function securityCheck($postData)
{
$postData = parent::securityCheck($postData);
// import joomla clases to manage file system
jimport('joomla.filesystem.path');
jimport('joomla.filesystem.file');
// get the requested profile id
$pf = $postData['pf'];
$profile = $this->getProfile($pf);
// get the list of the fields from the contact form
$fields = $this->readFields($profile);
// check if all required fields are completed
$isOK = true;
// if the values are sent from aiContactSafeLink deactivate highlight_errors
$dt = JRequest::getVar('dt', 0, 'post', 'int');
// record the fields with problems and the error message to display
$fieldsWithErrors = array();
// record rquired fields uncompleted
$empty_required_fields = '';
// record invalid email fields
$invalid_email_fields = '';
// record limit excede fields
$limit_exceded_fields = '';
// record invalid number fields
$invalid_number_fields = '';
// record invalid format file
$invalid_format_file = '';
// record files to bit
$files_to_big = '';
// record invalid cc fields
$invalid_cc_fields = '';
// check each field
foreach ($fields as $field) {
$field->field_label = $this->revert_specialchars($field->field_label);
// initialize the resoult of the check
$isOKfield = true;
// check if the field is required
if ($field->field_required) {
// check if the field is required
switch ($field->field_type) {
case 'TX':
// Textbox
if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'CK':
// Checkbox
if (array_key_exists($field->name, $postData)) {
if (array_key_exists($field->name, $postData) && $postData[$field->name]) {
// checked
} else {
$isOKfield = false;
}
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'CB':
// Combobox
if (array_key_exists($field->name, $postData) && $postData[$field->name] == -1) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'ED':
// Editbox
if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'CL':
// Checkbox - List
$postDataValue = array();
if (array_key_exists($field->name, $postData) && is_array($postData[$field->name])) {
$field_values = explode(';', $this->revert_specialchars($field->field_values));
foreach ($postData[$field->name] as $i => $v) {
if ($v == 1) {
$postDataValue[] = $field_values[$i];
}
}
}
if (array_key_exists($field->name, $postData) && count($postDataValue) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'RL':
// Radio - List
if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'DT':
// Date
break;
case 'EM':
// Email
if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'EL':
// Email - List
if (array_key_exists($field->name, $postData) && $postData[$field->name] == -1) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'JC':
// Joomla Contacts
if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'JU':
// Joomla Users
if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'SB':
// SOBI2 Entries
if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'HD':
// Hidden
break;
case 'SP':
// Separator
break;
case 'FL':
// File
if (array_key_exists($field->name . '_attachment_name', $postData) && strlen(trim($postData[$field->name . '_attachment_name'])) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name . '_attachment_name', $postData)) {
$isOKfield = false;
}
}
break;
case 'NO':
// Number
if (array_key_exists($field->name, $postData) && (strlen($postData[$field->name]) == 0 || $postData[$field->name] == 0)) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name, $postData)) {
$isOKfield = false;
}
}
break;
case 'HE':
// Hidden Email
break;
case 'UQ':
// Unique text
break;
case 'CC':
// Credit card
if (array_key_exists($field->name . '_creditcardnumber', $postData) && strlen($postData[$field->name . '_creditcardnumber']) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name . '_creditcardnumber', $postData)) {
$isOKfield = false;
}
}
if (array_key_exists($field->name . '_creditcardverification', $postData) && strlen($postData[$field->name . '_creditcardverification']) == 0) {
$isOKfield = false;
} else {
if (!array_key_exists($field->name . '_creditcardverification', $postData)) {
$isOKfield = false;
}
}
break;
}
// if the field is required check if it's a file
}
if (!$isOKfield) {
$isOK = false;
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($empty_required_fields) > 0) {
$empty_required_fields .= ', ';
}
$empty_required_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_ALL_REQUIRED_FIELDS') . (strlen($empty_required_fields) > 0 ? ' ( ' . $empty_required_fields . ' ) ' : ''));
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_ALL_REQUIRED_FIELDS');
}
}
if ($field->field_type == 'EM' && array_key_exists($field->name, $postData) && strlen($postData[$field->name]) > 0) {
if (!$this->validateEmail($postData[$field->name])) {
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($invalid_email_fields) > 0) {
$invalid_email_fields .= ', ';
}
$invalid_email_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_EMAIL_ADDRESS') . ' ( ' . $invalid_email_fields . ' ) ');
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_EMAIL_ADDRESS');
}
}
}
if ($field->field_type == 'DT' && array_key_exists($field->name . '_' . $pf, $postData)) {
$postData[$field->name] = $postData[$field->name . '_' . $pf];
}
if ($field->field_type == 'ED' || $field->field_type == 'HD') {
$field_value = JRequest::getVar($field->name, '', 'post', 'string', JREQUEST_ALLOWHTML);
