/**
returns true if the input is valid; an array of errors (key is error name, value is true) if invalid
*/
private static function registerInputIsValid($username, $password, $retypedPassword, $email, $retypedEmail)
{
if ($username == "") {
$errors['noUsername'] = true;
}
if (!Validator::usernameIsValidLength($username)) {
$errors['longUsername'] = true;
}
if ($password == "") {
$errors['noPassword'] = true;
}
if (!Validator::passwordIsValidLength($password)) {
$errors['longPassword'] = true;
}
//password mismatch
if ($password != $retypedPassword) {
$errors['passwordMismatch'] = true;
}
if ($email == "") {
$errors['noEmail'] = true;
}
if (!Validator::isValidEmail($email)) {
$errors['invalidEmail'] = true;
}
if ($email != $retypedEmail) {
$errors['emailMismatch'] = true;
}
return isset($errors) ? $errors : true;
}
/**
* Validates the form based on the 'validations' attribute in the form array.
*/
private function validate()
{
foreach ($this->settings as $name => $settings) {
$value = $_POST[$name];
if (isset($settings['validations'])) {
foreach ($settings['validations'] as $validation) {
switch ($validation) {
case 'not_empty':
//if (!\ThirdParty\Utilities\Validator::notEmpty($value)) {
//if (!OtherValidator::notEmpty($value)) {
if (!Validator::notEmpty($value)) {
return false;
}
break;
case 'is_valid_email':
//if (!\ThirdParty\Utilities\Validator::isValidEmail($value)) {
//if (!OtherValidator::isValidEmail($value)) {
if (!Validator::isValidEmail($value)) {
return false;
}
break;
}
}
}
}
return true;
}
protected function buildQuery($searchString)
{
$this->filter = $filter = false;
$this->errorNo = $this->errorMsg = null;
$objectClassQuery = new LDAPFilter('objectClass', 'person');
if (empty($searchString)) {
$this->errorMsg = "Query was blank";
} elseif (Validator::isValidEmail($searchString)) {
$filter = new LDAPFilter($this->getField('email'), $searchString);
} elseif (Validator::isValidPhone($searchString, $phone_bits)) {
array_shift($phone_bits);
$searchString = implode("", $phone_bits);
// remove any separators. This might be an issue for people with formatted numbers in their directory
$filter = new LDAPFilter($this->getField('phone'), $searchString);
} elseif (preg_match('/^[0-9]+/', $searchString)) {
//partial phone number
$filter = new LDAPFilter($this->getField('phone'), $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_TRAILING);
} elseif (preg_match('/[A-Za-z]+/', $searchString)) {
// assume search by name
$names = preg_split("/\\s+/", $searchString);
$nameCount = count($names);
switch ($nameCount) {
case 1:
//try first name, last name and email
$snFilter = new LDAPFilter($this->getField('lastname'), $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_TRAILING);
$givenNameFilter = new LDAPFilter($this->getField('firstname'), $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_TRAILING);
$mailFilter = new LDAPFilter($this->getField('email'), $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_TRAILING);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $givenNameFilter, $snFilter, $mailFilter);
break;
case 2:
$filter1 = $this->nameFilter($names[0], $names[1]);
$filter2 = $this->nameFilter($names[1], $names[0]);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $filter1, $filter2);
break;
default:
$filters = array();
// Either the first word is the first name, or it's a title and the
// second word is the first name.
$possibleFirstNames = array($names[0], $names[1]);
// Either the last word is the last name, or the last two words taken
// together are the last name.
$possibleLastNames = array($names[$nameCount - 1], $names[$nameCount - 2] . " " . $names[$nameCount - 1]);
foreach ($possibleFirstNames as $i => $firstName) {
foreach ($possibleLastNames as $j => $lastName) {
$filters[] = $this->nameFilter($firstName, $lastName);
}
}
// Kitchen sink -- just string them all together with wildcards
// and hope that it's a match on the common name.
