<?php/*UserSpice 4An Open Source PHP User Management Systemby the UserSp

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program. If not, see <http://www.gnu.org/licenses/>.
19. */
20. class Validate
21. {
22. public
23. $_errors = [],
24. $_db = null;
25.  
26.  
27. public function __construct() {
28. $this->_db = DB::getInstance();
29. }
30.  
31. public function check($source, $items=[], $sanitize=true) {
32.  
33. $this->_errors = [];
34.  
35. foreach ($items as $item => $rules) {
36. $item = sanitize($item);
37. $display = $rules['display'];
38. foreach ($rules as $rule => $rule_value) {
39. $value = $source[$item];
40.  
41. if ($sanitize)
42. $value = sanitize(trim($value));
43.  
44. $length = is_array($value) ? count($value) : strlen($value);
45. $verb = is_array($value) ? "are" : "is";
46.  
47. if ($rule==='required' && $length==0) {
48. $str = lang("GEN_REQ");
49. if ($rule_value)
50. $this->addError(["{$display} $str",$item]);
51. }
52. else
53. if ($length != 0) {
54. switch ($rule) {
55. case 'min':
56. if (is_array($rule_value))
57. $rule_value = max($rule_value);
58. $str = lang("GEN_MIN");
59. $str1 = lang("GEN_CHAR");
60. $str2 = lang("GEN_REQ");
61. if ($length < $rule_value)
62. $this->addError(["{$display} $str {$rule_value} $str1 $str2",$item]);
63. break;
64.  
65. case 'max':
66. if (is_array($rule_value))
67. $rule_value = min($rule_value);
68. $str = lang("GEN_MAX");
69. $str1 = lang("GEN_CHAR");
70. $str2 = lang("GEN_REQ");
71. if ($length > $rule_value)
72. $this->addError(["{$display} $str {$rule_value} $str1 $str2",$item]);
73. break;
74.  
75. case 'matches':
76. if (!is_array($rule_value))
77. $array = [$rule_value];
78. $str = lang("GEN_AND");
79. $str1 = lang("VAL_SAME");
80. foreach ($array as $rule_value)
81. if ($value != sanitize(trim($source[$rule_value])))
82. $this->addError(["{$items[$rule_value]['display']} $str {$display} $str1",$item]);
83. break;
84.  
85. case 'unique':
86. $table = is_array($rule_value) ? $rule_value[0] : $rule_value;
87. $fields = is_array($rule_value) ? $rule_value[1] : [$item, '=', $value];
88.  
89. if ($this->_db->get($table, $fields)) {
90. $str = lang("VAL_EXISTS");
91. $str1 = lang("VAL_DB");
92. if ($this->_db->count())
93. $this->addError(["{$display} $str2 {$display}",$item]);
94. } else
95. $this->addError([$str1,$item]);
96. break;
97.  
98. case 'unique_update':
99. $t = explode(',', $rule_value);
100. $table = $t[0];
101. $id = $t[1];
102. $query = "SELECT * FROM {$table} WHERE id != {$id} AND {$item} = '{$value}'";
103. $check = $this->_db->query($query);
104. $str = lang("VAL_EXISTS");
105. if ($check->count())
106. $this->addError(["{$display} $str {$display}",$item]);
107. break;
108.  
109. case 'is_numeric': case 'is_num':
110. $str = lang("VAL_NUM");
111. if ($rule_value && !is_numeric($value))
112. $this->addError(["{$display} $str",$item]);
113. break;
114.  
115. case 'valid_email':
116. $str = lang("VAL_EMAIL");
117. if(!filter_var($value,FILTER_VALIDATE_EMAIL))
118. $this->addError(["{$display} $str",$item]);
119. break;
120.  
121. case 'is_not_email':
122. $str = lang("VAL_NO_EMAIL");
123. if(filter_var($value,FILTER_VALIDATE_EMAIL))
124. $this->addError(["{$display} $str",$item]);
125. break;
126.  
127. case 'valid_email_beta':
128. $str = lang("VAL_EMAIL");
129. if(!filter_var($value,FILTER_VALIDATE_EMAIL))
130. $this->addError(["{$display} $str",$item]);
131.  
132. $email_parts = explode('@', $value);
133. $str = lang("VAL_SERVER");
134. if ((!filter_var(gethostbyname($email_parts[1]), FILTER_VALIDATE_IP) && !filter_var(gethostbyname('www.' . $email_parts[1]), FILTER_VALIDATE_IP)) && !getmxrr($email_parts[1], $mxhosts)){
135. $this->addError(["{$display} $str",$item]);
136. }
137. break;
138.  
139. case '<' :
140. case '>' :
141. case '<=' :
142. case '>=' :
143. case '!=' :
144. case '==' :
145. $array = is_array($rule_value) ? $rule_value : [$rule_value];
146.  
147. foreach ($array as $rule_value)
148. if (is_numeric($value)) {
149. $rule_value_display = $rule_value;
150.  
151. if (!is_numeric($rule_value) && isset($source[$rule_value])) {
152. $rule_value_display = $items[$rule_value]["display"];
153. $rule_value = $source[$rule_value];
154. }
155.  
156. if ($rule=="<" && $value>=$rule_value){
157. $str = lang("VAL_LESS");
158. $this->addError(["{$display} $str {$rule_value_display}",$item]);
159. }
160.  
161. if ($rule==">" && $value<=$rule_value){
162. $str = lang("VAL_LESS");
163. $this->addError(["{$display} $str {$rule_value_display}",$item]);
164. }
165.  
166. if ($rule=="<=" && $value>$rule_value){
167. $str = lang("VAL_LESS_EQ");
168. $this->addError(["{$display} $str {$rule_value_display}",$item]);
169. }
170.  
171. if ($rule==">=" && $value<$rule_value){
172. $str = lang("VAL_GREAT_EQ");
173. $this->addError(["{$display} $str {$rule_value_display}",$item]);
174. }
175.  
176. if ($rule=="!=" && $value==$rule_value) {
177. $str = lang("VAL_NOT_EQ");
178. $this->addError(["{$display} $str {$rule_value_display}",$item]);
179. }
180.  
181. if ($rule=="==" && $value!=$rule_value){
182. $str = lang("VAL_EQ");
183. $this->addError(["{$display} $str {$rule_value_display}",$item]);
184. }
185.  
186. }
187. else
188. $str = lang("VAL_NUM");
189. $this->addError(["{$display} $str",$item]);
190. break;
191.  
192. case 'is_integer': case 'is_int':
193. if ($rule_value && filter_var($value, FILTER_VALIDATE_INT)===false){
194. $str = lang("VAL_INT");
195. $this->addError(["{$display} $str",$item]);
196. }
197. break;
198.  
199. case 'is_timezone':
200. if ($rule_value)
201. if (array_search($value, DateTimeZone::listIdentifiers(DateTimeZone::ALL)) === FALSE){
202. $str = lang("VAL_TZ");
203. $this->addError(["{$display} $str",$item]);
204. }
205. break;
206.  
207.  
208.  
209. case 'in':
210. $verb = lang("VAL_MUST");
211. $list_of_names = []; // if doesn't match then display these in an error message
212. $list_of_values = []; // to compare it against
213.  
214. if (!is_array($rule_value))
215. $rule_value = [$rule_value];
216.  
217. foreach($rule_value as $val)
218. if (!is_array($val)) {
219. $list_of_names[] = $val;
220. $list_of_values[] = strtolower($val);
221. } else
222. if (count($val) > 0) {
223. $list_of_names[] = $val[0];
224. $list_of_values[] = strtolower((count($val)>1 ? $val[1] : $val[0]));
225. }
226.  
227. if (!is_array($value)) {
228. $verb = lang("VAL_MUST_LIST");
229. $value = [$value];
230. }
231.  
232. foreach ($value as $val) {
233. if (array_search(strtolower($val), $list_of_values) === FALSE) {
234. $this->addError(["{$display} {$verb}: ".implode(', ',$list_of_names),$item]);
235. break;
236. }
237. }
238. break;
239.  
240. case 'is_datetime':
241. if ($rule_value !== false) {
242. $object = DateTime::createFromFormat((empty($rule_value) || is_bool($rule_value) ? "Y-m-d H:i:s" : $rule_value), $value);
243.  
244. if (!$object || DateTime::getLastErrors()["warning_count"]>0 || DateTime::getLastErrors()["error_count"]>0){
245. $str = lang("VAL_TIME");
246. $this->addError(["{$display} $str",$item]);
247. }
248. }
249. break;
250.  
251. case 'is_in_array':
252. if(!is_array($rule_value)){ //If we're not checking $value against an array, that's a developer fail.
253. $str = lang("2FA_FATAL");
254. $this->addError(["{$display} $str",$item]);
255. } else {
256. $to_be_checked = $value; //The value to checked
257. $array_to_check_in = $rule_value; //The array to check $value against
258. if(!in_array($to_be_checked, $array_to_check_in)){
259. $str = lang("VAL_SEL");
260. $this->addError(["{$display} $str",$item]);
261. }
262. }
263. break;
264.  
265. case 'is_valid_north_american_phone':
266. $numeric_only_phone = preg_replace("/[^0-9]/", "", $value); //Strip out all non-numeric characters
267. $str = lang("VAL_NA_PHONE");
268. if($numeric_only_phone[0] == 0 || $numeric_only_phone[0] == 1){ //It the number starts with a 0 or 1, it's not a valid North American phone number.
269. $this->addError(["{$display} $str",$item]);
270. }
271. if(strlen($numeric_only_phone) != 10){ //Valid North American phone numbers are 10 digits long
272. $this->addError(["{$display} $str",$item]);
273. }
274. break;
275. }
276. }
277. }
278.  
279. }
280.  
281. return $this;
282. }
283.  
284. public function addError($error) {
285. if (array_search($error, $this->_errors) === FALSE)
286. $this->_errors[] = $error;
287. }
288.  
289. public function display_errors() {
290. $html = "<UL CLASS='bg-danger'>";
291.  
292. foreach($this->_errors as $error) {
293. if (is_array($error))
294. $html .= "<LI CLASS='text-danger'>{$error[0]}</LI>
295. <SCRIPT>jQuery('document').ready(function(){jQuery('#{$error[1]}').parent().closest('div').addClass('has-error');});</SCRIPT>";
296. else
297. $html .= "<LI CLASS='text-danger'>{$error}</LI>";
298. }
299.  
300. $html .= "</UL>";
301. return $html;
302. }
303.  
304. public function errors(){
305. return $this->_errors;
306. }
307.  
308. public function passed(){
309. return empty($this->_errors);
310. }
311. }