public function check_password_complexity($password, $passwordCheck)
{
$retval = array('result' => false, 'passcheck' => 0, 'info' => "Password too short or not given");
if ($password != $passwordCheck) {
$retval['info'] = "Passwords don't match.";
} elseif (!is_null($password) && strlen($password) < 8) {
$retval['info'] = "Password too short; must be at least 8 characters.";
} elseif (!is_null($password)) {
if ($password == $passwordCheck) {
$retval['passcheck'] = 1;
$regexList = array('one number' => '/[0-9]{1,}/', 'one lowercase letter' => '/[a-z]{1,}/', 'one uppercase letter' => '/[A-Z]{1,}/');
$passes = 0;
$retval['info'] = "";
foreach ($regexList as $text => $regex) {
$passFailText = "FAIL";
if (preg_match($regex, $password)) {
$passes++;
$passFailText = "ok";
} else {
$retval['info'] = ToolBox::create_list($retval['info'], $text, " and ");
}
}
if ($passes == count($regexList)) {
$retval['result'] = true;
} else {
$retval['info'] = "Password must contain at least one " . $retval['info'];
}
} else {
$retval['info'] = "passwords don't match";
}
}
$this->logger->log_by_class(__METHOD__ . ": result=(" . ToolBox::interpret_bool($retval['result'], array(0, 1)) . "), " . "passcheck=(" . $retval['passcheck'] . ")", 'precheck');
return $retval;
}
public static function _get_record_extras(array $recordData)
{
if (isset($recordData['ability_score'])) {
$recordData['ability_mod'] = Ability::calculate_ability_modifier($recordData['ability_score']);
}
$recordData['skill_mod'] = self::calculate_skill_modifier($recordData);
$recordData['is_class_skill_checked'] = ToolBox::interpret_bool($recordData['is_class_skill'], array('', 'checked="checked"'));
$recordData['is_checked_checkbox'] = ToolBox::interpret_bool($recordData['is_class_skill'], array("", "checked"));
return $recordData;
}
/**
*
* @param bool/optional $onlyInUse If specified, returns only those with the
* given value in the "in_use" column.
*
* @return type
* @throws ErrorException
*/
public static function get_all(Database $dbObj, $characterId, $onlyInUse = null)
{
$sql = 'SELECT * FROM ' . self::tableName . ' WHERE ';
//'character_id=:id';
$params = array('character_id' => $characterId);
if (!is_null($onlyInUse) && is_bool($onlyInUse)) {
$params['in_use'] = ToolBox::interpret_bool($onlyInUse, array('f', 't'));
}
$addThis = "";
foreach (array_keys($params) as $n) {
$addThis = ToolBox::create_list($addThis, $n . '=:' . $n, ' AND ');
}
$sql .= $addThis;
try {
$dbObj->run_query($sql, $params);
$retval = $dbObj->farray_fieldnames(self::pkeyField);
} catch (Exception $e) {
throw new ErrorException(__METHOD__ . ":: failed to retrieve character weapons, DETAILS::: " . $e->getMessage());
}
return $retval;
}
public function test_create()
{
$x = new Armor();
$x->characterId = $this->id;
$data = array('character_id' => $this->id, 'armor_name' => __METHOD__ . " +5 of holy awesomeness", 'armor_type' => "light", 'ac_bonus' => 5, 'check_penalty' => 0, 'max_dex' => 9, 'special' => "Smells like good code", 'weight' => 12, 'max_speed' => 30, 'is_worn' => 'f');
$id = $x->create($this->dbObj, $data);
$this->assertTrue(is_numeric($id));
$dbData = $x->load($this->dbObj);
//make sure we understand how "interpret_bool()" works..