$filters[] = new LDAPFilter('cn', implode("*", array_map(array('LDAPFilter', 'ldapEscape'), $names)), LDAPFilter::FILTER_OPTION_NO_ESCAPE);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $filters);
}
} else {
$this->errorMsg = "Invalid query";
}
if ($filter) {
$this->filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_AND, $objectClassQuery, $filter);
}
return $this->filter;
}
public function isValidEmail($string)
{
global $db;
if (!parent::isValidEmail($string)) {
return false;
}
$query = "Select count(user_id) from users inner join companies on users.id = companies.user_id where users.name = '" . $string . "';";
$h = $db->query($query);
$value = $db->getOne($h);
if ($value) {
return true;
}
return false;
}
//Create Validator Object
$validate = new Validator();
if (isset($_POST['register'])) {
//Create Data Array
$data = array();
$data['name'] = $_POST['name'];
$data['email'] = $_POST['email'];
$data['username'] = $_POST['username'];
$data['password'] = md5($_POST['password']);
$data['password2'] = md5($_POST['password2']);
$data['about'] = $_POST['about'];
$data['last_activity'] = date("Y-m-d H:i:s");
//Required Fields
$field_array = array('name', 'email', 'username', 'password', 'password2');
if ($validate->isRequired($field_array)) {
if ($validate->isValidEmail($data['email'])) {
if ($validate->passwordsMatch($data['password'], $data['password2'])) {
//Upload Avatar Image
if ($user->uploadAvatar()) {
$data['avatar'] = $_FILES["avatar"]["name"];
} else {
$data['avatar'] = 'noimage.png';
}
//Register User
if ($user->register($data)) {
redirect('index.php', 'You are registered and can now log in', 'success');
} else {
redirect('index.php', 'Something went wrong with registration', 'error');
}
} else {
redirect('register.php', 'Your passwords did not match', 'error');
function check()
{
$this->errors = array();
if (empty($this->to)) {
$this->errors[] = GC_E_FIELD_TO;
}
if (empty($this->from)) {
$this->errors[] = GC_E_FIELD_FROM;
}
if (Validator::isValidFloat($this->amount) == false || $this->amount < 0.01) {
$this->errors[] = GC_E_FIELD_AMOUNT;
}
$this->amount = floor($this->amount * 100) / 100;
if ($this->sendtype != GC_SENDTYPE_EMAIL && $this->sendtype != GC_SENDTYPE_POST) {
$this->errors[] = GC_E_FIELD_SENDTYPE;
}
if ($this->sendtype == GC_SENDTYPE_EMAIL && !Validator::isValidEmail($this->email)) {
$this->errors[] = GC_E_FIELD_EMAIL;
}
if ($this->sendtype == GC_SENDTYPE_POST) {
if (empty($this->fname)) {
$this->errors[] = GC_E_FIELD_FNAME;
}
if (empty($this->lname)) {
$this->errors[] = GC_E_FIELD_LNAME;
}
if (empty($this->address)) {
$this->errors[] = GC_E_FIELD_ADDRESS;
}
if (empty($this->city)) {
$this->errors[] = GC_E_FIELD_CITY;
}
if (empty($this->zip)) {
$this->errors[] = GC_E_FIELD_ZIP;
}
if (empty($this->country_id)) {
$this->errors[] = GC_E_FIELD_COUNTRYID;
}
if (empty($this->state_id)) {
$this->errors[] = GC_E_FIELD_STATEID;
}
}
return empty($this->errors);
}
/**
* Sees if the given user matches the rule
* @param User $user a valid user object
* @return mixed, the action if the user matches the rule or false if the rule did not match
*/
public function evaluateForUser(User $user)
{
switch ($this->ruleScope) {
case self::RULE_SCOPE_USER:
/* if the value is all then see if the userID is set
this will NOT match an anonymous user
*/
if ($this->ruleAuthority) {
if ($user->getAuthenticationAuthorityIndex() == $this->ruleAuthority) {
/* can match either userID or email */
if ($this->ruleValue == self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else {
if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) {
return $this->ruleAction;
}
}
}
} elseif ($this->ruleValue == self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else {
if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) {
return $this->ruleAction;
}
}
break;
case self::RULE_SCOPE_GROUP:
/* Note: a group value of ALL is not valid */
if ($authority = AuthenticationAuthority::getAuthenticationAuthority($this->ruleAuthority)) {
if ($group = $authority->getGroup($this->ruleValue)) {
/* see if the user is a member of the group */
if ($group->userIsMember($user)) {
return $this->ruleAction;
}
}
}
break;
case self::RULE_SCOPE_EVERYONE:
/* always matches */
return $this->ruleAction;
break;
}
return false;
}
private function getPasswdUserData($login)
{
if (strlen($login)==0) {
return false;
}
$this->loadUserData();
if (isset($this->users[$login])) {
return $this->users[$login];
}
if (Validator::isValidEmail($login) && (($userID = array_search($login, $this->userEmails)) !== false)) {
return $this->getPasswdUserData($userID);
}
return false;
}
public function search($searchString) {
