#!/usr/bin/php -q <?php require "../gump.class.php"; $validator = new GUMP(); // What are noise words? http://support.dtsearch.com/webhelp/dtsearch/noise_words.htm $_POST = array('words' => "It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English"); $filters = array('words' => 'noise_words'); print_r($validator->filter($_POST, $filters));
#!/usr/bin/php -q <?php require "../gump.class.php"; $validator = new GUMP(); // Set the data $_POST = array('username' => 'SeanNieuwoudt', 'password' => 'mypassword', 'email' => '*****@*****.**', 'gender' => 'm', 'credit_card' => '9872389-2424-234224-234', 'bio' => 'This is good! I think I will switch to another language'); $_POST = $validator->sanitize($_POST); // You don't have to sanitize, but it's safest to do so. // Let's define the rules and filters $rules = array('username' => 'required|alpha_numeric|max_len,100|min_len,40', 'password' => 'required|max_len,100|min_len,6', 'email' => 'required|valid_email', 'gender' => 'required|exact_len,1', 'credit_card' => 'required|valid_cc', 'bio' => 'required'); $filters = array('username' => 'trim|sanitize_string', 'password' => 'trim|base64_encode', 'email' => 'trim|sanitize_email', 'gender' => 'trim'); $_POST = $validator->filter($_POST, $filters); // You can run filter() or validate() first $validated = $validator->validate($_POST, $rules); if ($validated === TRUE) { echo "Successful Validation\n\n"; print_r($_POST); // You can now use POST data safely exit; } else { // You should know what form fields to expect, so you can reference them here for custom messages echo "There were errors with the data you provided:\n"; foreach ($validated as $v) { switch ($v['field']) { case 'credit_card': echo "- The credit card provided is not valid.\n"; break; case 'username': echo "- The username provided is not valid.\n"; break; }
/** * Handle account registrations and view rendering */ public function register() { // If the user is already logged in, redirect if (\Helpers\Session::get('loggedin')) { \Helpers\Url::redirect('Courses'); } // If the registration form is submitted if (isset($_POST['submit'])) { // Check if the student exists $studentExists = $this->account->studentExists($_POST['student_id']); // If user does not exists if (!$studentExists) { $validator = new GUMP(); // Sanitize the submission $_POST = $validator->sanitize($_POST); // Set the data $input_data = array('student_id' => $_POST['student_id'], 'student_name' => $_POST['student_name'], 'student_phone' => $_POST['student_phone'], 'student_password' => $_POST['student_password'], 'student_password_confirmation' => $_POST['student_password_confirmation']); // Define custom validation rules $rules = array('student_id' => 'required|numeric|min_len,5', 'student_name' => 'required|alpha_space', 'student_phone' => 'required|phone_number', 'student_password' => 'required|regex,/^\\S*(?=\\S{6,})(?=\\S*[a-z])(?=\\S*[A-Z])(?=\\S*[\\d])\\S*$/', 'student_password_confirmation' => 'required|contains,' . $_POST['student_password']); // Define validation filters $filters = array('student_id' => 'trim|sanitize_string', 'student_name' => 'trim|sanitize_string', 'student_phone' => 'trim|sanitize_string', 'student_password' => 'trim', 'student_password_confirmation' => 'trim'); // Validate the data $_POST = $validator->filter($_POST, $filters); $validated = $validator->validate($_POST, $rules); // If data is valid if ($validated === true) { // Create password hash $password = $_POST['student_password']; $hash = \Helpers\Password::make($password); // Insert student into DB $student_data = array('StudentId' => $_POST['student_id'], 'Name' => $_POST['student_name'], 'Phone' => $_POST['student_phone'], 'Password' => $hash); // Insert the student into the database $this->account->insertStudent($student_data); // Get the newly created user hash $currentUser = $this->account->getStudentHash($_POST['student_id']); // Create a session with user info \Helpers\Session::set('StudentId', $currentUser[0]->StudentId); \Helpers\Session::set('Name', $currentUser[0]->Name); \Helpers\Session::set('loggedin', true); // Redirect to course selection page \Helpers\Url::redirect('Courses'); } else { // Set errors $error = $validator->get_errors_array(); } } else { // Set additional error $error['exists'] = 'ID already exists'; } } $data['title'] = 'New User'; View::renderTemplate('header', $data, 'account'); View::render('account/register', $data, $error); View::renderTemplate('footer', $data, 'account'); }
#!/usr/bin/php -q <?php require "../gump.class.php"; $_POST = array('string' => '<script>alert(1); $("body").remove(); </script>'); $filters = array('string' => 'sanitize_string'); print_r(GUMP::filter($_POST, $filters));
/** * Perform data filtering against the provided ruleset. * * @param mixed $input * @param array optinal $ruleset ot use class rulset * @return mixed */ public function filter(array $input, array $ruleset = []) { return empty($rulseset) ? parent::filter($input, $this->filter_rules) : parent::filter($input, $rulset); }
#!/usr/bin/php -q <?php require "../gump.class.php"; // Set the data $_POST = array('username' => 'SeanNieuwoudt', 'password' => 'mypassword', 'email' => '*****@*****.**', 'gender' => 'm', 'credit_card' => '9872389-2424-234224-234', 'bio' => 'This is good! I think I will switch to another language'); $_POST = GUMP::sanitize($_POST); // You don't have to sanitize, but it's safest to do so. // Let's define the rules and filters $rules = array('username' => 'required|alpha_numeric|max_len,100|min_len,6', 'password' => 'required|max_len,100|min_len,6', 'email' => 'required|valid_email', 'gender' => 'required|exact_len,1', 'credit_card' => 'required|valid_cc', 'bio' => 'required'); $filters = array('username' => 'trim|sanitize_string', 'password' => 'trim|base64_encode', 'email' => 'trim|sanitize_email', 'gender' => 'trim', 'bio' => 'translate,en,de'); $_POST = GUMP::filter($_POST, $filters); // You can run filter() or validate() first $validated = GUMP::validate($_POST, $rules); // Check if validation was successful if ($validated === TRUE) { echo "Successful Validation\n\n"; print_r($_POST); // You can now use POST data safely exit; } else { print_r($_POST); print_r($validated); // Shows all the rules that failed along with the data }