[144] | 1 | <?php |
---|
| 2 | /** |
---|
[362] | 3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
| 4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
[396] | 5 | * Copyright 2001-2012 Strangecode, LLC |
---|
[457] | 6 | * |
---|
[362] | 7 | * This file is part of The Strangecode Codebase. |
---|
| 8 | * |
---|
| 9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
| 10 | * modify it under the terms of the GNU General Public License as published by the |
---|
| 11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
| 12 | * any later version. |
---|
[457] | 13 | * |
---|
[362] | 14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
| 15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
| 17 | * details. |
---|
[457] | 18 | * |
---|
[362] | 19 | * You should have received a copy of the GNU General Public License along with |
---|
| 20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
| 21 | */ |
---|
| 22 | |
---|
| 23 | /** |
---|
[144] | 24 | * Validator.inc.php |
---|
| 25 | * |
---|
[457] | 26 | * The Validator class provides a methods for validating input against different criteria. |
---|
[144] | 27 | * All functions return true if the input passes the test. |
---|
| 28 | * |
---|
| 29 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 30 | * @version 1.0 |
---|
| 31 | */ |
---|
| 32 | |
---|
[502] | 33 | class Validator |
---|
| 34 | { |
---|
[144] | 35 | |
---|
[468] | 36 | // Known credit card types. |
---|
| 37 | const CC_TYPE_VISA = 1; |
---|
| 38 | const CC_TYPE_MASTERCARD = 2; |
---|
| 39 | const CC_TYPE_AMEX = 3; |
---|
| 40 | const CC_TYPE_DISCOVER = 4; |
---|
| 41 | const CC_TYPE_DINERS = 5; |
---|
| 42 | const CC_TYPE_JCB = 6; |
---|
[144] | 43 | |
---|
[468] | 44 | // Validator::validateEmail() return types. |
---|
| 45 | const EMAIL_SUCCESS = 0; |
---|
| 46 | const EMAIL_REGEX_FAIL = 1; |
---|
| 47 | const EMAIL_LENGTH_FAIL = 2; |
---|
| 48 | const EMAIL_MX_FAIL = 3; |
---|
[144] | 49 | |
---|
[468] | 50 | // Validator::validatePhone() return types. |
---|
| 51 | const PHONE_SUCCESS = 0; |
---|
| 52 | const PHONE_REGEX_FAIL = 1; |
---|
| 53 | const PHONE_LENGTH_FAIL = 2; |
---|
| 54 | |
---|
[144] | 55 | /** |
---|
[490] | 56 | * Check if a value is not empty (just the opposite of isEmpty()). |
---|
[144] | 57 | * |
---|
| 58 | * @param string $val The input data to validate. |
---|
| 59 | * @return bool true if form is not empty, false otherwise. |
---|
| 60 | */ |
---|
[468] | 61 | static public function notEmpty($val) |
---|
[144] | 62 | { |
---|
[490] | 63 | return !self::isEmpty($val); |
---|
[144] | 64 | } |
---|
| 65 | |
---|
| 66 | /** |
---|
[490] | 67 | * Check if a value is empty. |
---|
[144] | 68 | * |
---|
| 69 | * @param string $val The input data to validate. |
---|
| 70 | * @return bool true if form is empty, false otherwise. |
---|
| 71 | */ |
---|
[468] | 72 | static public function isEmpty($val) |
---|
[144] | 73 | { |
---|
[490] | 74 | if (is_array($val)) { |
---|
| 75 | return empty($val); |
---|
| 76 | } else { |
---|
| 77 | return '' == trim((string)$val); |
---|
| 78 | } |
---|
[144] | 79 | } |
---|
| 80 | |
---|
| 81 | /** |
---|
| 82 | * Check whether input is a string. |
---|
| 83 | * |
---|
| 84 | * @param string $val The input data to validate. |
---|
| 85 | * @return bool true if form is a string, false otherwise. |
---|
| 86 | */ |
---|
[468] | 87 | static public function isString($val) |