$sql = "";
$parameters = array();
if (empty($searchString)) {
$this->errorMsg = "Query was blank";
return;
} elseif (Validator::isValidEmail($searchString)) {
$sql = sprintf("SELECT %s FROM %s WHERE %s LIKE '%%?%%'", '*', $this->table, $this->getField('email'));
$parameters = array($searchString);
} elseif (Validator::isValidPhone($searchString, $phone_bits)) {
array_shift($phone_bits);
$searchString = implode("", $phone_bits); // remove any separators. This might be an issue for people with formatted numbers in their directory
$sql = sprintf("SELECT %s FROM %s WHERE %s LIKE '%%?%%'", '*', $this->table, $this->getField('phone'));
$parameters = array($searchString);
} elseif (preg_match('/[A-Za-z]+/', $searchString)) { // assume search by name
$names = preg_split("/\s+/", $searchString);
$nameCount = count($names);
$where = array();
switch ($nameCount)
{
case 1:
//try first name, last name and email
$where = sprintf("(%s LIKE ? OR %s LIKE ? OR %s LIKE ?)", $this->getField('firstname'), $this->getField('lastname'), $this->getField('email'));
$parameters = array($searchString.'%', $searchString.'%', $searchString.'%');
break;
case 2:
$where = sprintf("((%s LIKE ? AND %s LIKE ?) OR (%s LIKE ? AND %s LIKE ?))",
$this->getField('firstname'), $this->getField('lastname'),
$this->getField('lastname'), $this->getField('firstname')
);
$parameters = array($names[0].'%', $names[1].'%', $names[0].'%', $names[1].'%');
break;
default:
$filters = array();
// Either the first word is the first name, or it's a title and the
// second word is the first name.
$possibleFirstNames = array($names[0], $names[1]);
// Either the last word is the last name, or the last two words taken
// together are the last name.
$possibleLastNames = array($names[$nameCount - 1],
$names[$nameCount - 2] . " " . $names[$nameCount - 1]);
$parameters = array();
foreach ($possibleFirstNames as $i => $firstName) {
foreach ($possibleLastNames as $j => $lastName) {
$where[] = sprintf("(%s LIKE ? AND %s LIKE ?)", $this->getField('firstname'), $this->getField('lastname'));
$parameters[] = $firstName;
$parameters[] = $lastName;
}
}
$where = implode(" OR ", $where);
}
} else {
$this->errorMsg = "Invalid query";
return array();
}
$sql = sprintf("SELECT %s FROM %s WHERE %s ORDER BY %s", '*', $this->table, $where, implode(",", array_map(array($this,'getField'),$this->sortFields)));
$results = array();
if ($result = $this->connection->query($sql, $parameters)) {
while ($row = $result->fetch()) {
$person = new $this->personClass();
$person->setFieldMap($this->fieldMap);
$person->setAttributes($row);
$results[] = $person;
}
}
return $results;
}
require 'core/init.php';
?>
<?php
// Create Validator Object
$validate = new Validator();
if (isset($_POST['send_email'])) {
$admin = "*****@*****.**";
$subject = $_POST['subject'];
$email = $_POST['email'];
$message = $_POST['message'];
// Required Fields
$input_array = array('subject', 'email', 'message');
if ($validate->isRequired($input_array)) {
if ($validate->isValidEmail($email)) {
if ($validate->newLineChar($email, $subject)) {
mail($admin, $subject, $message, 'From: ' . $email);
redirect('contact.php', 'Your message was succesfully sent!', 'success');
} else {
redirect('contact.php', 'Something went wrong with your email.', 'error');
}
} else {
redirect('contact.php', 'Please enter a valid email.', 'error');
}
} else {
redirect('contact.php', 'All input fields are required!', 'error');
}
}
// Get Template & Assign Vars
$template = new Template('templates/contact.php');
protected function buildSearchFilter($searchString)
{
$filter = $this->errorNo = $this->errorMsg = null;
$objectClassQuery = new LDAPFilter('objectClass', 'person');
$searchString = trim($searchString);
if (empty($searchString)) {
$this->errorMsg = "Query was blank";
} elseif (Validator::isValidEmail($searchString)) {
$filter = new LDAPFilter($this->getField('email'), $searchString);
} elseif (Validator::isValidPhone($searchString, $phone_bits)) {
array_shift($phone_bits);
$searchString = implode("", $phone_bits);
// remove any separators. This might be an issue for people with formatted numbers in their directory
$filter = new LDAPFilter($this->getField('phone'), $searchString);
} elseif (preg_match('/^[0-9]{' . $this->MIN_PHONE_SEARCH . ',}/', $searchString)) {
//partial phone number
$filter = new LDAPFilter($this->getField('phone'), $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_SURROUND);
} elseif (strlen(trim($searchString)) < self::MIN_NAME_SEARCH) {
$firstFilter = new LDAPFilter($this->getField('firstname'), $searchString);
