Changeset 568 for branches/1.1dev/lib

Timestamp:

Oct 29, 2016 2:15:08 AM (8 years ago)

Author:

anonymous

Message:

Backported improvements of email domain validation.

File:

• branches/1.1dev/lib/FormValidator.inc.php (modified) (24 diffs)

branches/1.1dev/lib/FormValidator.inc.php

@@ -1 +1 @@
 <?php
 /**
- * FormValidator.inc.php 
+ * FormValidator.inc.php
  * Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information
  */
- 
+
 //     Examples of use:
 //
@@ -35 +35 @@
 class FormValidator
 {
-    
+
     /**
      * Array filling with errors. The key will be the name of the form where
@@ -41 +41 @@
      */
     var $errors = array();
-    
+
     /**
      * Return the current list of errors.
@@ -53 +53 @@
         return $this->errors;
     }
-    
+
     /**
      * Add an error to the errors stack.
@@ -74 +74 @@
         );
     }
-    
+
     /**
      * Check whether any errors have been triggered.
@@ -80 +80 @@
      * @param  string $form_name the name of the incoming form variable
      *
-     * @return bool   true if any errors were found, or if found for 
+     * @return bool   true if any errors were found, or if found for
      *                a variable of $form_name, false otherwise
      */
@@ -88 +88 @@
             foreach ($this->errors as $err) {
                 if ($err['name'] == $form_name) {
-                    return true;   
+                    return true;
                 }
             }
@@ -134 +134 @@
     function notEmpty($form_name, $msg='')
     {
-    
+
         $val = getFormData($form_name);
         if (is_array($val)) {
@@ -143 +143 @@
                 return false;
             }
-        } else {            
+        } else {
             if (trim($val) != '') {
                 $this->addError($form_name, $msg);
@@ -171 +171 @@
                 return false;
             }
-        } else {            
+        } else {
             if (trim($val) == '') {
                 $this->addError($form_name, $msg);
@@ -242 +242 @@
     /**
      * Check whether input is a float. Don't just use is_float() because the
-     * data coming from the user is *really* a string. Integers will also 
+     * data coming from the user is *really* a string. Integers will also
      * pass this test.
      *
@@ -280 +280 @@
         }
     }
-    
+
     /**
      * Check whether input matches the specified perl regular expression
-     * pattern. 
+     * pattern.
      *
      * @param  string $form_name the name of the incoming form variable
@@ -312 +312 @@
         }
     }
-    
+
     /**
      * Tests if the string length is between specified values. Whitespace excluded for min.
@@ -326 +326 @@
     {
         $val = getFormData($form_name);
-        
+
         if (strlen(trim($val)) < $min || strlen($val) > $max) {
             $this->addError($form_name, $msg);
@@ -361 +361 @@
 
     /**
-     * Validates email address length, domain name existance, format.
+     * Validates email address length, domain name existence, format.
      *
      * @param  string  $form_name       The name of the incoming form variable
-     *
+     * @param   bool   $strict Run strict tests (check if the domain exists and has an MX record assigned)
      * @return bool    true if no errors found, false otherwise
      */
-    function validateEmail($form_name)
-    {        
+    function validateEmail($form_name, $strict=false)
+    {
         $email = getFormData($form_name);
         if ('' == trim($email)) {
             return false;
         }
-        
+
         $regex = '/^(?:[^,@]*\s+|[^,@]*(<)|)'                           // Display name
         . '((?:[^.<>\s@\",\[\]]+[^<>\s@\",\[\]])*[^.<>\s@\",\[\]]+)'    // Local-part
@@ -386 +386 @@
         . '|'
         . '(?:|\s*|\s+\([^,@]+\)\s*))$/i';
-        
+
         // Test email address format.
         if (!preg_match($regex, getFormData($form_name), $e_parts)) {
@@ -393 +393 @@
             return false;
         }
-        
+
         // We have a match! Here are the captured subpatterns, on which further tests are run.
-        // The part before the @. 
+        // The part before the @.
         $local = $e_parts[2];
 
-        // The part after the @. 
+        // The part after the @.
         // If domain is an IP [XXX.XXX.XXX.XXX] strip off the brackets.
         $domain = $e_parts[3]{0} == '[' ? mb_substr($e_parts[3], 1, -1) : $e_parts[3];
-        
+
         // Test length.
         if (mb_strlen($local) > 64 || mb_strlen($domain) > 191) {
@@ -408 +408 @@
             return false;
         }
-        
-        // Check domain exists: It's a domain if ip2long fails; Checkdnsrr ensures a MX record exists; Gethostbyname() ensures the domain exists.
-        // Compare ip2long twice for php4 backwards compat.
-        if ((ip2long($domain) == '-1' || ip2long($domain) === false) && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) {
-            $this->addError($form_name, sprintf(_("The email address <em>%s</em> does not have a valid domain name."), oTxt(getFormData($form_name))), MSG_ERR, __FILE__, __LINE__);
-            logMsg(sprintf('The email address %s does not have a valid domain name.', getFormData($form_name)), LOG_DEBUG, __FILE__, __LINE__);
-            return false;
-        }
-        
+
+        if ($strict) {
+            // Strict tests.
+            if (ip2long($domain) === false && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) {
+                // Check domain exists: It's a domain if ip2long fails; checkdnsrr ensures a MX record exists; gethostbyname() ensures the domain exists.
+                $this->addError($form_name, sprintf(_("The email address <em>%s</em> does not have a valid domain name."), oTxt(getFormData($form_name))), MSG_ERR, __FILE__, __LINE__);
+                $app->logMsg(sprintf('%s (line %s) failed: %s', __METHOD__, __LINE__, getDump($val)));
+                return false;
+            }
+        }
+
         return true;
     }
@@ -432 +434 @@
     {
         $phone = getFormData($form_name);
-        
+
         $this->checkRegex($form_name, '/^[0-9 +().-]*$/', true, sprintf(_("The phone number <strong>%s</strong> is not valid."), $phone));
         $this->stringLength($form_name, 0, 25, sprintf(_("The phone number <strong>%s</strong> is too long"), $phone));
@@ -455 +457 @@
         }
     }
-    
-    
+
+
     /**
      * Verifies credit card number.
@@ -471 +473 @@
             $cc_num = getFormData($form_name);
         }
-        
+
         if ('' == $cc_num) {
             return false;
         }
-        
+
         // Innocent until proven guilty
         $card_is_valid = true;
-    
+
         // Get rid of any non-digits
         $cc_num = preg_replace('/[^\d]/', '', $cc_num);
-    
+
         // Perform card-specific checks, if applicable
         switch (strtolower($cc_type)) {
@@ -514 +516 @@
                 break;
         }
-    
+
         // The Luhn formula works right to left, so reverse the number.
         $cc_num = strrev($cc_num);
-        
+
         $luhn_total = 0;
 
@@ -529 +531 @@
                 $digit *= 2;
             }
-    
+
             //  If the result is two digits, add them.
             if (strlen($digit) == 2) {
                 $digit = substr($digit,0,1) + substr($digit,1,1);
             }
-    
+
             //  Add the current digit to the $luhn_total.
             $luhn_total += $digit;
         }
-    
+
         // If it passed (or bypassed) the card-specific check and the Total is evenly divisible by 10, it's cool!
         if ($card_is_valid && $luhn_total % 10 == 0) {
@@ -565 +567 @@
         }
     }
-    
+
 } // THE END