source: trunk/lib/Validator.inc.php @ 534

<?php
/**
 * The Strangecode Codebase - a general application development framework for PHP
 * For details visit the project site: <http://trac.strangecode.com/codebase/>
 * Copyright 2001-2012 Strangecode, LLC
 *
 * This file is part of The Strangecode Codebase.
 *
 * The Strangecode Codebase is free software: you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published by the
 * Free Software Foundation, either version 3 of the License, or (at your option)
 * any later version.
 *
 * The Strangecode Codebase is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * Validator.inc.php
 *
 * The Validator class provides a methods for validating input against different criteria.
 * All functions return true if the input passes the test.
 *
 * @author    Quinn Comendant <quinn@strangecode.com>
 * @version   1.0
 */

class Validator
{

    // Known credit card types.
    const CC_TYPE_VISA = 1;
    const CC_TYPE_MASTERCARD = 2;
    const CC_TYPE_AMEX = 3;
    const CC_TYPE_DISCOVER = 4;
    const CC_TYPE_DINERS = 5;
    const CC_TYPE_JCB = 6;

    // Validator::validateEmail() return types.
    const EMAIL_SUCCESS = 0;
    const EMAIL_REGEX_FAIL = 1;
    const EMAIL_LENGTH_FAIL = 2;
    const EMAIL_MX_FAIL = 3;

    // Validator::validatePhone() return types.
    const PHONE_SUCCESS = 0;
    const PHONE_REGEX_FAIL = 1;
    const PHONE_LENGTH_FAIL = 2;

    /**
     * Check if a value is not empty (just the opposite of isEmpty()).
     *
     * @param  string $val The input data to validate.
     * @return bool   true if form is not empty, false otherwise.
     */
    static public function notEmpty($val)
    {
        return !self::isEmpty($val);
    }

    /**
     * Check if a value is empty.
     *
     * @param  string $val The input data to validate.
     * @return bool   true if form is empty, false otherwise.
     */
    static public function isEmpty($val)
    {
        if (is_array($val)) {
            return empty($val);
        } else {
            return '' == trim((string)$val);
        }
    }

    /**
     * Check whether input is a string.
     *
     * @param  string $val The input data to validate.
     * @return bool   true if form is a string, false otherwise.
     */
    static public function isString($val)
    {
        return '' == trim((string)$val) || is_string($val);
    }

    /**
     * Check whether input is a number. Allows negative numbers.
     *
     * @param  string $val The input data to validate.
     * @return bool   True if no errors found, false otherwise.
     */
    static public function isNumber($val)
    {
        return '' == trim((string)$val) || is_numeric($val);
    }

    /**
     * addError if input is NOT an integer. Don't just use is_int() because the
     * data coming from the user is *really* a string.
     *
     * @param  string $val The input data to validate.
     * @return bool   true if value is an integer
     */
    static public function isInteger($val, $negative_ok=false)
    {
        $pattern = $negative_ok ? '/^-?[[:digit:]]+$/' : '/^[[:digit:]]+$/';
        return '' == trim((string)$val) || (is_numeric($val) && preg_match($pattern, $val));
    }

    /**
     * Check whether input is a float. Don't just use is_float() because the
     * data coming from the user is *really* a string. Integers will also
     * pass this test.
     *
     * @param  string $val The input data to validate.
     * @param  bool $negative_ok  If the value can be unsigned.
     * @return bool   true if value is a float
     */
    static public function isFloat($val, $negative_ok=false)
    {
        $pattern = $negative_ok ? '/^-?[[:digit:]]*(?:\.?[[:digit:]]+)$/' : '/^[[:digit:]]*(?:\.?[[:digit:]]+)$/';
        return '' == trim((string)$val) || (is_numeric($val) && preg_match($pattern, $val));
    }

    /**
     * Check whether input is a Decimal or Fixed type. Check values to be stored in mysql decimal, numeric, num, or fixed types.
     * Note: some integers and floats will also pass this test.
     * https://dev.mysql.com/doc/refman/5.5/en/fixed-point-types.html
     *
     * @param  string $val The input data to validate.
     * @param  bool $negative_ok  If the value can be unsigned.
     * @param  int  $max    Total max number of digits (for mysql max is 65).
     * @param  int  $dec    Total max number of digits after the decimal place (for mysql max is 30).
     * @return bool   true if value is a float
     */
    static public function isDecimal($val, $negative_ok=false, $max=10, $dec=2)
    {
        if ('' == trim((string)$val)) {
            return true;
        }
        if (!$negative_ok && is_numeric($val) && $val < 0) {
            return false;
        }
        // Get the length of the part after any decimal point, or zero.
        $num_parts = explode('.', $val);
        $dec_count = sizeof($num_parts) <= 1 ? 0 : mb_strlen(end($num_parts));
        // Must be numeric, total digits <= $max, dec digits <= $dec.
        return is_numeric($val) && mb_strlen(str_replace(['-', '.'], '', $val)) <= $max && $dec_count <= $dec;
    }