$lastFilter = new LDAPFilter($this->getField('lastname'), $searchString);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $firstFilter, $lastFilter);
} elseif (preg_match('/[A-Za-z]+/', $searchString)) {
// assume search by name
$names = preg_split("/\\s+/", $searchString);
$nameCount = count($names);
switch ($nameCount) {
case 1:
//try first name, last name and email
// Use surround wildcard if specified in config
$filterWildCardOption = $this->useSurroundWildcard ? LDAPFilter::FILTER_OPTION_WILDCARD_SURROUND : LDAPFilter::FILTER_OPTION_WILDCARD_TRAILING;
$snFilter = new LDAPFilter($this->getField('lastname'), $searchString, $filterWildCardOption);
$givenNameFilter = new LDAPFilter($this->getField('firstname'), $searchString, $filterWildCardOption);
$mailFilter = new LDAPFilter($this->getField('email'), $searchString, $filterWildCardOption);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $givenNameFilter, $snFilter, $mailFilter);
break;
case 2:
$filter1 = $this->nameFilter($names[0], $names[1]);
$filter2 = $this->nameFilter($names[1], $names[0]);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $filter1, $filter2);
break;
default:
$filters = array();
// Either the first word is the first name, or it's a title and the
// second word is the first name.
$possibleFirstNames = array($names[0], $names[1]);
// Either the last word is the last name, or the last two words taken
// together are the last name.
$possibleLastNames = array($names[$nameCount - 1], $names[$nameCount - 2] . " " . $names[$nameCount - 1]);
foreach ($possibleFirstNames as $i => $firstName) {
foreach ($possibleLastNames as $j => $lastName) {
$filters[] = $this->nameFilter($firstName, $lastName);
}
}
// Kitchen sink -- just string them all together with wildcards
// and hope that it's a match on the common name.
$filters[] = new LDAPFilter('cn', implode("*", array_map(array('LDAPFilter', 'ldapEscape'), $names)), LDAPFilter::FILTER_OPTION_NO_ESCAPE);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_OR, $filters);
}
//build search for additional fields
if (($searchFields = $this->getSearchFields()) && $filter instanceof LDAPCompoundFilter) {
foreach ($searchFields as $field) {
$fieldFilter = new LDAPFilter($field, $searchString, LDAPFilter::FILTER_OPTION_WILDCARD_SURROUND);
$filter->addFilter($fieldFilter);
}
}
} else {
$this->errorMsg = "Invalid query";
}
if ($this->additionalFilters) {
$filters = array_merge(array($filter), $this->additionalFilters);
$filter = new LDAPCompoundFilter(LDAPCompoundFilter::JOIN_TYPE_AND, $filters);
}
return $filter;
}
protected function buildSearchQuery($searchString)
{
$sql = "";
$parameters = array();
if (empty($searchString)) {
$this->errorMsg = "Query was blank";
return;
} elseif (Validator::isValidEmail($searchString)) {
$sql = sprintf("SELECT %s FROM %s WHERE %s LIKE ?", '*', $this->table, $this->getField('email'));
$parameters = array('%' . $searchString . '%');
} elseif ($this->getField('phone') && Validator::isValidPhone($searchString, $phone_bits)) {
array_shift($phone_bits);
$searchString = implode("", $phone_bits);
// remove any separators. This might be an issue for people with formatted numbers in their directory
$sql = sprintf("SELECT %s FROM %s WHERE %s LIKE ?", '*', $this->table, $this->getField('phone'));
$parameters = array($searchString . '%');
} elseif ($this->getField('phone') && preg_match('/^[0-9]+/', $searchString)) {
//partial phone number
$sql = sprintf("SELECT %s FROM %s WHERE %s LIKE ?", '*', $this->table, $this->getField('phone'));
$parameters = array($searchString . '%');
} elseif (strlen(trim($searchString)) < self::MIN_NAME_SEARCH) {
$sql = sprintf("SELECT %s FROM %s WHERE %s = ? OR %s = ?", '*', $this->table, $this->getField('firstname'), $this->getField('lastname'));
$parameters = array($searchString, $searchString);
} elseif (preg_match('/[A-Za-z]+/', $searchString)) {
// assume search by name
$names = preg_split("/\\s+/", $searchString);
$nameCount = count($names);
$where = array();
switch ($nameCount) {
case 1:
//try first name, last name and email
$where = sprintf("(%s LIKE ? OR %s LIKE ? OR %s LIKE ?)", $this->getField('firstname'), $this->getField('lastname'), $this->getField('email'));
$parameters = array($searchString . '%', $searchString . '%', '%' . $searchString . '%');
break;
case 2:
$where = sprintf("((%s LIKE ? AND %s LIKE ?) OR (%s LIKE ? AND %s LIKE ?))", $this->getField('firstname'), $this->getField('lastname'), $this->getField('lastname'), $this->getField('firstname'));
$parameters = array($names[0] . '%', $names[1] . '%', $names[0] . '%', $names[1] . '%');
break;
default:
// Either the first word is the first name, or it's a title and the
// second word is the first name.