$this->assertFalse(ToolBox::interpret_bool('f', array(false, true)));
$this->assertTrue(ToolBox::interpret_bool('t', array(false, true)));
$this->assertTrue(is_array($dbData));
$this->assertTrue(count($dbData) > 0);
foreach ($data as $f => $v) {
if ($f == 'is_worn') {
$expected = ToolBox::interpret_bool($v, array(false, true));
$this->assertEquals($expected, $dbData[$f], "field (" . $f . ") value doesn't match... expected (" . $expected . "), got (" . $dbData[$f] . ")");
} else {
$this->assertEquals($v, $dbData[$f]);
}
}
}
public function update()
{
$updateSql = "";
$params = $this->_clean_data_array($this->_data);
foreach ($params as $k => $v) {
if (count($this->booleanFields) && in_array($k, $this->booleanFields)) {
$params[$k] = ToolBox::interpret_bool($v, array('f', 't'));
}
$updateSql = ToolBox::create_list($updateSql, $k . '=:' . $k, ',');
}
$sql = "UPDATE " . $this->_dbTable . " SET " . $updateSql . " WHERE " . $this->_dbPkey . "=:id";
$params['id'] = $this->id;
try {
$this->dbObj->run_update($sql, $params);
$retval = true;
} catch (Exception $ex) {
throw new LogicException(__METHOD__ . ": unable to update table '" . $this->_dbTable . "', DETAILS::: " . $ex->getMessage());
}
return $retval;
}
public function test_interpret_bool()
{
$this->assertEquals(true, ToolBox::interpret_bool('1'));
$this->assertEquals(true, ToolBox::interpret_bool('1', array(false, true)));
$this->assertEquals(true, ToolBox::interpret_bool('1', array('0' => false, '1' => true)));
$this->assertEquals(false, ToolBox::interpret_bool('1', array(true, false)));
}
/**
* Easy way of cleaning data using types/styles of cleaning, with optional quoting.
*
* @param $cleanThis (str) data to be cleaned
* @param $cleanType (str,optional) how to clean the data.
* @param $sqlQuotes (bool,optional) quote the string for SQL
*
* @return (string) Cleaned data.
*/
public static function cleanString($cleanThis = NULL, $cleanType = "all", $sqlQuotes = 0)
{
$cleanType = strtolower($cleanType);
switch ($cleanType) {
case "none":
//nothing to see here (no cleaning wanted/needed). Move along.
$sqlQuotes = 0;
break;
case "query":
/*
replace \' with '
gets rid of evil characters that might lead to SQL injection attacks.
replace line-break characters
*/
$evilChars = array("\$", "%", "~", "*", ">", "<", "-", "{", "}", "[", "]", ")", "(", "&", "#", "?", ".", "\\,", "\\/", "\\", "\"", "\\|", "!", "^", "+", "`", "\n", "\r");
$cleanThis = preg_replace("/\\|/", "", $cleanThis);
$cleanThis = preg_replace("/\\'/", "", $cleanThis);
$cleanThis = str_replace($evilChars, "", $cleanThis);
$cleanThis = stripslashes(addslashes($cleanThis));
break;
case "sql":
$cleanThis = addslashes(stripslashes($cleanThis));
break;
case "varchar":
case "text":
case "sql_insert":
/*
* This is for descriptive fields, where double quotes don't need to be escaped: in these
* cases, escaping the double-quotes might lead to inserting something that looks different
* than the original, but in fact is identical.
*/
$cleanThis = addslashes(stripslashes($cleanThis));
$cleanThis = preg_replace('/\\\\"/', '"', $cleanThis);
$cleanThis = preg_replace("/'/", "\\\\'", $cleanThis);
break;
case "sql92_insert":
/*
* Just like 'sql_insert', except that single quotes are "delimited" by
* adding another single quote, which works *at least* with postgres & sqlite.
*/
$cleanThis = preg_replace("/'/", "''", $cleanThis);
$cleanThis = preg_replace('/\\\\"/', '"', $cleanThis);
$cleanThis = stripslashes($cleanThis);
$sqlQuotes = 0;
break;
case "double_quote":
//This will remove all double quotes from a string.
$cleanThis = str_replace('"', "", $cleanThis);
break;
case "htmlspecial":
/*
This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application.
