<?php//Array ( [lastname] => Skrzypczyk [firstname] => Yves [phone] => 06680

1. <?php
2.  
3. //Array ( [lastname] => Skrzypczyk [firstname] => Yves [phone] => 0668024111 [email] => y.skrzypczyk@gmail.com [country] => fr [pwd] => Test1234 [pwdConfirm] => Test1234 [birthday] => 2020-12-31 [cgu] => on )
4.  
5. //Première vérification : éviter la faille XSS
6. //Il doit y avoir 9 valeurs dans $_POST et non vides
7.  
8. if( count($_POST) == 9
9. && !empty($_POST["lastname"])
10. && !empty($_POST["firstname"])
11. && !empty($_POST["phone"])
12. && !empty($_POST["email"])
13. && !empty($_POST["country"])
14. && !empty($_POST["pwd"])
15. && !empty($_POST["pwdConfirm"])
16. && !empty($_POST["birthday"])
17. && !empty($_POST["cgu"]) ) {
18.  
19. //Nettoyage
20. $_POST["lastname"] = strtoupper(trim($_POST["lastname"]));
21. $_POST["firstname"] = ucwords(strtolower(trim($_POST["firstname"])));
22. $_POST["phone"] = trim($_POST["phone"]);
23. $_POST["email"] = strtolower(trim($_POST["email"]));
24. $_POST["birthday"] = trim($_POST["birthday"]);
25.  
26.  
27. $error = false;
28. //Lastname entre 2 et 100 caractères
29. if( strlen($_POST["lastname"])<2 || strlen($_POST["lastname"])>100 ){
30. $error = true;
31. }
32. //firstname entre 2 et 50 caractères
33. if( strlen($_POST["firstname"])<2 || strlen($_POST["firstname"])>50 ){
34. $error = true;
35. }
36.  
37. //Vérifier le format du phone -> regex
38. if( !preg_match("#^0[1-9]([-. ]?[0-9]{2}){4}$#", $_POST["phone"]) ){
39. $error = true;
40. }
41.  
42.  
43. //Vérifier le format de l'email -> pas de regex
44. if( !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) ){
45. $error = true;
46. }
47.  
48.  
49. //Vérifier le pays parmis un tableau de pays :
50. $countryAuthorized = ["fr", "en", "pl", "dz", "tg", "it"];
51.  
52. if( !in_array($_POST["country"], $countryAuthorized) ){
53. $error = true;
54. }
55.  
56. //Vérifier le pwd , entre 6 et 30 caractères avec min et maj (plusieurs regex)
57. if(
58. !preg_match("#[a-z]#", $_POST["pwd"]) ||
59. !preg_match("#[A-Z]#", $_POST["pwd"]) ||
60. !preg_match("#[0-9]#", $_POST["pwd"]) ||
61. strlen( $_POST["pwd"]) < 6 ||
62. strlen( $_POST["pwd"]) > 30
63. ){
64. $error = true;
65. }
66.  
67. //Vérifier le pwdConfirm
68. if($_POST["pwd"] != $_POST["pwdConfirm"]){
69. $error = true;
70. }
71.  
72. //Ne pas vérifier le birthday pour le moment 18 et 100
73. //2020-12-31
74. //31/12/2020
75. if(
76. !preg_match("#^[0-9]{2}/[0-9]{2}/[0-9]{4}$#", $_POST["birthday"]) &&
77. !preg_match("#^[0-9]{4}-[0-9]{2}-[0-9]{2}$#", $_POST["birthday"])
78. ){
79. //Format incorrect
80. $error = true;
81. }else{
82.  
83. $birthdayExploded = explode("/", $_POST["birthday"]);
84. if( count($birthdayExploded) == 3) {
85. $_POST["birthday"] = $birthdayExploded[2]."-".$birthdayExploded[1]."-".$birthdayExploded[0];
86. }
87.  
88.  
89. $birthdayExploded = explode("-", $_POST["birthday"]);
90.  
91. if(!checkdate($birthdayExploded[1], $birthdayExploded[2], $birthdayExploded[0])){
92. $error = true;
93. }else{
94.  
95. $birthdaySec = strtotime($_POST["birthday"]);
96. $timeToDay = time();
97.  
98. $ageSec = $timeToDay-$birthdaySec;
99. $age = $ageSec / 3600 / 24 / 365.25;
100.  
101.  
102. if($age < 18 || $age > 100){
103. $error = true;
104. }
105. }
106. }
107.  
108. //Vérifier le CGU coché -> pas besoin
109.  
110. if($error){
111. echo "Erreur à l'inscription";
112. }else{
113. echo "OK";
114. }
115.  
116.  
117.  
118. } else {
119.  
120. echo "<pre>";
121. print_r($_SERVER);
122.  
123. die("Tentative de hack !!!");
124.  
125. }