function securityCheck($postData) { $postData = parent::securityCheck($postData); // import joomla clases to manage file system jimport('joomla.filesystem.path'); jimport('joomla.filesystem.file'); // get the requested profile id $pf = $postData['pf']; $profile = $this->getProfile($pf); // get the list of the fields from the contact form $fields = $this->readFields($profile); // check if all required fields are completed $isOK = true; // if the values are sent from aiContactSafeLink deactivate highlight_errors $dt = JRequest::getVar('dt', 0, 'post', 'int'); // record the fields with problems and the error message to display $fieldsWithErrors = array(); // record rquired fields uncompleted $empty_required_fields = ''; // record invalid email fields $invalid_email_fields = ''; // record limit excede fields $limit_exceded_fields = ''; // record invalid number fields $invalid_number_fields = ''; // record invalid format file $invalid_format_file = ''; // record files to bit $files_to_big = ''; // record invalid cc fields $invalid_cc_fields = ''; // check each field foreach ($fields as $field) { $field->field_label = $this->revert_specialchars($field->field_label); // initialize the resoult of the check $isOKfield = true; // check if the field is required if ($field->field_required) { // check if the field is required switch ($field->field_type) { case 'TX': // Textbox if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'CK': // Checkbox if (array_key_exists($field->name, $postData)) { if (array_key_exists($field->name, $postData) && $postData[$field->name]) { // checked } else { $isOKfield = false; } } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'CB': // Combobox if (array_key_exists($field->name, $postData) && $postData[$field->name] == -1) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'ED': // Editbox if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'CL': // Checkbox - List $postDataValue = array(); if (array_key_exists($field->name, $postData) && is_array($postData[$field->name])) { $field_values = explode(';', $this->revert_specialchars($field->field_values)); foreach ($postData[$field->name] as $i => $v) { if ($v == 1) { $postDataValue[] = $field_values[$i]; } } } if (array_key_exists($field->name, $postData) && count($postDataValue) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'RL': // Radio - List if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'DT': // Date break; case 'EM': // Email if (array_key_exists($field->name, $postData) && strlen($postData[$field->name]) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'EL': // Email - List if (array_key_exists($field->name, $postData) && $postData[$field->name] == -1) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'JC': // Joomla Contacts if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'JU': // Joomla Users if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'SB': // SOBI2 Entries if (array_key_exists($field->name, $postData) && $postData[$field->name] == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'HD': // Hidden break; case 'SP': // Separator break; case 'FL': // File if (array_key_exists($field->name . '_attachment_name', $postData) && strlen(trim($postData[$field->name . '_attachment_name'])) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name . '_attachment_name', $postData)) { $isOKfield = false; } } break; case 'NO': // Number if (array_key_exists($field->name, $postData) && (strlen($postData[$field->name]) == 0 || $postData[$field->name] == 0)) { $isOKfield = false; } else { if (!array_key_exists($field->name, $postData)) { $isOKfield = false; } } break; case 'HE': // Hidden Email break; case 'UQ': // Unique text break; case 'CC': // Credit card if (array_key_exists($field->name . '_creditcardnumber', $postData) && strlen($postData[$field->name . '_creditcardnumber']) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name . '_creditcardnumber', $postData)) { $isOKfield = false; } } if (array_key_exists($field->name . '_creditcardverification', $postData) && strlen($postData[$field->name . '_creditcardverification']) == 0) { $isOKfield = false; } else { if (!array_key_exists($field->name . '_creditcardverification', $postData)) { $isOKfield = false; } } break; } // if the field is required check if it's a file } if (!$isOKfield) { $isOK = false; $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($empty_required_fields) > 0) { $empty_required_fields .= ', '; } $empty_required_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_ALL_REQUIRED_FIELDS') . (strlen($empty_required_fields) > 0 ? ' ( ' . $empty_required_fields . ' ) ' : '')); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_ALL_REQUIRED_FIELDS'); } } if ($field->field_type == 'EM' && array_key_exists($field->name, $postData) && strlen($postData[$field->name]) > 0) { if (!$this->validateEmail($postData[$field->name])) { $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($invalid_email_fields) > 0) { $invalid_email_fields .