public function check_password_complexity($password, $passwordCheck) { $retval = array('result' => false, 'passcheck' => 0, 'info' => "Password too short or not given"); if ($password != $passwordCheck) { $retval['info'] = "Passwords don't match."; } elseif (!is_null($password) && strlen($password) < 8) { $retval['info'] = "Password too short; must be at least 8 characters."; } elseif (!is_null($password)) { if ($password == $passwordCheck) { $retval['passcheck'] = 1; $regexList = array('one number' => '/[0-9]{1,}/', 'one lowercase letter' => '/[a-z]{1,}/', 'one uppercase letter' => '/[A-Z]{1,}/'); $passes = 0; $retval['info'] = ""; foreach ($regexList as $text => $regex) { $passFailText = "FAIL"; if (preg_match($regex, $password)) { $passes++; $passFailText = "ok"; } else { $retval['info'] = ToolBox::create_list($retval['info'], $text, " and "); } } if ($passes == count($regexList)) { $retval['result'] = true; } else { $retval['info'] = "Password must contain at least one " . $retval['info']; } } else { $retval['info'] = "passwords don't match"; } } $this->logger->log_by_class(__METHOD__ . ": result=(" . ToolBox::interpret_bool($retval['result'], array(0, 1)) . "), " . "passcheck=(" . $retval['passcheck'] . ")", 'precheck'); return $retval; }
public static function _get_record_extras(array $recordData) { if (isset($recordData['ability_score'])) { $recordData['ability_mod'] = Ability::calculate_ability_modifier($recordData['ability_score']); } $recordData['skill_mod'] = self::calculate_skill_modifier($recordData); $recordData['is_class_skill_checked'] = ToolBox::interpret_bool($recordData['is_class_skill'], array('', 'checked="checked"')); $recordData['is_checked_checkbox'] = ToolBox::interpret_bool($recordData['is_class_skill'], array("", "checked")); return $recordData; }
/** * * @param bool/optional $onlyInUse If specified, returns only those with the * given value in the "in_use" column. * * @return type * @throws ErrorException */ public static function get_all(Database $dbObj, $characterId, $onlyInUse = null) { $sql = 'SELECT * FROM ' . self::tableName . ' WHERE '; //'character_id=:id'; $params = array('character_id' => $characterId); if (!is_null($onlyInUse) && is_bool($onlyInUse)) { $params['in_use'] = ToolBox::interpret_bool($onlyInUse, array('f', 't')); } $addThis = ""; foreach (array_keys($params) as $n) { $addThis = ToolBox::create_list($addThis, $n . '=:' . $n, ' AND '); } $sql .= $addThis; try { $dbObj->run_query($sql, $params); $retval = $dbObj->farray_fieldnames(self::pkeyField); } catch (Exception $e) { throw new ErrorException(__METHOD__ . ":: failed to retrieve character weapons, DETAILS::: " . $e->getMessage()); } return $retval; }
public function test_create() { $x = new Armor(); $x->characterId = $this->id; $data = array('character_id' => $this->id, 'armor_name' => __METHOD__ . " +5 of holy awesomeness", 'armor_type' => "light", 'ac_bonus' => 5, 'check_penalty' => 0, 'max_dex' => 9, 'special' => "Smells like good code", 'weight' => 12, 'max_speed' => 30, 'is_worn' => 'f'); $id = $x->create($this->dbObj, $data); $this->assertTrue(is_numeric($id)); $dbData = $x->load($this->dbObj); //make sure we understand how "interpret_bool()" works.. $this->assertFalse(ToolBox::interpret_bool('f', array(false, true))); $this->assertTrue(ToolBox::interpret_bool('t', array(false, true))); $this->assertTrue(is_array($dbData)); $this->assertTrue(count($dbData) > 0); foreach ($data as $f => $v) { if ($f == 'is_worn') { $expected = ToolBox::interpret_bool($v, array(false, true)); $this->assertEquals($expected, $dbData[$f], "field (" . $f . ") value doesn't match... expected (" . $expected . "), got (" . $dbData[$f] . ")"); } else { $this->assertEquals($v, $dbData[$f]); } } }
public function update() { $updateSql = ""; $params = $this->_clean_data_array($this->_data); foreach ($params as $k => $v) { if (count($this->booleanFields) && in_array($k, $this->booleanFields)) { $params[$k] = ToolBox::interpret_bool($v, array('f', 't')); } $updateSql = ToolBox::create_list($updateSql, $k . '=:' . $k, ','); } $sql = "UPDATE " . $this->_dbTable . " SET " . $updateSql . " WHERE " . $this->_dbPkey . "=:id"; $params['id'] = $this->id; try { $this->dbObj->run_update($sql, $params); $retval = true; } catch (Exception $ex) { throw new LogicException(__METHOD__ . ": unable to update table '" . $this->_dbTable . "', DETAILS::: " . $ex->getMessage()); } return $retval; }
public function test_interpret_bool() { $this->assertEquals(true, ToolBox::interpret_bool('1')); $this->assertEquals(true, ToolBox::interpret_bool('1', array(false, true))); $this->assertEquals(true, ToolBox::interpret_bool('1', array('0' => false, '1' => true))); $this->assertEquals(false, ToolBox::interpret_bool('1', array(true, false))); }
