Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
/*********************************************************************
class.validator.php
Input validation helper. This class contains collection of functions used for data validation.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2012 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
class Validator {
var $input=array();
var $fields=array();
var $errors=array();
function Validator($fields=null) {
$this->setFields($fields);
}
function setFields(&$fields){
if($fields && is_array($fields)):
$this->fields=$fields;
return (true);
endif;
return (false);
}
function validate($source,$userinput=true){
$this->errors=array();
//Check the input and make sure the fields are specified.
if(!$source || !is_array($source))
$this->errors['err']='Invalid input';
elseif(!$this->fields || !is_array($this->fields))
$this->errors['err']='No fields setup';
//Abort on error
if($this->errors)
return false;
//if magic quotes are enabled - then try cleaning up inputs before validation...
if($userinput && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
$source=Format::strip_slashes($source);
$this->input=$source;
//Do the do.
foreach($this->fields as $k=>$field){
if(!$field['required'] && !$this->input[$k]) //NOT required...and no data provided...
continue;
if($field['required'] && !isset($this->input[$k]) || (!$this->input[$k] && $field['type']!='int')){ //Required...and no data provided...
$this->errors[$k]=$field['error'];
continue;
}
//Do the actual validation based on the type.
switch(strtolower($field['type'])):
case 'integer':
case 'int':
if(!is_numeric($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'double':
if(!is_numeric($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'text':
case 'string':
if(!is_string($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'array':
if(!$this->input[$k] || !is_array($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'radio':
if(!isset($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'date': //TODO...make sure it is really in GNU date format..
if(strtotime($this->input[$k])===false)
$this->errors[$k]=$field['error'];
break;
case 'time': //TODO...make sure it is really in GNU time format..
break;
case 'phone':
case 'fax':
if(!$this->is_phone($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'email':
if(!$this->is_email($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'url':
if(!$this->is_url($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'password':
if(strlen($this->input[$k])<5)
$this->errors[$k]=$field['error'].' (5 chars min)';
break;
case 'username':
if(strlen($this->input[$k])<2)
$this->errors[$k]=$field['error'].' (2 chars min)';
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
break;
case 'zipcode':
if(!is_numeric($this->input[$k]) || (strlen($this->input[$k])!=5))
$this->errors[$k]=$field['error'];
break;
default://If param type is not set...or handle..error out...
$this->errors[$k]=$field['error'].' (type not set)';
endswitch;
}
return ($this->errors)?(FALSE):(TRUE);
}
function iserror(){
return $this->errors?true:false;
}
function errors(){
return $this->errors;
}
/*** Functions below can be called directly without class instance. Validator::func(var..); ***/
function is_email($email) {
return (preg_match('/^([*+!.&#$|\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})$/i',trim(stripslashes($email))));
}
function is_phone($phone) {
/* We're not really validating the phone number but just making sure it doesn't contain illegal chars and of acceptable len */
$stripped=preg_replace("(\(|\)|\-|\+|[ ]+)","",$phone);
return (!is_numeric($stripped) || ((strlen($stripped)<7) || (strlen($stripped)>16)))?false:true;
}
function is_url($url) { //Thanks to 4ice for the fix.
$urlregex = "^(https?)\:\/\/";
// USER AND PASS (optional)
$urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)?"; # nolint
// http://x = allowed (ex. http://localhost, http://routerlogin)
$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)*"; # nolint
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)+"; // http://x.x = minimum
//$urlregex .= "([a-z0-9+\$_-]+\.)*[a-z0-9+\$_-]{2,3}"; // http://x.xx(x) = minimum
//use only one of the above
// PORT (optional)
$urlregex .= "(\:[0-9]{2,5})?";
// PATH (optional)
$urlregex .= "(\/([a-z0-9+\$_-]\.?)+)*\/?"; # nolint
$urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)?"; # nolint
$urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)?\$"; # nolint
return eregi($urlregex, $url)?true:false;
}
function is_ip($ip) {
if(!$ip or empty($ip))
return false;
$ip=trim($ip);
# Thanks to http://stackoverflow.com/a/1934546
if (function_exists('inet_pton')) { # PHP 5.1.0
# Let the built-in library parse the IP address
return @inet_pton($ip) !== false;
} else if (preg_match(
'/^(?>(?>([a-f0-9]{1,4})(?>:(?1)){7}|(?!(?:.*[a-f0-9](?>:|$)){7,})'
.'((?1)(?>:(?1)){0,5})?::(?2)?)|(?>(?>(?1)(?>:(?1)){5}:|(?!(?:.*[a-f0-9]:){5,})'
.'(?3)?::(?>((?1)(?>:(?1)){0,3}):)?)?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])'
.'(?>\.(?4)){3}))$/iD', $ip)) {
return true;
}
return false;
}
function process($fields,$vars,&$errors){
$val = new Validator();
$val->setFields($fields);
if(!$val->validate($vars))
$errors=array_merge($errors,$val->errors());
return (!$errors);
}
}
?>