---|
[144] | 88 | { |
---|
| 89 | return '' == trim((string)$val) || is_string($val); |
---|
| 90 | } |
---|
| 91 | |
---|
| 92 | /** |
---|
| 93 | * Check whether input is a number. Allows negative numbers. |
---|
| 94 | * |
---|
| 95 | * @param string $val The input data to validate. |
---|
| 96 | * @return bool True if no errors found, false otherwise. |
---|
| 97 | */ |
---|
[468] | 98 | static public function isNumber($val) |
---|
[144] | 99 | { |
---|
| 100 | return '' == trim((string)$val) || is_numeric($val); |
---|
| 101 | } |
---|
| 102 | |
---|
| 103 | /** |
---|
| 104 | * addError if input is NOT an integer. Don't just use is_int() because the |
---|
| 105 | * data coming from the user is *really* a string. |
---|
| 106 | * |
---|
| 107 | * @param string $val The input data to validate. |
---|
| 108 | * @return bool true if value is an integer |
---|
| 109 | */ |
---|
[468] | 110 | static public function isInteger($val, $negative_ok=false) |
---|
[144] | 111 | { |
---|
| 112 | $pattern = $negative_ok ? '/^-?[[:digit:]]+$/' : '/^[[:digit:]]+$/'; |
---|
| 113 | return '' == trim((string)$val) || (is_numeric($val) && preg_match($pattern, $val)); |
---|
| 114 | } |
---|
| 115 | |
---|
| 116 | /** |
---|
| 117 | * Check whether input is a float. Don't just use is_float() because the |
---|
| 118 | * data coming from the user is *really* a string. Integers will also |
---|
| 119 | * pass this test. |
---|
| 120 | * |
---|
| 121 | * @param string $val The input data to validate. |
---|
| 122 | * @return bool true if value is a float |
---|
| 123 | */ |
---|
[468] | 124 | static public function isFloat($val, $negative_ok=false) |
---|
[144] | 125 | { |
---|
| 126 | $pattern = $negative_ok ? '/^-?[[:digit:]]*(?:\.?[[:digit:]]+)$/' : '/^[[:digit:]]*(?:\.?[[:digit:]]+)$/'; |
---|
| 127 | return '' == trim((string)$val) || (is_numeric($val) && preg_match($pattern, $val)); |
---|
| 128 | } |
---|
| 129 | |
---|
| 130 | /** |
---|
| 131 | * Check whether input is an array. |
---|
| 132 | * |
---|
| 133 | * @param string $val The input data to validate. |
---|
| 134 | * @return bool true if value is a float |
---|
| 135 | */ |
---|
[468] | 136 | static public function isArray($val) |
---|
[144] | 137 | { |
---|
| 138 | return (is_string($val) && '' == trim((string)$val)) || is_array($val); |
---|
| 139 | } |
---|
| 140 | |
---|
| 141 | /** |
---|
| 142 | * Check whether input matches the specified perl regular expression |
---|
| 143 | * pattern. |
---|
| 144 | * |
---|
| 145 | * @param string $val The input data to validate. |
---|
| 146 | * @param int $regex PREG that the string must match |
---|
[366] | 147 | * @param bool $valid_on_match Set to true to be valid if match, or false to be valid if the match fails. |
---|
[144] | 148 | * @return bool true if value passes regex test |
---|
| 149 | */ |
---|
[468] | 150 | static public function checkRegex($val, $regex, $valid_on_match=true) |
---|
[144] | 151 | { |
---|
| 152 | return $valid_on_match ? preg_match($regex, $val) : !preg_match($regex, $val); |
---|
| 153 | } |
---|
| 154 | |
---|
| 155 | /** |
---|
| 156 | * Tests if the string length is between specified values. Whitespace excluded for min. |
---|
| 157 | * |
---|
| 158 | * @param string $val The input data to validate. |
---|
| 159 | * @param int $min minimum length of string, inclusive |
---|
| 160 | * @param int $max maximum length of string, inclusive |
---|
| 161 | * @return bool true if string length is within given boundaries |
---|
| 162 | */ |
---|
[468] | 163 | static public function stringLength($val, $min, $max) |
---|
[144] | 164 | { |
---|
[500] | 165 | return mb_strlen((string)$val) >= $min && mb_strlen((string)$val) <= $max; |
---|
[144] | 166 | } |
---|
| 167 | |
---|
| 168 | /** |
---|
| 169 | * Check whether input is within a valid numeric range. |
---|
| 170 | * |
---|
| 171 | * @param string $val The input data to validate. |
---|
| 172 | * @param int $min minimum value of number, inclusive |
---|
| 173 | * @param int $max maximum value of number, inclusive |
---|
| 174 | * @return bool True if no errors found, false otherwise. |
---|
| 175 | */ |
---|
[468] | 176 | static public function numericRange($val, $min, $max) |
---|
[144] | 177 | { |
---|
| 178 | return '' == trim((string)$val) || (is_numeric($val) && $val >= $min && $val <= $max); |
---|
| 179 | } |
---|
| 180 | |
---|
| 181 | /** |
---|
| 182 | * Validates an email address based on the recommendations in RFC 3696. |
---|
| 183 | * Is more loose than restrictive, to allow the many valid variants of |
---|
| 184 | * email addresses while catching the most common mistakes. |
---|
| 185 | * http://www.faqs.org/rfcs/rfc822.html |
---|
| 186 | * http://www.faqs.org/rfcs/rfc2822.html |
---|
| 187 | * http://www.faqs.org/rfcs/rfc3696.html |
---|
| 188 | * http://www.faqs.org/rfcs/rfc1035.html |
---|
| 189 | * |
---|
| 190 | * @access public |
---|
[415] | 191 | * @param string $val The input data to validate.. |
---|
[468] | 192 | * @param bool $strict Do we run strict tests? |
---|
| 193 | * @return const One of the constant values: Validate::EMAIL_SUCCESS|Validate::EMAIL_REGEX_FAIL|Validate::EMAIL_LENGTH_FAIL|Validate::EMAIL_MX_FAIL |
---|
[144] | 194 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 195 | */ |
---|
[468] | 196 | static public function validateEmail($val, $strict=false) |
---|
[144] | 197 | { |
---|
| 198 | require_once 'codebase/lib/Email.inc.php'; |
---|
| 199 | $e = new Email(); |
---|
| 200 | |
---|
| 201 | // Test email address format. |
---|
| 202 | if (!preg_match($e->getParam('regex'), $val, $e_parts)) { |
---|
[468] | 203 | return self::EMAIL_REGEX_FAIL; |
---|
[144] | 204 | } |
---|
[457] | 205 | |
---|
[144] | 206 | // We have a match! Here are the captured subpatterns, on which further tests are run. |
---|
[457] | 207 | // The part before the @. |
---|
[144] | 208 | $local = $e_parts[2]; |
---|
| 209 | |
---|
[457] | 210 | // The part after the @. |
---|
[144] | 211 | // If domain is an IP [XXX.XXX.XXX.XXX] strip off the brackets. |
---|
[247] | 212 | $domain = $e_parts[3]{0} == '[' ? mb_substr($e_parts[3], 1, -1) : $e_parts[3]; |
---|
[144] | 213 | |
---|
| 214 | // Test length. |
---|
[247] | 215 | if (mb_strlen($local) > 64 || mb_strlen($domain) > 191) { |
---|
[468] | 216 | return self::EMAIL_LENGTH_FAIL; |
---|
[144] | 217 | } |
---|
| 218 | |
---|
[468] | 219 | // Strict tests below. |
---|
| 220 | |
---|
| 221 | // Check domain exists: It's a domain if ip2long fails; checkdnsrr ensures a MX record exists; gethostbyname() ensures the domain exists. |
---|
| 222 | if ($strict && ip2long($domain) === false && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) { |
---|
| 223 | return self::EMAIL_MX_FAIL; |
---|
[144] | 224 | } |
---|
| 225 | |
---|