    /**
     * Check whether input is an array.
     *
     * @param  string $val The input data to validate.
     * @return bool   true if value is a float
     */
    static public function isArray($val)
    {
        return (is_string($val) && '' == trim((string)$val)) || is_array($val);
    }

    /**
     * Check whether input matches the specified perl regular expression
     * pattern.
     *
     * @param  string $val The input data to validate.
     * @param  int    $regex            PREG that the string must match
     * @param  bool   $valid_on_match   Set to true to be valid if match, or false to be valid if the match fails.
     * @return bool   true if value passes regex test
     */
    static public function checkRegex($val, $regex, $valid_on_match=true)
    {
        return $valid_on_match ? preg_match($regex, $val) : !preg_match($regex, $val);
    }

    /**
     * Tests if the string length is between specified values. Whitespace excluded for min.
     *
     * @param  string $val The input data to validate.
     * @param  int    $min       minimum length of string, inclusive
     * @param  int    $max       maximum length of string, inclusive
     * @return bool   true if string length is within given boundaries
     */
    static public function stringLength($val, $min, $max)
    {
        return mb_strlen((string)$val) >= $min && mb_strlen((string)$val) <= $max;
    }

    /**
     * Check whether input is within a valid numeric range.
     *
     * @param  string $val The input data to validate.
     * @param  int    $min       minimum value of number, inclusive
     * @param  int    $max       maximum value of number, inclusive
     * @return bool   True if no errors found, false otherwise.
     */
    static public function numericRange($val, $min, $max)
    {
        return '' == trim((string)$val) || (is_numeric($val) && $val >= $min && $val <= $max);
    }

    /**
     * Validates an email address based on the recommendations in RFC 3696.
     * Is more loose than restrictive, to allow the many valid variants of
     * email addresses while catching the most common mistakes.
     * http://www.faqs.org/rfcs/rfc822.html
     * http://www.faqs.org/rfcs/rfc2822.html
     * http://www.faqs.org/rfcs/rfc3696.html
     * http://www.faqs.org/rfcs/rfc1035.html
     *
     * @access  public
     * @param   string  $val    The input data to validate..
     * @param   bool    $strict Do we run strict tests?
     * @return  const           One of the constant values: Validate::EMAIL_SUCCESS|Validate::EMAIL_REGEX_FAIL|Validate::EMAIL_LENGTH_FAIL|Validate::EMAIL_MX_FAIL
     * @author  Quinn Comendant <quinn@strangecode.com>
     */
    static public function validateEmail($val, $strict=false)
    {
        require_once 'codebase/lib/Email.inc.php';
        $e = new Email();

        // Test email address format.
        if (!preg_match($e->getParam('regex'), $val, $e_parts)) {
            return self::EMAIL_REGEX_FAIL;
        }

        // We have a match! Here are the captured subpatterns, on which further tests are run.
        // The part before the @.
        $local = $e_parts[2];

        // The part after the @.
        // If domain is an IP [XXX.XXX.XXX.XXX] strip off the brackets.
        $domain = $e_parts[3]{0} == '[' ? mb_substr($e_parts[3], 1, -1) : $e_parts[3];

        // Test length.
        if (mb_strlen($local) > 64 || mb_strlen($domain) > 191) {
            return self::EMAIL_LENGTH_FAIL;
        }

        // Strict tests below.

        // Check domain exists: It's a domain if ip2long fails; checkdnsrr ensures a MX record exists; gethostbyname() ensures the domain exists.
        if ($strict && ip2long($domain) === false && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) {
            return self::EMAIL_MX_FAIL;
        }

        return self::EMAIL_SUCCESS;
    }

    /**
     * Check whether input is a valid phone number. Notice: it is now set
     * to allow characters like - or () or + so people can type in a phone
     * number that looks like: +1 (530) 555-1212
     *
     * @param  string  $form_name the name of the incoming form variable
     *
     * @return bool    true if no errors found, false otherwise
     */
    static public function validatePhone($val)
    {
        if (!self::checkRegex($val, '/^[0-9 +().-]*$/', true)) {
            return self::PHONE_REGEX_FAIL;
        }
        if (!self::stringLength($val, 0, 25)) {
            return self::PHONE_LENGTH_FAIL;
        }
        return self::PHONE_SUCCESS;
    }

    /**
     * Verifies that date can be processed by the strtotime function.
     * Empty strings are considered valid. Other values are tested on their return value from strtotime(). Null values will fail.
     *
     * @param  string  $val The input data to validate.
     * @return bool    True if no errors found, false otherwise.
     */
    static public function validateStrDate($val)
    {
        if (is_string($val) && '' === trim($val)) {
            // Don't be too bothered about empty strings.
            return true;
        }