= ', '; } $invalid_email_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_EMAIL_ADDRESS') . ' ( ' . $invalid_email_fields . ' ) '); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_EMAIL_ADDRESS'); } } } if ($field->field_type == 'DT' && array_key_exists($field->name . '_' . $pf, $postData)) { $postData[$field->name] = $postData[$field->name . '_' . $pf]; } if ($field->field_type == 'ED' || $field->field_type == 'HD') { $field_value = JRequest::getVar($field->name, '', 'post', 'string', JREQUEST_ALLOWHTML); $postData[$field->name] = $field_value; } if (array_key_exists($field->name, $postData) && ($field->field_type == 'TX' || $field->field_type == 'ED' || $field->field_type == 'ED')) { if (function_exists('mb_strlen')) { $current_field_length = (int) @mb_strlen($postData[$field->name], 'latin1'); if ($current_field_length == 0) { $current_field_length = strlen($postData[$field->name]); } } else { $current_field_length = strlen($postData[$field->name]); } if ($field->field_limit > 0 && $current_field_length > $field->field_limit) { $isOK = false; $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($limit_exceded_fields) > 0) { $limit_exceded_fields .= ', '; } $limit_exceded_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_MAXIMUM_CHARACTERS_EXCEEDED') . ' ( ' . $limit_exceded_fields . ' ) '); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_MAXIMUM_CHARACTERS_EXCEEDED'); } } } if (array_key_exists($field->name, $postData) && $field->field_type == 'NO' && strlen(trim($postData[$field->name])) > 0 && !is_numeric($postData[$field->name])) { $isOK = false; $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($invalid_number_fields) > 0) { $invalid_number_fields .= ', '; } $invalid_number_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_NUMBER') . ' ( ' . $invalid_number_fields . ' ) '); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_NUMBER'); } } // check if the cc field is valid if ($field->field_type == 'CC') { if (array_key_exists($field->name . '_creditcardnumber', $postData) && strlen($postData[$field->name . '_creditcardnumber']) > 0) { $cc_error = false; $cc_number = $postData[$field->name . '_creditcardnumber']; $cc_number = trim(str_replace('-', '', str_replace(' ', '', $cc_number))); $cc_error = strlen($cc_number) != 16; if (!$cc_error) { $valid_cc = 0; for ($i = 0; $i < 15; $i++) { if ($i == 0 || $i % 2) { $valid_cc += (int) substr($cc_number, $i, 1); } else { $doubled_digit = (int) substr($cc_number, $i, 1) * 2; $doubled_digit = str_pad($doubled_digit, 2, '0', STR_PAD_LEFT); $valid_cc += (int) substr($doubled_digit, 0, 1) + (int) substr($doubled_digit, 1, 1); } } $valid_cc += (int) substr($cc_number, 15, 1); if ($valid_cc % 10) { $cc_error = false; } else { $cc_error = true; } } if (!$cc_error) { $cc_error = strlen(trim(str_replace(' ', '', $postData[$field->name . '_creditcardverification']))) != 3; } if ($cc_error) { $isOK = false; $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($invalid_cc_fields) > 0) { $invalid_cc_fields .= ', '; } $invalid_cc_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_NUMBER') . ' ( ' . $invalid_number_fields . ' ) '); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_NUMBER'); } } else { if ($postData[$field->name . '_creditcardexpirationyear'] == date('Y') && $postData[$field->name . '_creditcardexpirationmonth'] < date('m')) { $isOK = false; $this->_app->_session->set('isOK:' . $this->_sTask, false); if (strlen($invalid_cc_fields) > 0) { $invalid_cc_fields .= ', '; } $invalid_cc_fields .= $field->field_label; $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_DATE') . ' ( ' . $invalid_number_fields . ' ) '); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists($field->id, $fieldsWithErrors)) { $fieldsWithErrors[$field->id] = array(); } $fieldsWithErrors[$field->id][] = JText::_('COM_AICONTACTSAFE_PLEASE_ENTER_A_VALID_CREDIT_CARD_DATE'); } } } } } } // test for captcha if ($isOK) { if ($profile->use_captcha == 1 || $profile->use_captcha == 2 && $this->_user_id == 0) { switch ($profile->captcha_type) { case 0: $session = JFactory::getSession(); $captcha_code = $session->get('captcha_code_' . $pf); if (array_key_exists('captcha-code', $postData) && ($captcha_code != $postData['captcha-code'] || strlen($postData['captcha-code']) == 0)) { $this->_app->_session->set('isOK:' . $this->_sTask, false); $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT')); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists('captcha-code', $fieldsWithErrors)) { $fieldsWithErrors['captcha-code'] = array(); } $fieldsWithErrors['captcha-code'][] = JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT'); } } break; case 1: JPluginHelper::importPlugin('content', 'captcha'); $dispatcher = JDispatcher::getInstance(); $session = JFactory::getSession(); $_SESSION['securimage_code_value'] = $session->get('securimage_code_value'); $captchaParam = new JParameter('returnType=boolean'); $validateCaptcha = $dispatcher->trigger('onValidateForm', array($captchaParam)); if (is_array($validateCaptcha)) { $validateCaptcha = implode('', $validateCaptcha); } if ($validateCaptcha !== true && $validateCaptcha != 1 && $validateCaptcha != '1') { $this->_app->_session->set('isOK:' . $this->_sTask, false); $this->_app->_session->set('errorMsg:' . $this->_sTask, JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT')); if ($dt == 0 && $this->_config_values['highlight_errors']) { if (!array_key_exists('captcha-code', $fieldsWithErrors)) { $fieldsWithErrors['captcha-code'] = array(); } $fieldsWithErrors['captcha-code'][] = JText::_('COM_AICONTACTSAFE_SECURITY_CODE_IS_NOT_CORRECT'); } } break; } } } if ($dt == 0 && $this->_config_values['highlight_errors'] && !$this->_app->_session->get('isOK:' . $this->_sTask)) { $r_id = JRequest::getInt('r_id'); $this->_app->_session->set('fieldsWithErrors:' . $this->_sTask . '_' . $profile->id . '_' . $r_id, $fieldsWithErrors); } return $postData; }