[468] | 226 | return self::EMAIL_SUCCESS; |
---|
[144] | 227 | } |
---|
| 228 | |
---|
| 229 | /** |
---|
[468] | 230 | * Check whether input is a valid phone number. Notice: it is now set |
---|
| 231 | * to allow characters like - or () or + so people can type in a phone |
---|
| 232 | * number that looks like: +1 (530) 555-1212 |
---|
| 233 | * |
---|
| 234 | * @param string $form_name the name of the incoming form variable |
---|
| 235 | * |
---|
| 236 | * @return bool true if no errors found, false otherwise |
---|
| 237 | */ |
---|
| 238 | static public function validatePhone($val) |
---|
| 239 | { |
---|
| 240 | if (!self::checkRegex($val, '/^[0-9 +().-]*$/', true)) { |
---|
| 241 | return self::PHONE_REGEX_FAIL; |
---|
| 242 | } |
---|
| 243 | if (!self::stringLength($val, 0, 25)) { |
---|
| 244 | return self::PHONE_LENGTH_FAIL; |
---|
| 245 | } |
---|
| 246 | return self::PHONE_SUCCESS; |
---|
| 247 | } |
---|
| 248 | |
---|
| 249 | /** |
---|
[144] | 250 | * Verifies that date can be processed by the strtotime function. |
---|
[459] | 251 | * Empty strings are considered valid. Other values are tested on their return value from strtotime(). Null values will fail. |
---|
[144] | 252 | * |
---|
| 253 | * @param string $val The input data to validate. |
---|
| 254 | * @return bool True if no errors found, false otherwise. |
---|
| 255 | */ |
---|
[468] | 256 | static public function validateStrDate($val) |
---|
[144] | 257 | { |
---|
[479] | 258 | if (is_string($val) && '' === trim($val)) { |
---|
| 259 | // Don't be too bothered about empty strings. |
---|
| 260 | return true; |
---|
| 261 | } |
---|
[281] | 262 | |
---|
[144] | 263 | $timestamp = strtotime($val); |
---|
[457] | 264 | if (!$timestamp || $timestamp < 1) { |
---|
[144] | 265 | return false; |
---|
| 266 | } else { |
---|
| 267 | return true; |
---|
| 268 | } |
---|
| 269 | } |
---|
| 270 | |
---|
| 271 | /** |
---|
[279] | 272 | * Verifies credit card number using the Luhn (mod 10) algorithm. |
---|
| 273 | * http://en.wikipedia.org/wiki/Luhn_algorithm |
---|
[144] | 274 | * |
---|
| 275 | * @param string $val The input data to validate.. |
---|
| 276 | * @param string $cc_num Card number to verify. |
---|
| 277 | * @param string $cc_type Optional, card type to do specific checks. |
---|
| 278 | * @return bool True if no errors found, false otherwise. |
---|
| 279 | */ |
---|
[468] | 280 | static public function validateCCNumber($val, $cc_type=null) |
---|
| 281 | { |
---|
| 282 | // Get rid of any non-digits |
---|
| 283 | $cc_num = preg_replace('/[^\d]/', '', $val); |
---|
[144] | 284 | |
---|
[468] | 285 | // Perform card-specific checks, if applicable |
---|
| 286 | switch ($cc_type) { |
---|
| 287 | case self::CC_TYPE_VISA : |
---|
| 288 | $regex = '/^4\d{15}$|^4\d{12}$/'; |
---|
| 289 | break; |
---|
| 290 | case self::CC_TYPE_MASTERCARD : |
---|
| 291 | $regex = '/^5[1-5]\d{14}$/'; |
---|
| 292 | break; |
---|
| 293 | case self::CC_TYPE_AMEX : |
---|
| 294 | $regex = '/^3[47]\d{13}$/'; |
---|
| 295 | break; |
---|
| 296 | case self::CC_TYPE_DISCOVER : |
---|
| 297 | $regex = '/^6011\d{12}$/'; |
---|
| 298 | break; |
---|
| 299 | case self::CC_TYPE_DINERS : |
---|
| 300 | $regex = '/^30[0-5]\d{11}$|^3[68]\d{12}$/'; |
---|
| 301 | break; |
---|
| 302 | case self::CC_TYPE_JCB : |
---|
| 303 | $regex = '/^3\d{15}$|^2131|1800\d{11}$/'; |
---|
| 304 | break; |
---|
| 305 | default : |
---|