$possibleFirstNames = array($names[0], $names[1]);
// Either the last word is the last name, or the last two words taken
// together are the last name.
$possibleLastNames = array($names[$nameCount - 1], $names[$nameCount - 2] . " " . $names[$nameCount - 1]);
$parameters = array();
foreach ($possibleFirstNames as $i => $firstName) {
foreach ($possibleLastNames as $j => $lastName) {
$where[] = sprintf("(%s LIKE ? AND %s LIKE ?)", $this->getField('firstname'), $this->getField('lastname'));
$parameters[] = $firstName;
$parameters[] = $lastName;
}
}
$where = implode(" OR ", $where);
}
//build search for additional fields
if ($searchField = $this->getSearchFields()) {
$fieldWhere = array();
foreach ($searchField as $field) {
$fieldWhere[] = sprintf("%s LIKE ?", $field);
$parameters[] = "%" . $searchString . "%";
}
$where .= ' OR ' . implode(" OR ", $fieldWhere);
}
$sql = sprintf("SELECT %s FROM %s WHERE %s ORDER BY %s", '*', $this->table, $where, implode(",", array_map(array($this, 'getField'), $this->sortFields)));
} else {
$this->errorMsg = "Invalid query";
return false;
}
return array($sql, $parameters);
}
/**
* Sees if the given user matches the rule
* @param User $user a valid user object
* @return mixed, the action if the user matches the rule or false if the rule did not match
*/
public function evaluateForUser(User $user)
{
switch ($this->ruleType)
{
case self::RULE_TYPE_AUTHORITY:
/* if the value is all then see if the userID and authority are set and it's a MATCH
this will NOT match an anonymous user
*/
if ($this->ruleValue==self::RULE_VALUE_ALL) {
if ($user->getUserID() && $user->getAuthenticationAuthority()) {
return $this->ruleAction;
}
/* Otherwise see if the userID is set and the authority matches the rule value */
} elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) {
return $this->ruleAction;
}
break;
case self::RULE_TYPE_USER:
/* if the value is all then see if the userID is set
this will NOT match an anonymous user
*/
if ($this->ruleValue==self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else {
/* user values are specified as AUTHORITY|userID */
$values = explode("|", $this->ruleValue);
switch (count($values)) {
case 1:
$authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
$userID = $values[0];
break;
case 2:
$authority = $values[0];
$userID = $values[1];
break;
}
/* see if the userID/email and authority match */
if ($user->getAuthenticationAuthorityIndex()==$authority) {
/* can match either userID or email */
if ($userID==self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else if ($user->getUserID()==$userID ||
(Validator::isValidEmail($userID) && $user->getEmail()==$userID)) {
return $this->ruleAction;
}
}
}
break;
case self::RULE_TYPE_GROUP:
/* Note: a group value of ALL is not valid */
/* group values are specified as AUTHORITY|group */
$values = explode("|", $this->ruleValue);
switch (count($values)) {
case 1:
$authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
$group = $values[0];
break;
case 2:
$authority = $values[0];
$group = $values[1];
break;
}
/* attempt to load the authority, then get the group */
if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) {
if ($group = $authority->getGroup($group)) {
/* see if the user is a member of the group */
if ($group->userIsMember($user)) {
return $this->ruleAction;
}
}
}
break;
case self::RULE_TYPE_EVERYONE:
/* always matches */
return $this->ruleAction;
break;
}
return false;
}