#!/usr/bin/php -q
<?php
require "../gump.class.php";
$validator = new GUMP();
// What are noise words? http://support.dtsearch.com/webhelp/dtsearch/noise_words.htm
$_POST = array('words' => "It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English");
$filters = array('words' => 'noise_words');
print_r($validator->filter($_POST, $filters));
#!/usr/bin/php -q
<?php
require "../gump.class.php";
$validator = new GUMP();
// Set the data
$_POST = array('username' => 'SeanNieuwoudt', 'password' => 'mypassword', 'email' => '*****@*****.**', 'gender' => 'm', 'credit_card' => '9872389-2424-234224-234', 'bio' => 'This is good! I think I will switch to another language');
$_POST = $validator->sanitize($_POST);
// You don't have to sanitize, but it's safest to do so.
// Let's define the rules and filters
$rules = array('username' => 'required|alpha_numeric|max_len,100|min_len,40', 'password' => 'required|max_len,100|min_len,6', 'email' => 'required|valid_email', 'gender' => 'required|exact_len,1', 'credit_card' => 'required|valid_cc', 'bio' => 'required');
$filters = array('username' => 'trim|sanitize_string', 'password' => 'trim|base64_encode', 'email' => 'trim|sanitize_email', 'gender' => 'trim');
$_POST = $validator->filter($_POST, $filters);
// You can run filter() or validate() first
$validated = $validator->validate($_POST, $rules);
if ($validated === TRUE) {
echo "Successful Validation\n\n";
print_r($_POST);
// You can now use POST data safely
exit;
} else {
// You should know what form fields to expect, so you can reference them here for custom messages
echo "There were errors with the data you provided:\n";
foreach ($validated as $v) {
switch ($v['field']) {
case 'credit_card':
echo "- The credit card provided is not valid.\n";
break;
case 'username':
echo "- The username provided is not valid.\n";
break;
}
/**
* Handle account registrations and view rendering
*/
public function register()
{
// If the user is already logged in, redirect
if (\Helpers\Session::get('loggedin')) {
\Helpers\Url::redirect('Courses');
}
// If the registration form is submitted
if (isset($_POST['submit'])) {
// Check if the student exists
$studentExists = $this->account->studentExists($_POST['student_id']);
// If user does not exists
if (!$studentExists) {
$validator = new GUMP();
// Sanitize the submission
$_POST = $validator->sanitize($_POST);
// Set the data
$input_data = array('student_id' => $_POST['student_id'], 'student_name' => $_POST['student_name'], 'student_phone' => $_POST['student_phone'], 'student_password' => $_POST['student_password'], 'student_password_confirmation' => $_POST['student_password_confirmation']);
// Define custom validation rules
$rules = array('student_id' => 'required|numeric|min_len,5', 'student_name' => 'required|alpha_space', 'student_phone' => 'required|phone_number', 'student_password' => 'required|regex,/^\\S*(?=\\S{6,})(?=\\S*[a-z])(?=\\S*[A-Z])(?=\\S*[\\d])\\S*$/', 'student_password_confirmation' => 'required|contains,' . $_POST['student_password']);
// Define validation filters
$filters = array('student_id' => 'trim|sanitize_string', 'student_name' => 'trim|sanitize_string', 'student_phone' => 'trim|sanitize_string', 'student_password' => 'trim', 'student_password_confirmation' => 'trim');
// Validate the data
$_POST = $validator->filter($_POST, $filters);
$validated = $validator->validate($_POST, $rules);
// If data is valid
if ($validated === true) {
// Create password hash
$password = $_POST['student_password'];
$hash = \Helpers\Password::make($password);
// Insert student into DB
$student_data = array('StudentId' => $_POST['student_id'], 'Name' => $_POST['student_name'], 'Phone' => $_POST['student_phone'], 'Password' => $hash);
// Insert the student into the database
$this->account->insertStudent($student_data);
// Get the newly created user hash
$currentUser = $this->account->getStudentHash($_POST['student_id']);
// Create a session with user info
\Helpers\Session::set('StudentId', $currentUser[0]->StudentId);
\Helpers\Session::set('Name', $currentUser[0]->Name);
\Helpers\Session::set('loggedin', true);
// Redirect to course selection page
\Helpers\Url::redirect('Courses');
} else {
// Set errors
$error = $validator->get_errors_array();
}
} else {
// Set additional error
$error['exists'] = 'ID already exists';
}
}
$data['title'] = 'New User';
View::renderTemplate('header', $data, 'account');
View::render('account/register', $data, $error);
View::renderTemplate('footer', $data, 'account');
}
#!/usr/bin/php -q
<?php
require "../gump.class.php";
$_POST = array('string' => '<script>alert(1); $("body").remove(); </script>');
$filters = array('string' => 'sanitize_string');
print_r(GUMP::filter($_POST, $filters));
/**
* Perform data filtering against the provided ruleset.
*
* @param mixed $input
* @param array optinal $ruleset ot use class rulset
* @return mixed
*/
public function filter(array $input, array $ruleset = [])
{
return empty($rulseset) ? parent::filter($input, $this->filter_rules) : parent::filter($input, $rulset);
}
#!/usr/bin/php -q
<?php
require "../gump.class.php";
// Set the data
$_POST = array('username' => 'SeanNieuwoudt', 'password' => 'mypassword', 'email' => '*****@*****.**', 'gender' => 'm', 'credit_card' => '9872389-2424-234224-234', 'bio' => 'This is good! I think I will switch to another language');
$_POST = GUMP::sanitize($_POST);
// You don't have to sanitize, but it's safest to do so.
// Let's define the rules and filters
$rules = array('username' => 'required|alpha_numeric|max_len,100|min_len,6', 'password' => 'required|max_len,100|min_len,6', 'email' => 'required|valid_email', 'gender' => 'required|exact_len,1', 'credit_card' => 'required|valid_cc', 'bio' => 'required');
$filters = array('username' => 'trim|sanitize_string', 'password' => 'trim|base64_encode', 'email' => 'trim|sanitize_email', 'gender' => 'trim', 'bio' => 'translate,en,de');
$_POST = GUMP::filter($_POST, $filters);
// You can run filter() or validate() first
$validated = GUMP::validate($_POST, $rules);
// Check if validation was successful
if ($validated === TRUE) {
echo "Successful Validation\n\n";
print_r($_POST);
// You can now use POST data safely
exit;
} else {
print_r($_POST);
print_r($validated);
// Shows all the rules that failed along with the data
}