/** * Easy way of cleaning data using types/styles of cleaning, with optional quoting. * * @param $cleanThis (str) data to be cleaned * @param $cleanType (str,optional) how to clean the data. * @param $sqlQuotes (bool,optional) quote the string for SQL * * @return (string) Cleaned data. */ public static function cleanString($cleanThis = NULL, $cleanType = "all", $sqlQuotes = 0) { $cleanType = strtolower($cleanType); switch ($cleanType) { case "none": //nothing to see here (no cleaning wanted/needed). Move along. $sqlQuotes = 0; break; case "query": /* replace \' with ' gets rid of evil characters that might lead to SQL injection attacks. replace line-break characters */ $evilChars = array("\$", "%", "~", "*", ">", "<", "-", "{", "}", "[", "]", ")", "(", "&", "#", "?", ".", "\\,", "\\/", "\\", "\"", "\\|", "!", "^", "+", "`", "\n", "\r"); $cleanThis = preg_replace("/\\|/", "", $cleanThis); $cleanThis = preg_replace("/\\'/", "", $cleanThis); $cleanThis = str_replace($evilChars, "", $cleanThis); $cleanThis = stripslashes(addslashes($cleanThis)); break; case "sql": $cleanThis = addslashes(stripslashes($cleanThis)); break; case "varchar": case "text": case "sql_insert": /* * This is for descriptive fields, where double quotes don't need to be escaped: in these * cases, escaping the double-quotes might lead to inserting something that looks different * than the original, but in fact is identical. */ $cleanThis = addslashes(stripslashes($cleanThis)); $cleanThis = preg_replace('/\\\\"/', '"', $cleanThis); $cleanThis = preg_replace("/'/", "\\\\'", $cleanThis); break; case "sql92_insert": /* * Just like 'sql_insert', except that single quotes are "delimited" by * adding another single quote, which works *at least* with postgres & sqlite. */ $cleanThis = preg_replace("/'/", "''", $cleanThis); $cleanThis = preg_replace('/\\\\"/', '"', $cleanThis); $cleanThis = stripslashes($cleanThis); $sqlQuotes = 0; break; case "double_quote": //This will remove all double quotes from a string. $cleanThis = str_replace('"', "", $cleanThis); break; case "htmlspecial": /* This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application. The translations performed are: '&' (ampersand) becomes '&' '"' (double quote) becomes '"'. '<' (less than) becomes '<' '>' (greater than) becomes '>' */ $cleanThis = htmlspecialchars($cleanThis); break; case "htmlspecial_q": /* '&' (ampersand) becomes '&' '"' (double quote) becomes '"'. ''' (single quote) becomes '''. '<' (less than) becomes '<' '>' (greater than) becomes '> */ $cleanThis = htmlspecialchars($cleanThis, ENT_QUOTES); break; case "htmlspecial_nq": /* '&' (ampersand) becomes '&' '<' (less than) becomes '<' '>' (greater than) becomes '> */ $cleanThis = htmlspecialchars($cleanThis, ENT_NOQUOTES); break; case "htmlentity": /* Convert all applicable text to its html entity Will convert double-quotes and leave single-quotes alone */ $cleanThis = htmlentities(html_entity_decode($cleanThis)); break; case "htmlentity_plus_brackets": /* Just like htmlentity, but also converts "{" and "}" (prevents template from being incorrectly parse). Also converts "{" and "}" to their html entity. */ $cleanThis = htmlentities(html_entity_decode($cleanThis)); $cleanThis = str_replace('$', '$', $cleanThis); $cleanThis = str_replace('{', '{', $cleanThis); $cleanThis = str_replace('}', '}', $cleanThis); break; case "double_entity": //Removed double quotes, then calls html_entities on it. $cleanThis = str_replace('"', "", $cleanThis); $cleanThis = htmlentities(html_entity_decode($cleanThis)); break; case "meta": // Returns a version of str with a backslash character (\) before every character that is among these: // . \\ + * ? [ ^ ] ( $ ) $cleanThis = quotemeta($cleanThis); break; case "email": //Remove all characters that aren't allowed in an email address. $cleanThis = preg_replace("/[^A-Za-z0-9\\._@-]/", "", $cleanThis); break; case "email_plus": case "email_plus_spaces": //Remove all characters that aren't allowed in an email address. $cleanThis = preg_replace("/[^A-Za-z0-9\\ \\._@:-]/", "", $cleanThis); break; case "phone_fax": //Remove everything that's not numeric or +()- example: +1 (555)-555-2020 is valid $cleanThis = preg_replace("/[^0-9-+() ]/", "", $cleanThis); break; case "int": case "integer": case "numeric": case "number": //Remove everything that's not numeric. if (is_null($cleanThis)) { $cleanThis = "NULL"; $sqlQuotes = 0; } else { $cleanThis = preg_replace("/[^0-9\\-]/", "", $cleanThis); } break; case "decimal": case "float": //same as integer only the decimal point is allowed $cleanThis = preg_replace("/[^0-9\\.]/", "", $cleanThis); break; case "name": case "names": //allows only things in the "alpha" case and single quotes. $cleanThis = preg_replace("/[^a-zA-Z']/", "", $cleanThis); break; case "alpha": //Removes anything that's not English a-zA-Z $cleanThis = preg_replace("/[^a-zA-Z]/", "", $cleanThis); break; case "bool": case "boolean": //makes it either T or F (gotta lower the string & only check the first char to ensure accurate results). $cleanThis = ToolBox::interpret_bool($cleanThis, array('f', 't')); break; case "date": $cleanThis = preg_replace("/[^0-9\\-]/", "", $cleanThis); break; case "datetime": $cleanThis = preg_replace("/[^A-Za-z0-9\\/: \\-\\'\\.]/", "", $cleanThis); break; case "all": default: // 1. Remove all naughty characters we can think of except alphanumeric. $cleanThis = preg_replace("/[^A-Za-z0-9]/", "", $cleanThis); break; } if ($sqlQuotes) { $cleanThis = "'" . $cleanThis . "'"; } return $cleanThis; }