move($IMAGEDIR, 'file'); $event->setImage($file->getName()); } if ($messages) { return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages)); } // if needs secret generate and email if (!$event->exists()) { $includeSecret = true; } else { $includeSecret = false; } // If there are validation errors this starts spewing html, so we validate before $event->store(); // Create/delete EventTimes to match the list of dates included EventTime::matchEventTimesToDates($event, $validDates); // Returns the created object $details = $event->toDetailArray(true); if ($includeSecret) { $details['secret'] = $event->getPassword(); // Wait until after it is stored to ensure it has an id $event->emailSecret(); } return $details; }
$shells = array('/bin/bash', '/bin/sh', '/bin/zsh'); if ($user->isMember()) { $user_profile = $user->createUsersProfile(); if ($user_profile->getAllowEmail() && $user->getLdapemail() == '') { $email = $user->getEmail(); } else { $email = $user->getLdapemail(); } // Link or unlink a user. if (array_key_exists('create', $_POST) && array_key_exists('token', $_POST)) { $ok = false; try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('ldapuser', 'ldapnthash', 'ldapsshahash', 'ldapshell', 'ldapemail'); $validator->addEmailFields('ldapemail'); $validator->validate(); // Attempt account creation and promotion. if (!preg_match('/^[a-z][a-z0-9_-]{0,31}$/', $_POST['ldapuser'])) { throw new fValidationException('<p>The username must only contain a-z, 0-9 _ and -.</p>'); } $not_allowed_names = array("root" => 1, "daemon" => 1, "bin" => 1, "sys" => 1, "sync" => 1, "games" => 1, "man" => 1, "lp" => 1, "mail" => 1, "news" => 1, "uucp" => 1, "proxy" => 1, "www-data" => 1, "backup" => 1, "list" => 1, "irc" => 1, "gnats" => 1, "nobody" => 1, "libuuid" => 1, "sshd" => 1, "ntp" => 1, "messagebus" => 1, "colord" => 1, "saned" => 1, "openldap" => 1, "avahi" => 1, "mpd" => 1, "radvd" => 1, "quasselcore" => 1, "statd" => 1, "ntop" => 1, "postgres" => 1, "bitlbee" => 1, "smokeping" => 1, "debian-exim" => 1, "snmp" => 1, "asterisk" => 1, "debian-tor" => 1, "privoxy" => 1, "bind" => 1, "dhcpd" => 1, "ircensus" => 1, "cacti" => 1, "mysql" => 1, "hplip" => 1, "haldaemon" => 1, "mosquitto" => 1, "postfix" => 1, "glados" => 1, "boarded" => 1, "board" => 1, "bmeter" => 1, "netometer" => 1, "robonaut" => 1, "postmaster" => 1, "hostmaster" => 1, "webmaster" => 1, "abuse" => 1, "spam" => 1, "billing" => 1, "accounts" => 1, "support" => 1, "techsupport" => 1, "trustees" => 1, "noc" => 1, "security" => 1, "directors" => 1, "contact" => 1, "info" => 1, "property" => 1, "ebay" => 1, "elections" => 1, "accounts" => 1, "membership" => 1, "sysadmin" => 1, "anonymous" => 1, "anon" => 1, "administrator" => 1, "admin" => 1); if (array_key_exists(strtolower($_POST['ldapuser']), $not_allowed_names)) { throw new fValidationException('<p>You are not allowed to use ' . htmlspecialchars($_POST['ldapuser']) . ' as a username.</p>'); } if (!in_array($_POST['ldapshell'], $shells)) { throw new fValidationException('<p>' . htmlspecialchars($_POST['ldapshell']) . ' is not a valid shell.</p>'); } if (!preg_match('/^[A-F0-9]{32}$/', $_POST['ldapnthash'])) { throw new fValidationException('<p>That dosn\'t look like an NT hash</p>'); }
if (isset($_POST['token'])) { try { fRequest::validateCSRFToken($_POST['token']); $identicalNames = fRecordSet::build('Project', array('user_id=' => $user->getId(), 'name=' => array(filter_var($_POST['name'], FILTER_SANITIZE_STRING))), array('name' => 'asc')); if (!isset($_POST['name']) || $_POST['name'] == '') { throw new fValidationException('Name field is required.'); } if (count($identicalNames) > 0 && !$project->getId()) { throw new fValidationException('You\'ve already made a request with that name. How is this request different to the last time? Our members like to know a project with multiple storage requests is being actively worked on and progress is being made.'); } if (!isset($_POST['description']) || $_POST['description'] == '') { throw new fValidationException('Description field is required.'); } if ($_POST['contact'] && $_POST['contact'] != '') { $validator = new fValidation(); $validator->addEmailFields('contact'); $validator->validate(); } if (!isset($_POST['location_id']) || $_POST['location_id'] == '') { throw new fValidationException('Location select is required.'); } if (!isset($_POST['location']) || $_POST['location'] == '') { throw new fValidationException('Location field is required.'); } if (!isset($_POST['from_date']) || $_POST['from_date'] == '') { throw new fValidationException('Arrival field is required.'); } if (!isset($_POST['to_date']) || $_POST['to_date'] == '') { throw new fValidationException('Removal field is required.'); } // from > today