The translations performed are:
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"'.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
*/
$cleanThis = htmlspecialchars($cleanThis);
break;
case "htmlspecial_q":
/*
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"'.
''' (single quote) becomes '''.
'<' (less than) becomes '<'
'>' (greater than) becomes '>
*/
$cleanThis = htmlspecialchars($cleanThis, ENT_QUOTES);
break;
case "htmlspecial_nq":
/*
'&' (ampersand) becomes '&'
'<' (less than) becomes '<'
'>' (greater than) becomes '>
*/
$cleanThis = htmlspecialchars($cleanThis, ENT_NOQUOTES);
break;
case "htmlentity":
/*
Convert all applicable text to its html entity
Will convert double-quotes and leave single-quotes alone
*/
$cleanThis = htmlentities(html_entity_decode($cleanThis));
break;
case "htmlentity_plus_brackets":
/*
Just like htmlentity, but also converts "{" and "}" (prevents template
from being incorrectly parse).
Also converts "{" and "}" to their html entity.
*/
$cleanThis = htmlentities(html_entity_decode($cleanThis));
$cleanThis = str_replace('$', '$', $cleanThis);
$cleanThis = str_replace('{', '{', $cleanThis);
$cleanThis = str_replace('}', '}', $cleanThis);
break;
case "double_entity":
//Removed double quotes, then calls html_entities on it.
$cleanThis = str_replace('"', "", $cleanThis);
$cleanThis = htmlentities(html_entity_decode($cleanThis));
break;
case "meta":
// Returns a version of str with a backslash character (\) before every character that is among these:
// . \\ + * ? [ ^ ] ( $ )
$cleanThis = quotemeta($cleanThis);
break;
case "email":
//Remove all characters that aren't allowed in an email address.
$cleanThis = preg_replace("/[^A-Za-z0-9\\._@-]/", "", $cleanThis);
break;
case "email_plus":
case "email_plus_spaces":
//Remove all characters that aren't allowed in an email address.
$cleanThis = preg_replace("/[^A-Za-z0-9\\ \\._@:-]/", "", $cleanThis);
break;
case "phone_fax":
//Remove everything that's not numeric or +()- example: +1 (555)-555-2020 is valid
$cleanThis = preg_replace("/[^0-9-+() ]/", "", $cleanThis);
break;
case "int":
case "integer":
case "numeric":
case "number":
//Remove everything that's not numeric.
if (is_null($cleanThis)) {
$cleanThis = "NULL";
$sqlQuotes = 0;
} else {
$cleanThis = preg_replace("/[^0-9\\-]/", "", $cleanThis);
}
break;
case "decimal":
case "float":
//same as integer only the decimal point is allowed
$cleanThis = preg_replace("/[^0-9\\.]/", "", $cleanThis);
break;
case "name":
case "names":
//allows only things in the "alpha" case and single quotes.
$cleanThis = preg_replace("/[^a-zA-Z']/", "", $cleanThis);
break;
case "alpha":
//Removes anything that's not English a-zA-Z
$cleanThis = preg_replace("/[^a-zA-Z]/", "", $cleanThis);
break;
case "bool":
case "boolean":
//makes it either T or F (gotta lower the string & only check the first char to ensure accurate results).
$cleanThis = ToolBox::interpret_bool($cleanThis, array('f', 't'));
break;
case "date":
$cleanThis = preg_replace("/[^0-9\\-]/", "", $cleanThis);
break;
case "datetime":
$cleanThis = preg_replace("/[^A-Za-z0-9\\/: \\-\\'\\.]/", "", $cleanThis);
break;
case "all":
default:
// 1. Remove all naughty characters we can think of except alphanumeric.
$cleanThis = preg_replace("/[^A-Za-z0-9]/", "", $cleanThis);
break;
}
if ($sqlQuotes) {
$cleanThis = "'" . $cleanThis . "'";
}
return $cleanThis;
}
