validate_input() function
This commit is contained in:
Shish
parent
06d8c7a879
commit
90539a32bc
@ -22,3 +22,8 @@ class PermissionDeniedException extends SCoreException {}
|
|||||||
* Example: Image::by_id(-1) returns null
|
* Example: Image::by_id(-1) returns null
|
||||||
*/
|
*/
|
||||||
class ImageDoesNotExist extends SCoreException {}
|
class ImageDoesNotExist extends SCoreException {}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* For validate_input()
|
||||||
|
*/
|
||||||
|
class InvalidInput extends SCoreException {}
|
||||||
|
|||||||
@ -263,6 +263,64 @@ function isValidDate($date) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function validate_input($inputs) {
|
||||||
|
$outputs = array();
|
||||||
|
|
||||||
|
foreach($inputs as $key => $validations) {
|
||||||
|
$flags = explode(',', $validations);
|
||||||
|
if(in_array('optional', $flags)) {
|
||||||
|
if(!isset($_POST[$key])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!isset($_POST[$key])) {
|
||||||
|
throw new InvalidInput("Input '$key' not set");
|
||||||
|
}
|
||||||
|
|
||||||
|
$value = $_POST[$key];
|
||||||
|
|
||||||
|
if(in_array('user_id', $flags)) {
|
||||||
|
$id = int_escape($value);
|
||||||
|
if(in_array('exists', $flags)) {
|
||||||
|
if(is_null(User::by_id($id))) {
|
||||||
|
throw new InvalidInput("User #$id does not exist");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$outputs[$key] = $id;
|
||||||
|
}
|
||||||
|
else if(in_array('user_name', $flags)) {
|
||||||
|
if(strlen($value) < 1) {
|
||||||
|
throw new InvalidInput("Username must be at least 1 character");
|
||||||
|
}
|
||||||
|
else if(!preg_match('/^[a-zA-Z0-9-_]+$/', $value)) {
|
||||||
|
throw new InvalidInput(
|
||||||
|
"Username contains invalid characters. Allowed characters are ".
|
||||||
|
"letters, numbers, dash, and underscore");
|
||||||
|
}
|
||||||
|
$outputs[$key] = $value;
|
||||||
|
}
|
||||||
|
else if(in_array('user_class', $flags)) {
|
||||||
|
global $_user_classes;
|
||||||
|
if(!array_key_exists($value, $_user_classes)) {
|
||||||
|
throw new InvalidInput("Invalid user class: ".html_escape($class));
|
||||||
|
}
|
||||||
|
$outputs[$key] = $value;
|
||||||
|
}
|
||||||
|
else if(in_array('email', $flags)) {
|
||||||
|
$outputs[$key] = $value;
|
||||||
|
}
|
||||||
|
else if(in_array('password', $flags)) {
|
||||||
|
$outputs[$key] = $value;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
throw new InvalidInput("Unknown validation '$validations'");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $outputs;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Give a HTML string which shows an IP (if the user is allowed to see IPs),
|
* Give a HTML string which shows an IP (if the user is allowed to see IPs),
|
||||||
* and a link to ban that IP (if the user is allowed to ban IPs)
|
* and a link to ban that IP (if the user is allowed to ban IPs)
|
||||||
|
|||||||
@ -190,49 +190,37 @@ class UserPage extends Extension {
|
|||||||
}
|
}
|
||||||
|
|
||||||
else if($event->get_arg(0) == "change_name") {
|
else if($event->get_arg(0) == "change_name") {
|
||||||
if(isset($_POST['id']) && isset($_POST['name'])) {
|
$input = validate_input(array(
|
||||||
$duser = User::by_id($_POST['id']);
|
'id' => 'user_id,exists',
|
||||||
if ( ! $duser instanceof User) {
|
'name' => 'user_name',
|
||||||
throw new NullUserException("Error: the user id does not exist!");
|
));
|
||||||
}
|
$duser = User::by_id($input['id']);
|
||||||
$name = $_POST['name'];
|
$this->change_name_wrapper($duser, $input['name']);
|
||||||
$this->change_name_wrapper($duser, $name);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if($event->get_arg(0) == "change_pass") {
|
else if($event->get_arg(0) == "change_pass") {