        $timestamp = strtotime($val);
        if (!$timestamp || $timestamp < 1) {
            return false;
        } else {
            return true;
        }
    }

    /*
    * Checks if value is a "zero" SQL DATE, DATETIME, or TIMESTAMP value (or simply empty).
    *
    * @access   public
    * @param    string  $val    String to check.
    * @return   bool            True if value is an empty date.
    * @author   Quinn Comendant <quinn@strangecode.com>
    * @version  1.0
    * @since    19 May 2015 09:57:27
    */
    static public function isEmptyDate($val)
    {
        if (empty($val) || '0000-00-00 00:00:00' == $val || '0000-00-00' == $val || '00:00:00' == $val) {
            return true;
        }
        return false;
    }

    /**
     * Verifies credit card number using the Luhn (mod 10) algorithm.
     * http://en.wikipedia.org/wiki/Luhn_algorithm
     *
     * @param  string  $val   The input data to validate..
     * @param  string  $cc_num      Card number to verify.
     * @param  string  $cc_type     Optional, card type to do specific checks.
     * @return bool    True if no errors found, false otherwise.
     */
    static public function validateCCNumber($val, $cc_type=null)
    {
        // Get rid of any non-digits
        $cc_num = preg_replace('/[^\d]/', '', $val);

        // Perform card-specific checks, if applicable
        switch ($cc_type) {
        case self::CC_TYPE_VISA :
            $regex = '/^4\d{15}$|^4\d{12}$/';
            break;
        case self::CC_TYPE_MASTERCARD :
            $regex = '/^5[1-5]\d{14}$/';
            break;
        case self::CC_TYPE_AMEX :
            $regex = '/^3[47]\d{13}$/';
            break;
        case self::CC_TYPE_DISCOVER :
            $regex = '/^6011\d{12}$/';
            break;
        case self::CC_TYPE_DINERS :
            $regex = '/^30[0-5]\d{11}$|^3[68]\d{12}$/';
            break;
        case self::CC_TYPE_JCB :
            $regex = '/^3\d{15}$|^2131|1800\d{11}$/';
            break;
        default :
            $regex = '/\d{13,}/';
            break;
        }

        if ('' != $regex && !preg_match($regex, $cc_num)) {
            // Invalid format.
            return false;
        }

        // The Luhn formula works right to left, so reverse the number.
        $cc_num = strrev($cc_num);

        $luhn_total = 0;

        $num = mb_strlen($cc_num);
        for ($i=0; $i<$num; $i++) {
            // Get each digit.
            $digit = mb_substr($cc_num, $i, 1);

            //  If it's an odd digit, double it.
            if ($i / 2 != floor($i / 2)) {
                $digit *= 2;
            }

            //  If the result is two digits, add them.
            if (mb_strlen($digit) == 2) {
                $digit = mb_substr($digit, 0, 1) + mb_substr($digit, 1, 1);
            }

            //  Add the current digit to the $luhn_total.
            $luhn_total += $digit;
        }

        // If the Total is evenly divisible by 10, it's cool!
        return $luhn_total % 10 == 0;
    }

    /**
     * Check whether a file was selected for uploading. If file is missing, it's an error.
     *
     * @param  string $form_name The input data to validate.
     * @return bool   True if no errors found, false otherwise.
     */
    static public function fileUploaded($form_name)
    {
        if (!isset($_FILES[$form_name]['name']) || empty($_FILES[$form_name]['name'])) {
            return false;
        }

        if (is_array($_FILES[$form_name]['name'])) {
            foreach($_FILES[$form_name]['name'] as $f) {
                if ('' == $f) {
                    return false;
                }
            }
        } else {
            if ('' == $_FILES[$form_name]['name']) {
                return false;
            }
        }

        return true;
    }

    /*
    * Check if the amount of content sent by the browser exceeds the upload_max_filesize value configured in php.ini.
    * http://stackoverflow.com/a/24202363
    *
    * @access   public
    * @param    string $form_name The input data to validate.
    * @return   bool   True if no errors found, false otherwise.
    * @author   Quinn Comendant <quinn@strangecode.com>
    * @version  1.0
    * @since    20 Aug 2014 14:44:23
    */
    static public function fileUploadSize($form_name)
    {
        $upload_max_filesize = phpIniGetBytes('upload_max_filesize');
        if (isset($_SERVER['CONTENT_LENGTH']) && 0 != $upload_max_filesize && $_SERVER['CONTENT_LENGTH'] > $upload_max_filesize) {
            return false;
        }
        return true;
    }

} // THE END