[470] | 306 | $regex = '/\d{13,}/'; |
---|
[468] | 307 | break; |
---|
| 308 | } |
---|
[457] | 309 | |
---|
[468] | 310 | if ('' != $regex && !preg_match($regex, $cc_num)) { |
---|
| 311 | // Invalid format. |
---|
| 312 | return false; |
---|
| 313 | } |
---|
[144] | 314 | |
---|
[468] | 315 | // The Luhn formula works right to left, so reverse the number. |
---|
| 316 | $cc_num = strrev($cc_num); |
---|
[144] | 317 | |
---|
[468] | 318 | $luhn_total = 0; |
---|
[144] | 319 | |
---|
[468] | 320 | $num = mb_strlen($cc_num); |
---|
| 321 | for ($i=0; $i<$num; $i++) { |
---|
| 322 | // Get each digit. |
---|
| 323 | $digit = mb_substr($cc_num, $i, 1); |
---|
[144] | 324 | |
---|
[468] | 325 | // If it's an odd digit, double it. |
---|
| 326 | if ($i / 2 != floor($i / 2)) { |
---|
| 327 | $digit *= 2; |
---|
| 328 | } |
---|
[144] | 329 | |
---|
[468] | 330 | // If the result is two digits, add them. |
---|
| 331 | if (mb_strlen($digit) == 2) { |
---|
| 332 | $digit = mb_substr($digit, 0, 1) + mb_substr($digit, 1, 1); |
---|
| 333 | } |
---|
[144] | 334 | |
---|
[468] | 335 | // Add the current digit to the $luhn_total. |
---|
| 336 | $luhn_total += $digit; |
---|
| 337 | } |
---|
[144] | 338 | |
---|
[468] | 339 | // If the Total is evenly divisible by 10, it's cool! |
---|
| 340 | return $luhn_total % 10 == 0; |
---|
| 341 | } |
---|
[144] | 342 | |
---|
| 343 | /** |
---|
| 344 | * Check whether a file was selected for uploading. If file is missing, it's an error. |
---|
| 345 | * |
---|
| 346 | * @param string $form_name The input data to validate. |
---|
| 347 | * @return bool True if no errors found, false otherwise. |
---|
| 348 | */ |
---|
[468] | 349 | static public function fileUploaded($form_name) |
---|
[144] | 350 | { |
---|
[200] | 351 | if (!isset($_FILES[$form_name]['name']) || empty($_FILES[$form_name]['name'])) { |
---|
[169] | 352 | return false; |
---|
| 353 | } |
---|
[457] | 354 | |
---|
[200] | 355 | if (is_array($_FILES[$form_name]['name'])) { |
---|
| 356 | foreach($_FILES[$form_name]['name'] as $f) { |
---|
[169] | 357 | if ('' == $f) { |
---|
| 358 | return false; |
---|
| 359 | } |
---|
| 360 | } |
---|
| 361 | } else { |
---|
[200] | 362 | if ('' == $_FILES[$form_name]['name']) { |
---|
[169] | 363 | return false; |
---|
| 364 | } |
---|
| 365 | } |
---|
[457] | 366 | |
---|
[169] | 367 | return true; |
---|
[144] | 368 | } |
---|
| 369 | |
---|
[487] | 370 | /* |
---|
| 371 | * Check if the amount of content sent by the browser exceeds the upload_max_filesize value configured in php.ini. |
---|
| 372 | * http://stackoverflow.com/a/24202363 |
---|
| 373 | * |
---|
| 374 | * @access public |
---|
| 375 | * @param string $form_name The input data to validate. |
---|
| 376 | * @return bool True if no errors found, false otherwise. |
---|
| 377 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 378 | * @version 1.0 |
---|
| 379 | * @since 20 Aug 2014 14:44:23 |
---|
| 380 | */ |
---|
| 381 | static public function fileUploadSize($form_name) |
---|
| 382 | { |
---|
| 383 | $upload_max_filesize = phpIniGetBytes('upload_max_filesize'); |
---|
| 384 | if (isset($_SERVER['CONTENT_LENGTH']) && 0 != $upload_max_filesize && $_SERVER['CONTENT_LENGTH'] > $upload_max_filesize) { |
---|
| 385 | return false; |
---|
| 386 | } |
---|
| 387 | return true; |
---|
| 388 | } |
---|
| 389 | |
---|
[144] | 390 | } // THE END |
---|
| 391 | |
---|