|
||||||
if(isset($_POST['id']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
|
$input = validate_input(array(
|
||||||
$duser = User::by_id($_POST['id']);
|
'id' => 'user_id,exists',
|
||||||
if ( ! $duser instanceof User) {
|
'pass1' => 'password',
|
||||||
throw new NullUserException("Error: the user id does not exist!");
|
'pass2' => 'password',
|
||||||
}
|
));
|
||||||
$pass1 = $_POST['pass1'];
|
$duser = User::by_id($input['id']);
|
||||||
$pass2 = $_POST['pass2'];
|
$this->change_password_wrapper($duser, $input['pass1'], $input['pass2']);
|
||||||
$this->change_password_wrapper($duser, $pass1, $pass2);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if($event->get_arg(0) == "change_email") {
|
else if($event->get_arg(0) == "change_email") {
|
||||||
if(isset($_POST['id']) && isset($_POST['address'])) {
|
$input = validate_input(array(
|
||||||
$duser = User::by_id($_POST['id']);
|
'id' => 'user_id,exists',
|
||||||
if ( ! $duser instanceof User) {
|
'address' => 'email',
|
||||||
throw new NullUserException("Error: the user id does not exist!");
|
));
|
||||||
}
|
$duser = User::by_id($input['id']);
|
||||||
$address = $_POST['address'];
|
$this->change_email_wrapper($duser, $input['address']);
|
||||||
$this->change_email_wrapper($duser, $address);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if($event->get_arg(0) == "change_class") {
|
else if($event->get_arg(0) == "change_class") {
|
||||||
global $_user_classes;
|
$input = validate_input(array(
|
||||||
if(isset($_POST['id']) && isset($_POST['class'])) {
|
'id' => 'user_id,exists',
|
||||||
$duser = User::by_id($_POST['id']);
|
'class' => 'user_class',
|
||||||
if ( ! $duser instanceof User) {
|
));
|
||||||
throw new NullUserException("Error: the user id does not exist!");
|
$duser = User::by_id($input['id']);
|
||||||
}
|
$this->change_class_wrapper($duser, $input['class']);
|
||||||
$class = $_POST['class'];
|
|
||||||
if(!array_key_exists($class, $_user_classes)) {
|
|
||||||
throw Exception("Invalid user class: ".html_escape($class));
|
|
||||||
}
|
|
||||||
$this->change_class_wrapper($duser, $class);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if($event->get_arg(0) == "delete_user") {
|
else if($event->get_arg(0) == "delete_user") {
|
||||||
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
|
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
|
||||||
@ -459,7 +447,7 @@ class UserPage extends Extension {
|
|||||||
"Username contains invalid characters. Allowed characters are ".
|
"Username contains invalid characters. Allowed characters are ".
|
||||||
"letters, numbers, dash, and underscore");
|
"letters, numbers, dash, and underscore");
|
||||||
}
|
}
|
||||||
else if($database->get_row($database->scoreql_to_sql("SELECT * FROM users WHERE SCORE_STRNORM(name) = SCORE_STRNORM(:name)"), array("name"=>$name))) {
|
else if(User::by_name($name)) {
|
||||||
throw new UserCreationException("That username is already taken");
|
throw new UserCreationException("That username is already taken");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -601,12 +589,7 @@ class UserPage extends Extension {
|
|||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
if($user->class->name == "admin") {
|
if($user->class->name == "admin") {
|
||||||
$duser = User::by_id($_POST['id']);
|
|
||||||
if ( ! $duser instanceof User) {
|
|
||||||
throw new NullUserException("Error: the user id does not exist!");
|
|
||||||
}
|
|
||||||
$duser->set_class($class);
|
$duser->set_class($class);
|
||||||
|
|
||||||
flash_message("Class changed");
|
flash_message("Class changed");
|
||||||
$this->redirect_to_user($duser);
|
$this->redirect_to_user($duser);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user