$postData[$field->name] = $field_value;
}
if (array_key_exists($field->name, $postData) && ($field->field_type == 'TX' || $field->field_type == 'ED' || $field->field_type == 'ED')) {
if (function_exists('mb_strlen')) {
$current_field_length = (int) @mb_strlen($postData[$field->name], 'latin1');
if ($current_field_length == 0) {
$current_field_length = strlen($postData[$field->name]);
}
} else {
$current_field_length = strlen($postData[$field->name]);
}
if ($field->field_limit > 0 && $current_field_length > $field->field_limit) {
$isOK = false;
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($limit_exceded_fields) > 0) {
$limit_exceded_fields .= ', ';
}
$limit_exceded_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_MAXIMUM_CHARACTERS_EXCEEDED') . ' ( ' . $limit_exceded_fields . ' ) ');
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_MAXIMUM_CHARACTERS_EXCEEDED');
}
}
}
if (array_key_exists($field->name, $postData) && $field->field_type == 'NO' && strlen(trim($postData[$field->name])) > 0 && !is_numeric($postData[$field->name])) {
$isOK = false;
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($invalid_number_fields) > 0) {
$invalid_number_fields .= ', ';
}
$invalid_number_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_NUMBER') . ' ( ' . $invalid_number_fields . ' ) ');
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_NUMBER');
}
}
// check if the cc field is valid
if ($field->field_type == 'CC') {
if (array_key_exists($field->name . '_creditcardnumber', $postData) && strlen($postData[$field->name . '_creditcardnumber']) > 0) {
$cc_error = false;
$cc_number = $postData[$field->name . '_creditcardnumber'];
$cc_number = trim(str_replace('-', '', str_replace(' ', '', $cc_number)));
$cc_error = strlen($cc_number) != 16;
if (!$cc_error) {
$valid_cc = 0;
for ($i = 0; $i < 15; $i++) {
if ($i == 0 || $i % 2) {
$valid_cc += (int) substr($cc_number, $i, 1);
} else {
$doubled_digit = (int) substr($cc_number, $i, 1) * 2;
$doubled_digit = str_pad($doubled_digit, 2, '0', STR_PAD_LEFT);
$valid_cc += (int) substr($doubled_digit, 0, 1) + (int) substr($doubled_digit, 1, 1);
}
}
$valid_cc += (int) substr($cc_number, 15, 1);
if ($valid_cc % 10) {
$cc_error = false;
} else {
$cc_error = true;
}
}
if (!$cc_error) {
$cc_error = strlen(trim(str_replace(' ', '', $postData[$field->name . '_creditcardverification']))) != 3;
}
if ($cc_error) {
$isOK = false;
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($invalid_cc_fields) > 0) {
$invalid_cc_fields .= ', ';
}
$invalid_cc_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_NUMBER') . ' ( ' . $invalid_number_fields . ' ) ');
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_NUMBER');
}
} else {
if ($postData[$field->name . '_creditcardexpirationyear'] == date('Y') && $postData[$field->name . '_creditcardexpirationmonth'] < date('m')) {
$isOK = false;
$this->_app->_session->set('isOK:' . $this->_sTask, false);
if (strlen($invalid_cc_fields) > 0) {
$invalid_cc_fields .= ', ';
}
$invalid_cc_fields .= $field->field_label;
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_DATE') . ' ( ' . $invalid_number_fields . ' ) ');
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists($field->id, $fieldsWithErrors)) {
$fieldsWithErrors[$field->id] = array();
}
$fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_DATE');
}
}
}
}
}
}
// test for captcha
if ($isOK) {
if ($profile->use_captcha == 1 || $profile->use_captcha == 2 && $this->_user_id == 0) {
switch ($profile->captcha_type) {
case 0:
$session = JFactory::getSession();
$captcha_code = $session->get('captcha_code_' . $pf);
if (array_key_exists('captcha-code', $postData) && ($captcha_code != $postData['captcha-code'] || strlen($postData['captcha-code']) == 0)) {
$this->_app->_session->set('isOK:' . $this->_sTask, false);
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT'));
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists('captcha-code', $fieldsWithErrors)) {
$fieldsWithErrors['captcha-code'] = array();
}
$fieldsWithErrors['captcha-code'][] = JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT');
}
}
break;
case 1:
JPluginHelper::importPlugin('content', 'captcha');
$dispatcher = JDispatcher::getInstance();
$session = JFactory::getSession();
$_SESSION['securimage_code_value'] = $session->get('securimage_code_value');
$captchaParam = new JParameter('returnType=boolean');
$validateCaptcha = $dispatcher->trigger('onValidateForm', array($captchaParam));
if (is_array($validateCaptcha)) {
$validateCaptcha = implode('', $validateCaptcha);
}
if ($validateCaptcha !== true && $validateCaptcha != 1 && $validateCaptcha != '1') {
$this->_app->_session->set('isOK:' . $this->_sTask, false);
$this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT'));
if ($dt == 0 && $this->_config_values['highlight_errors']) {
if (!array_key_exists('captcha-code', $fieldsWithErrors)) {
$fieldsWithErrors['captcha-code'] = array();
}
$fieldsWithErrors['captcha-code'][] = JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT');
}
}
break;
}
}
}
if ($dt == 0 && $this->_config_values['highlight_errors'] && !$this->_app->_session->get('isOK:' . $this->_sTask)) {
$r_id = JRequest::getInt('r_id');
$this->_app->_session->set('fieldsWithErrors:' . $this->_sTask . '_' . $profile->id . '_' . $r_id, $fieldsWithErrors);
}
return $postData;
}
