Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Array ( [lastname] => Skrzypczyk [firstname] => Yves [phone] => 0668024111 [email] => y.skrzypczyk@gmail.com [country] => fr [pwd] => Test1234 [pwdConfirm] => Test1234 [birthday] => 2020-12-31 [cgu] => on )
- //Première vérification : éviter la faille XSS
- //Il doit y avoir 9 valeurs dans $_POST et non vides
- if( count($_POST) == 9
- && !empty($_POST["lastname"])
- && !empty($_POST["firstname"])
- && !empty($_POST["phone"])
- && !empty($_POST["email"])
- && !empty($_POST["country"])
- && !empty($_POST["pwd"])
- && !empty($_POST["pwdConfirm"])
- && !empty($_POST["birthday"])
- && !empty($_POST["cgu"]) ) {
- //Nettoyage
- $_POST["lastname"] = strtoupper(trim($_POST["lastname"]));
- $_POST["firstname"] = ucwords(strtolower(trim($_POST["firstname"])));
- $_POST["phone"] = trim($_POST["phone"]);
- $_POST["email"] = strtolower(trim($_POST["email"]));
- $_POST["birthday"] = trim($_POST["birthday"]);
- $error = false;
- //Lastname entre 2 et 100 caractères
- if( strlen($_POST["lastname"])<2 || strlen($_POST["lastname"])>100 ){
- $error = true;
- }
- //firstname entre 2 et 50 caractères
- if( strlen($_POST["firstname"])<2 || strlen($_POST["firstname"])>50 ){
- $error = true;
- }
- //Vérifier le format du phone -> regex
- if( !preg_match("#^0[1-9]([-. ]?[0-9]{2}){4}$#", $_POST["phone"]) ){
- $error = true;
- }
- //Vérifier le format de l'email -> pas de regex
- if( !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) ){
- $error = true;
- }
- //Vérifier le pays parmis un tableau de pays :
- $countryAuthorized = ["fr", "en", "pl", "dz", "tg", "it"];
- if( !in_array($_POST["country"], $countryAuthorized) ){
- $error = true;
- }
- //Vérifier le pwd , entre 6 et 30 caractères avec min et maj (plusieurs regex)
- if(
- !preg_match("#[a-z]#", $_POST["pwd"]) ||
- !preg_match("#[A-Z]#", $_POST["pwd"]) ||
- !preg_match("#[0-9]#", $_POST["pwd"]) ||
- strlen( $_POST["pwd"]) < 6 ||
- strlen( $_POST["pwd"]) > 30
- ){
- $error = true;
- }
- //Vérifier le pwdConfirm
- if($_POST["pwd"] != $_POST["pwdConfirm"]){
- $error = true;
- }
- //Ne pas vérifier le birthday pour le moment 18 et 100
- //2020-12-31
- //31/12/2020
- if(
- !preg_match("#^[0-9]{2}/[0-9]{2}/[0-9]{4}$#", $_POST["birthday"]) &&
- !preg_match("#^[0-9]{4}-[0-9]{2}-[0-9]{2}$#", $_POST["birthday"])
- ){
- //Format incorrect
- $error = true;
- }else{
- $birthdayExploded = explode("/", $_POST["birthday"]);
- if( count($birthdayExploded) == 3) {
- $_POST["birthday"] = $birthdayExploded[2]."-".$birthdayExploded[1]."-".$birthdayExploded[0];
- }
- $birthdayExploded = explode("-", $_POST["birthday"]);
- if(!checkdate($birthdayExploded[1], $birthdayExploded[2], $birthdayExploded[0])){
- $error = true;
- }else{
- $birthdaySec = strtotime($_POST["birthday"]);
- $timeToDay = time();
- $ageSec = $timeToDay-$birthdaySec;
- $age = $ageSec / 3600 / 24 / 365.25;
- if($age < 18 || $age > 100){
- $error = true;
- }
- }
- }
- //Vérifier le CGU coché -> pas besoin
- if($error){
- echo "Erreur à l'inscription";
- }else{
- echo "OK";
- }
- } else {
- echo "<pre>";
- print_r($_SERVER);
- die("Tentative de hack !!!");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement