PHP security\Models\Authenticator Authenticate::cleanString示例

示例#1

文件： AddNewCustomerController.php 项目： anhnt4288/owaspsecuritywithphp

 $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER);
 $errorRunner = new ErrorRunner();
 $logger = new FullLog('Add New Customer Form');
 $logger->serverData();
 $checkAuth = new CheckAuth($logger);
 $redis = new RedisSingleton();
 $blackList = new BlackLister($redis);
 $error = error_get_last();
 $errors = [];
 $files = null;
 if ($numFiles) {
     for ($i = 0; $i < intval($numFiles); $i += 1) {
         $files = $_FILES;
     }
 }
 $username = !empty($username) ? $auth->cleanString($username) : null;
 $password = !empty($password) ? $password : null;
 $email = !empty($email) ? $auth->vEmail($email) : null;
 $address = !empty($address) ? $auth->cleanString($address) : null;
 $phone = !empty($phone) ? $auth->vPhone($phone) : null;
 $stop = !empty($stop) ? true : false;
 $potentialAbuse = isset($potentialAbuse) ? $auth->cInt($potentialAbuse) : null;
 if ($stop) {
     return false;
 }
 $instructions = !empty(trim($instructions)) ? $auth->cleanString($instructions) : null;
 $action = !empty($action) ? $auth->cleanString($action) : null;
 $username || ($errors[] = "No username was sent over.");
 $email || ($errors[] = "No email was sent over or an invalid Email was sent.");
 $address || ($errors[] = "No address was sent over.");
 $phone || ($errors[] = "No phone number was sent over.");

示例#2

文件： CustomerLoginController.php 项目： anhnt4288/owaspsecuritywithphp

        return $this->data;
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $errors = [];
    $auth = new Authenticate();
    $errorRunner = new ErrorRunner();
    $redis = new RedisSingleton();
    $blackList = new BlackLister($redis);
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER);
    $logger = new FullLog("Customer Login");
    $logger->serverData();
    $userName = !empty($userName) ? $auth->cleanString($userName) : null;
    $password = !empty($password) ? $password : null;
    $postCsrf = isset($csrf) ? $csrf : null;
    $sessionToken = isset($_SESSION['csrf_token']) ? $_SESSION['csrf_token'] : null;
    if (!$sessionToken || $sessionToken !== $postCsrf) {
        // Session token will not be set if the website is not SSL Encrypted.
        $errors[] = "This form does not appear to have originated on our site.";
    }
    $userName || ($errors[] = "No username was sent over.");
    $password || ($errors[] = "No password was sent over.");
    if (empty($errors)) {
        $models = new stdClass();
        $models->pdo = $pdo;
        $models->redis = $redis;
        $models->errorRunner = $errorRunner;
        $models->blackList = $blackList;

示例#3

文件： CorporateLoginController.php 项目： anhnt4288/owaspsecuritywithphp

        return $this->data;
    }
}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    extract($_POST);
    extract($_GET);
    $errors = [];
    $auth = new Authenticate();
    $errorRunner = new ErrorRunner();
    $redis = new RedisSingleton();
    $blackList = new BlackLister($redis);
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER);
    $logger = new FullLog('Corporate Login');
    $logger->serverData();
    $userName = !empty($userName) ? $auth->cleanString($userName) : null;
    $password = !empty($password) ? $password : null;
    $action = !empty($action) ? $auth->cleanString($action) : null;
    $userName || ($errors[] = "No email was sent over.");
    $password || ($errors[] = "No password was sent over.");
    if (empty($errors)) {
        $modelObjects = new StdClass();
        $modelObjects->pdo = $pdo;
        $modelObjects->redis = $redis;
        $modelObjects->errorRunner = $errorRunner;
        $modelObjects->blackList = $blackList;
        $modelObjects->logger = $logger;
        $corporateLoginData = new StdClass();
        $corporateLoginData->userName = $userName;
        $corporateLoginData->password = $password;
        $controller = new CorporateLoginController($modelObjects, $corporateLoginData);

示例#4

文件： EditCustomerController.php 项目： anhnt4288/owaspsecuritywithphp

}
if (isset($_POST['submit']) || isset($_GET['submit'])) {
    // Add a PDOSingleton User here.
    extract($_GET);
    extract($_POST);
    $auth = new Authenticate();
    $isAjax = isset($isAjax) && $auth->isAjax() ? true : false;
    $pdo = new PDOSingleton();
    $errorRunner = new ErrorRunner();
    $logger = new FullLog('Customer Editing Account');
    $logger->serverData();
    $checkAuth = new CheckAuth($logger);
    $redis = new RedisSingleton();
    $errors = [];
    extract($_POST);
    $username = !empty($username) ? $auth->cleanString($username) : null;
    $password = !empty($password) ? $password : null;
    $newpassword = !empty($newpassword) ? $newpassword : null;
    $newpasswordConfirm = !empty($newpasswordConfirm) ? $newpasswordConfirm : null;
    $email = !empty($email) ? $auth->vEmail($email) : null;
    $address = !empty($address) ? $auth->cleanString($address) : null;
    $phone = !empty($phone) ? $phone : null;
    $city = !empty($city) ? $auth->cleanString($city) : null;
    $state = !empty($state) ? $auth->cleanString($state) : null;
    $countryCode = !empty($countryCode) ? $auth->cleanString($countryCode) : null;
    $zip = !empty($zip) ? $auth->cleanString($zip) : null;
    $csrf = !empty($csrf) ? $csrf : null;
    if ($phone) {
        $phone = $auth->vPhone($phone) or $errors[] = "Invalid phone format.";
    }
    $instructions = !empty(trim($instructions)) ? $auth->cleanString($instructions) : null;